Enable Vaultwarden on the server, ydotool on the laptop, update

flake.lock

flake.lock

@@ -65,11 +65,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774858933,
-        "narHash": "sha256-rgHUoE4QhOvK3Rcl9cbuIVdjPjFjfhcTm/uPs8Y7+2w=",
+        "lastModified": 1775815947,
+        "narHash": "sha256-zKmhefgqP+mlTwfSIJaI1Dw8IePnc17WwzrzRQ6JQ6Q=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "45338aab3013924c75305f5cb3543b9cda993183",
+        "rev": "a5f5623a443d37deede6bce12c31ba03caecadcd",
         "type": "github"
       },
       "original": {
@@ -80,11 +80,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1774933469,
-        "narHash": "sha256-OrnCQeUO2bqaWUl0lkDWyGWjKsOhtCyd7JSfTedQNUE=",
+        "lastModified": 1775490113,
+        "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "f4c4c2c0c923d7811ac2a63ccc154767e4195337",
+        "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7",
         "type": "github"
       },
       "original": {
@@ -95,11 +95,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1774709303,
-        "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=",
+        "lastModified": 1775710090,
+        "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685",
+        "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
         "type": "github"
       },
       "original": {
@@ -147,11 +147,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775013181,
-        "narHash": "sha256-zPrt6oNM1r/RO5bWYaZ3hthfG9vzkr6kQdoqDd5x4Qw=",
+        "lastModified": 1775790837,
+        "narHash": "sha256-RAHjn8sjgfF3D17BaV8iv69o3P+L9aCuE36PFwzoqHU=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "e8046c1d9ccadd497c2344d8fa49dab62f22f7be",
+        "rev": "c913e0b9525311f103b7e1463ebb0f28c6865d8d",
         "type": "github"
       },
       "original": {

heimserver/configuration.nix

@@ -87,6 +87,7 @@
       8087 # paperless frontend
       8090 # mail
       8091 # mail jmap
+      8092 # vaultwarden
       8080 # homepage
     ];
     firewall.allowedUDPPorts = [
@@ -906,6 +907,34 @@
     capacity = 50;
   };
   
+  services.vaultwarden = {
+      enable = true;
+      backupDir = "/backup/vaultwarden";
+      # in order to avoid having  ADMIN_TOKEN in the nix store it can be also set with the help of an environment file
+      # be aware that this file must be created by hand (or via secrets management like sops)
+      environmentFile = "/root/vaultwarden.env";
+      config = {
+          # Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
+          DOMAIN = "https://bitwarden.kempinger.at";
+          SIGNUPS_ALLOWED = false;
+  
+          ROCKET_ADDRESS = "127.0.0.1";
+          ROCKET_PORT = 8092;
+          ROCKET_LOG = "critical";
+  
+          # This example assumes a mailserver running on localhost,
+          # thus without transport encryption.
+          # If you use an external mail server, follow:
+          #   https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
+          SMTP_HOST = "127.0.0.1";
+          SMTP_PORT = 25;
+          SMTP_SSL = false;
+  
+          SMTP_FROM = "admin@bitwarden.kempinger.at";
+          SMTP_FROM_NAME = "kempinger.at Bitwarden server";
+      };
+  };
+
   nixpkgs.config.allowUnfree = true;
 
   # nixpkgs.overlays = [

kemptop/configuration.nix

@@ -100,6 +100,7 @@
       "wireshark"
       "networkmanager"
       "libvirtd"
+      "ydotool"
     ];
   };
 
@@ -237,6 +238,7 @@
   #security.pam.services.swaylock = {};
   #programs.waybar.enable = true; # top bar
 
+  programs.ydotool.enable= true;
   programs.firefox.enable = true;
   programs.wireshark.enable = true;
   programs.wireshark.package = pkgs.wireshark;