diff --git a/flake.lock b/flake.lock index 7c85334..8b9a8b6 100644 --- a/flake.lock +++ b/flake.lock @@ -65,11 +65,11 @@ ] }, "locked": { - "lastModified": 1774858933, - "narHash": "sha256-rgHUoE4QhOvK3Rcl9cbuIVdjPjFjfhcTm/uPs8Y7+2w=", + "lastModified": 1775815947, + "narHash": "sha256-zKmhefgqP+mlTwfSIJaI1Dw8IePnc17WwzrzRQ6JQ6Q=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "45338aab3013924c75305f5cb3543b9cda993183", + "rev": "a5f5623a443d37deede6bce12c31ba03caecadcd", "type": "github" }, "original": { @@ -80,11 +80,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1774933469, - "narHash": "sha256-OrnCQeUO2bqaWUl0lkDWyGWjKsOhtCyd7JSfTedQNUE=", + "lastModified": 1775490113, + "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f4c4c2c0c923d7811ac2a63ccc154767e4195337", + "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7", "type": "github" }, "original": { @@ -95,11 +95,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1774709303, - "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", + "lastModified": 1775710090, + "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", + "rev": "4c1018dae018162ec878d42fec712642d214fdfa", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1775013181, - "narHash": "sha256-zPrt6oNM1r/RO5bWYaZ3hthfG9vzkr6kQdoqDd5x4Qw=", + "lastModified": 1775790837, + "narHash": "sha256-RAHjn8sjgfF3D17BaV8iv69o3P+L9aCuE36PFwzoqHU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e8046c1d9ccadd497c2344d8fa49dab62f22f7be", + "rev": "c913e0b9525311f103b7e1463ebb0f28c6865d8d", "type": "github" }, "original": { diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix index fc1e848..97fd636 100644 --- a/heimserver/configuration.nix +++ b/heimserver/configuration.nix @@ -87,6 +87,7 @@ 8087 # paperless frontend 8090 # mail 8091 # mail jmap + 8092 # vaultwarden 8080 # homepage ]; firewall.allowedUDPPorts = [ @@ -905,6 +906,34 @@ enable = true; capacity = 50; }; + + services.vaultwarden = { + enable = true; + backupDir = "/backup/vaultwarden"; + # in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file + # be aware that this file must be created by hand (or via secrets management like sops) + environmentFile = "/root/vaultwarden.env"; + config = { + # Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template + DOMAIN = "https://bitwarden.kempinger.at"; + SIGNUPS_ALLOWED = false; + + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8092; + ROCKET_LOG = "critical"; + + # This example assumes a mailserver running on localhost, + # thus without transport encryption. + # If you use an external mail server, follow: + # https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration + SMTP_HOST = "127.0.0.1"; + SMTP_PORT = 25; + SMTP_SSL = false; + + SMTP_FROM = "admin@bitwarden.kempinger.at"; + SMTP_FROM_NAME = "kempinger.at Bitwarden server"; + }; + }; nixpkgs.config.allowUnfree = true; diff --git a/kemptop/configuration.nix b/kemptop/configuration.nix index a2bba22..d1035da 100644 --- a/kemptop/configuration.nix +++ b/kemptop/configuration.nix @@ -100,6 +100,7 @@ "wireshark" "networkmanager" "libvirtd" + "ydotool" ]; }; @@ -237,6 +238,7 @@ #security.pam.services.swaylock = {}; #programs.waybar.enable = true; # top bar + programs.ydotool.enable= true; programs.firefox.enable = true; programs.wireshark.enable = true; programs.wireshark.package = pkgs.wireshark;