feat: added bitwarden/vaultwarden support.

applications/bitwarden/vaultwarden.nix

@@ -0,0 +1,93 @@
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+with lib; let
+  cfg = config.services.skynet_vaultwarden;
+
+  domain_sub = "pw";
+  domain = "${domain_sub}.skynet.ie";
+in {
+  imports = [
+    ../acme.nix
+    ../dns.nix
+    ../nginx.nix
+  ];
+
+  options.services.skynet_vaultwarden = {
+    enable = mkEnableOption "Skynet vaultwarden server";
+
+    host = {
+      ip = mkOption {
+        type = types.str;
+      };
+
+      name = mkOption {
+        type = types.str;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    #backups = [ "/etc/silver_ul_ical/database.db" ];
+
+    # Website config
+    skynet_acme.domains = [
+      domain
+    ];
+
+    skynet_dns.records = [
+      {
+        record = domain_sub;
+        r_type = "CNAME";
+        value = cfg.host.name;
+      }
+    ];
+
+    services.nginx.virtualHosts."${domain}" = {
+      forceSSL = true;
+      useACMEHost = "skynet";
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+      };
+    };
+
+    # has ADMIN_TOKEN and SMTP_PASSWORD
+    age.secrets.bitwarden_details.file = ../../secrets/bitwarden/details.age;
+
+    services.vaultwarden = {
+      enable = true;
+
+      environmentFile = config.age.secrets.bitwarden_details.path;
+      config = {
+        DOMAIN = "https://${domain}";
+        SENDS_ALLOWED = true;
+        SIGNUPS_ALLOWED = false;
+
+        INVITATION_ORG_NAME = "Skyhold";
+
+        ORG_GROUPS_ENABLED = true;
+
+        USE_SENDMAIL = false;
+
+        SMTP_HOST = "mail.skynet.ie";
+        SMTP_FROM = "vaultwarden@skynet.ie";
+        SMTP_FROM_NAME = "Skynet Bitwarden server";
+        SMTP_SECURITY = "starttls";
+        SMTP_PORT = 587;
+
+        SMTP_USERNAME = "vaultwarden@skynet.ie";
+        SMTP_AUTH_MECHANISM = "Login";
+        SMTP_EMBED_IMAGES = true;
+
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_PORT = 8222;
+
+        ROCKET_LOG = "critical";
+      };
+    };
+  };
+}

machines/kitt.nix

@@ -23,6 +23,8 @@ in {
   imports = [
     ../applications/ldap/server.nix
     ../applications/discord.nix
+    ../applications/bitwarden/vaultwarden.nix
+    ../applications/bitwarden/bitwarden_sync.nix
   ];
 
   deployment = {
@@ -66,4 +68,13 @@ in {
   services.discord_bot = {
     enable = true;
   };
+
+  services.skynet_vaultwarden = {
+    enable = true;
+
+    host = {
+      ip = ip_pub;
+      name = name;
+    };
+  };
 }

secrets/bitwarden/details.age

@@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-ed25519 V1pwNA d3Xy8iQxiSb8gV8NRqBAxBm0g5V1INUAeHJDFdAqe3o
+Uaw/Q/BjZabCWBoKJmSICiUn8/OWXjj+/sx0BZKxWj8
+-> ssh-ed25519 4PzZog qxpYb+zz05nntFRA8k0ZwWSmpvOA8gnf8AaBuy5xyhQ
+ssOtug0RBDkPbSEC4Acs/UNelfLmkLLH2pEm0geAuVE
+-> ssh-ed25519 5Nd93w iXfwzbDeUuFqwXPztMdaBXnfXY7W8sQXmcxEtMqkPzM
+t88pMxJ09RtrNEd1tn8N5iUh2mnaHwzb3dD6xlt8jRw
+-> ssh-ed25519 q8eJgg 4NAejBkAf4tZEsq6YsWJiOTq3wBBkDHB3Z1CFG8LeSk
+yIicVNLUkaHs9RzaEFFn0SVqR5QiKNJZShehiEfvTh4
+-> ssh-ed25519 IzAMqA orpGqetn3ND76DC2QejaGnAlPDlV43l7/GdJB47SFQA
+U0Bm9/VgoY6/dwIdqZpOY5rQc5j/TBlKzRS8rndyxu4
+-> _-grease yOwV[T R\ b>SI aVM^#_X
+VfqPBdd5CK3GXPcBxXzbq9ak7qYJrnrxU7O7pKmfavJJ55dsmXKvEI7NE2tgASsr
+Gxc1ttbQ4310R2CN0IM7xvMRLQsg/MnA2WGiwO52OYkHJXZ/i9F8ro4sq8q5cJE
+--- T8NUXH3YnnAIycabcEi8uFUfnDuvdgy3COrUoPPA+lQ
+QýPÀŒÍE“*NcYÞ³³	ÎY튰nK¶Bžù•°íšêaâšz<C5A1>˜^fJy¢h£™W!u|¶dDq'ê} €6^Ô5½ðÍwSÊží³k1%ÈN¹smŸ–º÷wÁ½i+ó|Dƒ´“°pÏ”½qr!1¿É™ìü<>‡¨ïš£°?µŒžÙÀ¢ïH†îèш$›‰Ýð(fÍ<66>‰gKn{ïa93tlÜ‚ì…Gbrˆã<CB86>§bMYÆ(¹—Öî¬`y&,â'«{è=

