From aa40c0c5e3d6c8b347be34138e3259db02f1f1b6 Mon Sep 17 00:00:00 2001
From: James Eversole <james@eversole.co>
Date: Wed, 7 Aug 2024 10:02:50 -0500
Subject: [PATCH] Add VaultWarden; update Transmission; reorder allowedTCPPorts

---
 nix/application/containers.nix |  12 +++++++++++-
 nix/application/nginx.nix      |   1 +
 nix/system/age.nix             |   1 +
 nix/system/network.nix         |   2 +-
 secrets.nix                    |   1 +
 secrets/bitwarden-env.age      | Bin 0 -> 673 bytes
 secrets/transmission-env.age   | Bin 579 -> 582 bytes
 7 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 secrets/bitwarden-env.age

diff --git a/nix/application/containers.nix b/nix/application/containers.nix
index c5d05f4..0ba5e43 100644
--- a/nix/application/containers.nix
+++ b/nix/application/containers.nix
@@ -111,18 +111,28 @@
       };
 
       transmission = {
-        image = "haugene/transmission-openvpn:5";
+        image = "haugene/transmission-openvpn:5.3.1";
         ports = [ "9091:9091" ];
         volumes = [
           "/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
           "/etc/localtime:/etc/localtime:ro"
           "/home/torrent/data:/data"
+          "/home/sezycei/srv/scripts/transmission/custom-data:/etc/openvpn/custom"
         ];
         environmentFiles =
           [ config.age.secrets.transmission-env.path ];
         extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ];
       };
 
+      vaultwarden = {
+        image = "vaultwarden/server:1.31.0";
+        ports = [ "40080:80" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/bitwarden/data:/data"
+        ];
+        environmentFiles = [ config.age.secrets.bitwarden-env.path ];
+      };
+
     };
   };
 }
diff --git a/nix/application/nginx.nix b/nix/application/nginx.nix
index 4580636..aee5988 100644
--- a/nix/application/nginx.nix
+++ b/nix/application/nginx.nix
@@ -76,6 +76,7 @@
         "jame.su" = static { dir = "/var/www/jame.su"; };
         "matri.cx" = static { dir = "/var/www/matri.cx"; };
         "media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };
+        "pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; };
         "sezycei.com" = static { dir = "/var/www/sezycei.com"; };
         "snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };
         "transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; };
diff --git a/nix/system/age.nix b/nix/system/age.nix
index f5bff34..9404b5a 100644
--- a/nix/system/age.nix
+++ b/nix/system/age.nix
@@ -18,6 +18,7 @@
       };
       keys.file = ../../secrets/keys.age;
       miniflux.file = ../../secrets/miniflux.age;
+      bitwarden-env.file = ../../secrets/bitwarden-env.age;
       transmission-env.file = ../../secrets/transmission-env.age;
     };
     identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
diff --git a/nix/system/network.nix b/nix/system/network.nix
index 7fcddae..31bc12e 100644
--- a/nix/system/network.nix
+++ b/nix/system/network.nix
@@ -2,7 +2,7 @@
   networking = {
     hostName = "eve-psr-nix0";
     firewall = {
-      allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 3000 ];
+      allowedTCPPorts = [ 22 80 443 3000 7860 9418 23231 23232 23233 ];
       allowedUDPPorts = [ 53 1194 ];
       trustedInterfaces = [ "tun0" ];
     };
diff --git a/secrets.nix b/secrets.nix
index c7ff715..b9af65d 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -13,5 +13,6 @@ in
   "secrets/htpasswd-dock.age" = { publicKeys = all; };
   "secrets/keys.age" = { publicKeys = all; };
   "secrets/miniflux.age" = { publicKeys = all; };
+  "secrets/bitwarden-env.age" = { publicKeys = all; };
   "secrets/transmission-env.age" = { publicKeys = all; };
 }
diff --git a/secrets/bitwarden-env.age b/secrets/bitwarden-env.age
new file mode 100644
index 0000000000000000000000000000000000000000..4f82ae69b6db07ec23dc6a46fb01acee5d6bd79b
GIT binary patch
literal 673
zcmV;S0$%-LXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LWKlOTMt2~0
zXE``XVlhf=WoURfN@I0LS#@D#G-7LcPDM&Hd1pvfP;yvHFH~$bLq!TtN@-_QVsUaw
zLvng<aA+%GNoy}uQBXlhY-LnQP*_c9XLn&pFHKiVP&5iHJ|J^*Xf0)AGBq_ZIUrg|
zZ)HbkAVf%EL277bGeJvHcUMtoZE<!_GkR=uWm0xVb81jfMOrX#LTEH~No7}23PE#d
zVPST8YFTn`Rclj3Sxt5`XDd!kM_E`;S43?_azSWrQgCuaPeVgE3N0-yAU9=tY)pDd
zVmEDVId61jVRKYcLP~Xab!A#^I74hkP-=KtXKgW2Mq^TM3YID-Br0_Da0%|h+}@a9
zDEiXzcA)`x9{wLIo&c6gsd3lq&oenx=a?7g!0Ydky#<gWoHFtxTfC=#YVAR*r;}d<
zh(9#8c9{o9lxG`gKkF#}xXrc`SHw5zBEjlQtX=adSdg4rjJCar^1J)$OAlaMy*E8Q
zWdVEMK2<Qm+Insix&|uGELF)lI9lq)B&RbLDKjL$^4@U@dJY153q5CS0s1iQ$Lvhc
z&cAV+$oRJ{A-sidSqh->8zD^`B<B}}=w;C&WZVhXupz)I*qP*HR^qw9Y_|Y6;UYbt
z5NAP!eRf6(`cO(un{@K|4&EhYryDS43(w<=Il_+UfrX!_<_`wvI){oahK;zQ+&M5(
zq`~rfY+3AV>sq<rC=q;qujTorF5JrC_6Biw9omnfdBPI9e=9A^+Q-8m!(?cJd7O*(
zGi|XB1MZ%Ne#-46kT&}(zpUV08vEF*R$Ph21t@<Eui--<WKr~#v^Lqqb75APU9sf@
H(lx|$pjRII

