+vautwarden, +slash@nemoti

2025-05-07 23:46:40 +02:00 · 2025-05-07 23:46:40 +02:00 · 7fec29f602
commit 7fec29f602
parent a3a85c3596
6 changed files with 61 additions and 0 deletions
--- a/hosts/m3-atlas/secrets.nix
+++ b/hosts/m3-atlas/secrets.nix
@ -29,6 +29,9 @@
        file = ../../secrets/traefik.age;
        owner = "traefik";
      };
+      vaultwarden-env = {
+        file = ../../secrets/vaultwarden-env.age;
+      };
      m3tam3re-secrets = {
        file = ../../secrets/m3tam3re-secrets.age;
        owner = "m3tam3re";
--- a/hosts/m3-atlas/services/containers/slash-nemoti.nix
+++ b/hosts/m3-atlas/services/containers/slash-nemoti.nix
@ -0,0 +1,27 @@
+{
+  virtualisation.oci-containers.containers."slash" = {
+    image = "docker.io/yourselfhosted/slash:latest";
+    ports = ["127.0.0.1:3016:5231"];
+    volumes = [
+      "slash_data:/var/opt/slash"
+    ];
+    extraOptions = ["--ip=10.89.0.16" "--network=web"];
+  };
+  # Traefik configuration specific to littlelink
+  services.traefik.dynamicConfigOptions.http = {
+    services.slash.loadBalancer.servers = [
+      {
+        url = "http://localhost:3016/";
+      }
+    ];
+
+    routers.slash = {
+      rule = "Host(`l.nemoti.art`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "slash";
+      entrypoints = "websecure";
+    };
+  };
+}
--- a/hosts/m3-atlas/services/default.nix
+++ b/hosts/m3-atlas/services/default.nix
@ -10,6 +10,7 @@
    ./searx.nix
    ./tailscale.nix
    ./traefik.nix
+    ./vaultwarden.nix
    ./wastebin.nix
  ];
 }
--- a/hosts/m3-atlas/services/vaultwarden.nix
+++ b/hosts/m3-atlas/services/vaultwarden.nix
@ -0,0 +1,29 @@
+{config, ...}: {
+  services.vaultwarden = {
+    enable = true;
+    backupDir = "/var/backup/vaultwarden";
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 3013;
+    };
+    environmentFile = "${config.age.secrets.vaultwarden-env.path}";
+  };
+
+  # Traefik configuration for headscale
+  services.traefik.dynamicConfigOptions.http = {
+    services.vaultwarden.loadBalancer.servers = [
+      {
+        url = "http://localhost:3009/";
+      }
+    ];
+
+    routers.vaultwarden = {
+      rule = "Host(`vw.m3ta.dev`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "vaultwarden";
+      entrypoints = "websecure";
+    };
+  };
+}
--- a/secrets.nix
+++ b/secrets.nix
@ -28,6 +28,7 @@ in {
  "secrets/searx.age".publicKeys = systems ++ users;
  "secrets/tailscale-key.age".publicKeys = systems ++ users;
  "secrets/traefik.age".publicKeys = systems ++ users;
+  "secrets/vaultwarden-env.age".publicKeys = systems ++ users;
  "secrets/wg-DE.age".publicKeys = systems ++ users;
  "secrets/wg-NL.age".publicKeys = systems ++ users;
  "secrets/wg-NO.age".publicKeys = systems ++ users;
--- a/secrets/vaultwarden-env.age
+++ b/secrets/vaultwarden-env.age