From 471e3df43908d88e715050bd99e4ae864e31c85e Mon Sep 17 00:00:00 2001 From: emily Date: Thu, 13 Jun 2024 16:45:05 +0200 Subject: [PATCH] Add basicAuth to vaultwarden admin page --- config/services/vaultwarden.nix | 8 ++++++++ secrets/services/vaultwarden.yaml | 5 +++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/config/services/vaultwarden.nix b/config/services/vaultwarden.nix index 1207442..f4d1b11 100644 --- a/config/services/vaultwarden.nix +++ b/config/services/vaultwarden.nix @@ -3,6 +3,10 @@ sopsFile = ../../secrets/services/vaultwarden.yaml; owner = "vaultwarden"; }; + sops.secrets."services/vaultwarden/basicAuth" = { + sopsFile = ../../secrets/services/vaultwarden.yaml; + owner = "vaultwarden"; + }; services.vaultwarden = { enable = true; environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path; @@ -37,6 +41,10 @@ proxyPass = "http://[::1]:8222"; proxyWebsockets = true; }; + locations."/admin" = { + proxyPass = "http://[::1]:8222"; + basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path; + }; }; security.acme.certs."staging.vault.kyouma.net" = {}; } diff --git a/secrets/services/vaultwarden.yaml b/secrets/services/vaultwarden.yaml index 2e4a24b..5672721 100644 --- a/secrets/services/vaultwarden.yaml +++ b/secrets/services/vaultwarden.yaml @@ -1,6 +1,7 @@ services: vaultwarden: environmentFile: ENC[AES256_GCM,data:qCzqf1xSqKdVin18WMOkFatuL2TTpvOEl1gFQyjBHbVuauDl4IJZ6aL+APrk7ADH78CRx5SntD6hjrI6hWea/IQsvw9feTTZkp+pG5qVvLdgPdl61cnAaZCUNvvzxE2NTFOTPriNLSRxwT8We1meyNe4CAkkKsMMVFInNarY8ZxuEEIEkBr7VfhB/EHCj72FSv1kR2zTw15n9b0gNxFwBC0jkTKTfEBoQNVtU6gmFTfXSNi92cothuTQbPxsYtbALpC3Y/aAJBT6SGODuqEHZ+B+NfYemX6eRYX89pXy3Tb0r2frK2XbWLowq7IP/w0MTGOsMV+ytiAD03wa65qUlYMejkGYFX1Q,iv:F/NXvyegyvIApdYaITAgGZxLUl99yfMbN/WSUOEKDmg=,tag:1MXqbpwPqG3v9h0X57k6kQ==,type:str] + basicAuth: ENC[AES256_GCM,data:hMVlWEM59dzp91S3iZB2jhyZE7ys3xhOlEEQSypc8daLOtJLxHTbA5HLNQ==,iv:Z5Wik8xfAV2S7DwLXcoJudB/qAAe6bjOQCV2t0Xk8zw=,tag:EpXw1AJvMFU+Td1sdMP5lQ==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +17,8 @@ sops: MktVZ0VUbEFOY2xkcUhvQlBFdXhtaGMKkZrL4ePjGaV6Xa1zo+6osC6uT3YfYP/A Sju9hALA36ACnE3QoIE5Rnhme4KwiIA6+VZlIU4OHAB8YPIewmvCCA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-03T13:05:08Z" - mac: ENC[AES256_GCM,data:xQtCP1lRVQvr3rY/Cb3eW7tAwUSge8yFMuYSzMRUzbaNz03dHU3lhp/FGFDa1aWvbxT9YdKr4rIY2sUlMAK5ltw5uiiOXo5RA0wiC80A9bRVudnxCpF0cvwzBUZyY4I5ydAKE+peKLf76GRVE9awkZLmCu/B+P/R9AuS0GEZxKA=,iv:G3HF5py8bTnbJZBSWDHPVY6yI/ZlDaTEG0XCq0t+ykY=,tag:bs95sOcYsLn1Pls8TpqzHw==,type:str] + lastmodified: "2024-06-13T14:39:40Z" + mac: ENC[AES256_GCM,data:UXyVowvw23iorkK3GODpAlujHu1W/xhZA7XB5xy/BBIDjBaKeG4Uwr3pHX05Pwy/naHLuGX3fRaEISW+gAecEfe1+fId/FJY12wu0pq2/NRVNzyhRYb1bmSc654KFJVl2hOujwBmAwmdtbbxZQU3B/mqMpol/xzWyn96zu161bo=,iv:iGcdWH/ct3Qsvkt8VQBH+UagxPs2OTArXVSjMqliOy4=,tag:KASdSTPa/tA+SUu7nshU2w==,type:str] pgp: - created_at: "2024-06-12T20:46:24Z" enc: |-