secrets/email/details.age

@@ -1,23 +1,23 @@
 age-encryption.org/v1
--> ssh-ed25519 V1pwNA P02Xzq2IYlbZMvvBUjy6eM0FN1CfSyCinTJnQrZUUlg
+-> ssh-ed25519 V1pwNA jq+XbDiOKLZYMvnmsSod+uedgov0IG0owyKLnh8UWSE
-QU9CrDYFL0KwDiH9T0zOzydeJBm4eS+Rp4m2ozA3FA0
+Qvoh1P8BCj677JtljcNsz+wlimAsOc6VhUMJhV1GqiU
--> ssh-ed25519 4PzZog 0dqzbH7AY96+GFtwrkrcxYKuO/c9eBPgdxMKa1qliw0
+-> ssh-ed25519 4PzZog QW53/Ugxrrxc409WcGAIvM1/Y4Vmx3ApggipX/eIEjw
-y0Kx5IG3CCzFcXM5MuS3eLij/l7QFKaHlr3VQty+gsA
+IAYk1jPQmim0+TItOXAskS3PVgCnZDtYdIBKlvcLxwA
--> ssh-ed25519 5Nd93w i9j9spcBf2ww6koxQu+802p8ua70VmQTtuLNC/v8MzY
+-> ssh-ed25519 5Nd93w sCuEYWuaUPIMRjZXmggeeWCgkIaJT7D5bAXb2ixWq2Q
-wgYQc+JdSPd2cen/mQyL4NVn9fHtRsHX0E5lDW06yMs
+1o9D3Uz/mNnh4ys0I78j25MiKlHqhGdaP+D8HvtpOWY
--> ssh-ed25519 q8eJgg L55YurMQv+czgj6uwgHS3L2vX2A5VYRcUEXsGcj0r38
+-> ssh-ed25519 q8eJgg 6WC13FFyND94sHo7cbG+3uZUNsmy42DmpUOVkCmVbHw
-vLRAuYLEljcVqVXs6k0hrVQNkRIpvvpCUeMP4jWVItQ
+RJJ+3aUtwP1M4bDkiHKr0uz+HwRwH0bAn+GPEs4utGQ
--> ssh-ed25519 IzAMqA Q1wP64lIZtvFPa0wAD+jQZtS7NwDr4rkthZEoVtuJjo
+-> ssh-ed25519 IzAMqA 87Jsefduk7iRFF84+ZvPGdTpz/FzRYuzg9UkbPQxPW8
-EnLKgtFFpzEKpLZMatZFNTt0rINciFUryYd0GMIUSp0
+xBUyjiOg9/zq28fXFo2/kHitPuz3HaZ+ckEwgWqYXH4
--> ssh-ed25519 uZzB3g EwOnsGci+aqHj7XR+sVCi2pNowFbTLtQimzFNHy7LTo
+-> ssh-ed25519 uZzB3g 2/G93JVSGG8Bq3TzXiC7VxGvLgt8VpfBDxNLnsQJnzQ
-jtl2RhtNayPr44rrZ1ESgR6p1hDJg1h70flu/0rDCjg
+eqvUUuCxDnj1YJt31bOXEZtCk6W8Fb073LUp6JoCLSs
--> ssh-ed25519 Hb0ipQ Jmcvd8zOLb7qf2ZIY1HsBrMA3wETGJFUTicBb/Gf2n4
+-> ssh-ed25519 Hb0ipQ VrLe6mWpNh3VasQNuZoYVSG+UoExVvp9plKEuRi6+DQ
-RTiE+f1N+npbnh1M20x76MJ/uj/5SDTdWKj1uMWPThM
+xem0syYeUihXShPuhN4Y0caleqYD3Guw89phtQ+IzHw
--> ssh-ed25519 IzAMqA cSzsukksm2E0coLmIXmd6DsEs/gHmIeGfcH/unNd1B4
+-> ssh-ed25519 IzAMqA Ki9fF+v0YtXbnZFOX9Qyp2RF8NkvtgVM2vWxvc7TiDI
-6ThlGLwm5iFG/UXoNMtAup909MVxz5JTpK45HJDeYFk
+parIXPuSLa9NKLw3tUJFWK3FsGfD85h+DL28y5sNgrk
--> d7'/PSOq-grease BF,
+-> c{-grease -ufY Ew|
-ka0OOXHqf7TrhcdP9NFMQVGlF2x+fnC5PRZba5o
+tdST+ze++xYVJLumh6+FoeoLRYS2WKdR/HSY8UphDPJx1OW+2ZSJNyG5XjTX582r
---- s5GXDMgktkfdge6Ndk1J8ooCdXVsryH9XzD2+TF6wC8
+zSM85sEgYsJe0arZqPDHwnjssUCkAuiLMZM8atLM
-`2ÕÊÇÅöå™SÇ
+--- PICAIqdJW/DCPw9lvrRLsdMJLUFsE48EQxd03DboxqI
-%Í‹•cA¥¥Ž¼2˜¦ƒÊ”ˆ<E2809D>
åw
L(<28>žq\Ò0ô})€D#k)¢Yí€\&¬ûºX£"į¬5º06|4ù)¼Þ._vD6N”Ò½üé*+RÇ)‹£59†š
+H<EFBFBD>„r á§!{ýì'ž!‡­’æy™•o$¤µà0Ô:dá›ä6ài

tuìRf©ú;äÍ´‰ƒÝˆ¹Ñ?…¥€·ðM«a½ˆâ6lÚ;
-EñÔ}£â~g<>©C1‚ÁÝðƒÀ ÷´eaâ
+°P¦Ë@pX×kiÄrðò&âÂò£|2…»S#Ÿœü¶¢Ü×…þÁ¢Á…Ú…ÌÀ6A@~T§*R/

secrets/secrets.nix

@@ -140,4 +140,5 @@ in {
 
   # for bitwarden connector
   "bitwarden/api.age".publicKeys = users ++ bitwarden;
+  "bitwarden/details.age".publicKeys = users ++ bitwarden;
 }