literal 0
HcmV?d00001

diff --git a/secrets/transmission-env.age b/secrets/transmission-env.age
index 40114753f6d15239e854fff2f8c17d5e2b4552cb..45eb4bed45bc9e267e99b60720dab32984f741ad 100644
GIT binary patch
delta 549
zcmV+=0^0q<1jYoAEPr`2F-A3TXf|hfM{`zeXjWoxZ#6kcX=P$DLsfJ%YI;*RRVzn#
zZbeU2X9{yUR5@&SQAbd3abibdb4y`GH8EI3cT{nCPG>bMSubyOG*m|`HbrE5Gzu*~
zAaiqQEoEdfH8n9gAX-UpWk+Wqb$3)*Z)ti^O;1!SP)TGlT7OkcFI9I;GiWwZO>b3G
zLUK}2cv>-eHEnrW3TrY=S1?LKXGSqsF-S&5aW{HZH*R`4F=|0&F;sFiVNPXoX-h$F
zWJqUs3N0-yAWBtYD>zSKNp5#jVNFYPa%EaoRYfa8GG$aTGjB0vczHx+Xlq77OIle;
z3h?^Vd|8I!hkuK>_UH8+>*G>pWRKIll*4RT1A>_ep33{BX|4Lot&{cidJcp8lu58d
zk38VH3+5(@^2lrh(aN6vV>HuF8=+cI>I=&Lsi2byWu?}MX=<t$sHNc~mjn@8PL1JP
zOSZuwhYd%Fd+dtTHomYeoJdcWm6voc$FKXhP=9+mgnyl8(;G=d;czsX1mruI#w^4N
zlenao*za=^s)2uI0{%wRrB51Gr9c{k%(<o&8WUJ{=>z{CSIgceLF+(ioN>Kn8B(k<
zonyBi+YeiSWnMW&!ylvVX|yXP&%c7!Ji?m+(ntOJNF%VXfQTm&!$G}`<in;bu^oWc
n^uI2nzaE^a*`MXJqqM-~?KU#28d&(`q`EH}J`#gE=^8+Qtwieh

delta 546
zcmV+-0^R+_1j7W7EPrcycv5v!D|b?ONHZ{Za9DPAY(!L3PBTU;NHuLnT3Jt7QA<W-
zF?mOAMG7xBK~^+(I7T*1YHdU}T2)a;V`)@zFH<mUa!_YcY*koCL@Qx&OJi?TGzu*~
zAaiqQEoEdfH8n9gAX-UpWk+WqIe0@+bXP%AYe!>xFllT>YkyF9G*ebqF?2RLF;P)h
zdU$6;V`*z>OG{`?3UPLIVN-TlD^Eo)Nl-O7YE4CFWO8R#a!52wH+N`lX<;%?WJ_yn
zRB~fQ3N0-yAVX6$Lsv&kZ7*arZfIg_OjdYgH*!X2Z*og?Su}J^T1!x6d2ez@Wph_+
z3gTo@nCNQ(4S&UVI5?UGq0xS1QBf8o2iU;3z0!qnbr^a-NxoUH1i0sr&Zd9&?FMFS
z{MAm>)8jpaS08euOu}Dw3-A8X1sn{wp%t!<%+Vs}0wMiQ2SwHnX|YnownQhpkmf>$
zQ9$$)Ik*Y9Sm@9skSaBBYZ7oSP%<x<+5Fk*CX;440Dp7O@g8I8*XqP!qY^jI8`2Xe
zUCnE<(1JAaz2c1Ak9#FW<%b<G(#^IXQYzK-y!_NPoF~&n8u}V^@1^U>?y|-D+)Bv@
zZCfIyY+>A{INqJQqz;JGo%VRvyK@*)y!?;u=LSr27{OJydIXHuVL8N#KtKx_p`=a}
khy6442phy9R&gdF>8JLO?{*FM#rd`Y2RkOiDyTkdVPy;Du>b%7