From 72d6e483439a1c0c48bf8cd1311a0b25d0fde7b3 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 21:23:44 +0300
Subject: [PATCH] vaultwarden

---
 hosts/kittykat/configuration.nix   | 10 ++++++++++
 hosts/kittykat/traefik.nix         | 11 +++++++++++
 modules/home-manager/cli/shell.nix |  1 +
 modules/nixos/networking/ssh.nix   |  2 ++
 4 files changed, 24 insertions(+)

diff --git a/hosts/kittykat/configuration.nix b/hosts/kittykat/configuration.nix
index 48c7f25..ab43bf6 100644
--- a/hosts/kittykat/configuration.nix
+++ b/hosts/kittykat/configuration.nix
@@ -24,6 +24,16 @@
     openFirewall = true;
   };
 
+  services.vaultwarden = {
+    enable = true;
+
+    config = {
+      DOMAIN = "https://vault.kittykat.poggerer.xyz";
+      SIGNUPS_ALLOWED = false;
+      ROCKET_PORT = 8222;
+    };
+  };
+
   nixpkgs.config.allowUnfree = true;
   nix.settings.experimental-features = ["nix-command" "flakes"];
   system.stateVersion = "25.05";
diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index e6abfb4..c05adcc 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -49,6 +49,12 @@
               certResolver = "letsencrypt";
             };
           };
+          vaultwarden = {
+            rule = "Host(`vault.kittykat.poggerer.xyz`)";
+            entryPoints = ["websecure"];
+            service = "vaultwarden";
+            tls.certResolver = "letsencrypt";
+          };
         };
 
         services = {
@@ -59,6 +65,11 @@
               ];
             };
           };
+          vaultwarden = {
+            loadBalancer.servers = [
+              {url = "http://127.0.0.1:8222";}
+            ];
+          };
         };
       };
     };
diff --git a/modules/home-manager/cli/shell.nix b/modules/home-manager/cli/shell.nix
index df27e22..98ea0f0 100644
--- a/modules/home-manager/cli/shell.nix
+++ b/modules/home-manager/cli/shell.nix
@@ -7,6 +7,7 @@
       rb = "sudo nixos-rebuild switch --flake ~/nixdots#";
       nixtest = "sudo nixos-rebuild test --flake ~/nixdots#";
       infect = "nix run github:nix-community/nixos-anywhere -- -- flake";
+      deploy = "nix run github:serokell/deploy-rs --"; #  deploy .#kittykat
     };
 
     bashrcExtra = ''
diff --git a/modules/nixos/networking/ssh.nix b/modules/nixos/networking/ssh.nix
index c3a130c..6f9d4dc 100644
--- a/modules/nixos/networking/ssh.nix
+++ b/modules/nixos/networking/ssh.nix
@@ -1,4 +1,6 @@
 {
+  networking.firewall.allowedTCPPorts = [22];
+
   users.users."root".openssh.authorizedKeys.keys = [
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
   ];