Enable Vaultwarden on the server, ydotool on the laptop, update

flake.lock
2026-04-10 12:40:05 +02:00 · 2026-04-10 12:40:05 +02:00 · c0077acfa9
commit c0077acfa9
parent 249a3a1f3f
3 changed files with 43 additions and 12 deletions
--- a/heimserver/configuration.nix
+++ b/heimserver/configuration.nix
@ -87,6 +87,7 @@
      8087 # paperless frontend
      8090 # mail
      8091 # mail jmap
+      8092 # vaultwarden
      8080 # homepage
    ];
    firewall.allowedUDPPorts = [
@ -905,6 +906,34 @@
    enable = true;
    capacity = 50;
  };
+  
+  services.vaultwarden = {
+      enable = true;
+      backupDir = "/backup/vaultwarden";
+      # in order to avoid having  ADMIN_TOKEN in the nix store it can be also set with the help of an environment file
+      # be aware that this file must be created by hand (or via secrets management like sops)
+      environmentFile = "/root/vaultwarden.env";
+      config = {
+          # Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
+          DOMAIN = "https://bitwarden.kempinger.at";
+          SIGNUPS_ALLOWED = false;
+  
+          ROCKET_ADDRESS = "127.0.0.1";
+          ROCKET_PORT = 8092;
+          ROCKET_LOG = "critical";
+  
+          # This example assumes a mailserver running on localhost,
+          # thus without transport encryption.
+          # If you use an external mail server, follow:
+          #   https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
+          SMTP_HOST = "127.0.0.1";
+          SMTP_PORT = 25;
+          SMTP_SSL = false;
+  
+          SMTP_FROM = "admin@bitwarden.kempinger.at";
+          SMTP_FROM_NAME = "kempinger.at Bitwarden server";
+      };
+  };

  nixpkgs.config.allowUnfree = true;