nix

flake.nix

@@ -1,5 +1,5 @@
 {
-	description = "https://tangled.sh/@ocbwoy3.dev/nix";
+	description = "Dark World Exclusive Nix Flake (Totally not a Deltarune reference)";
 
 	inputs = {
 		# Core
@@ -19,7 +19,7 @@
 		zen-browser.url = "github:0xc000022070/zen-browser-flake";
 
 		# Programs
-		tuxstrap.url = "git+https://tangled.sh/@ocbwoy3.dev/tuxstrap";
+		tuxstrap.url = "git+https://tangled.org/kris.darkworld.download/tuxstrap";
 		
 		# Package tooling
 		chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
@@ -27,7 +27,7 @@
 		nvf.url = "github:notashelf/nvf";
 
 		# Extras
-		tangled.url = "git+https://tangled.sh/@tangled.sh/core";
+		tangled.url = "git+https://tangled.sh/tangled.sh/core";
 		vscode-server.url = "github:nix-community/nixos-vscode-server";
 		spacebar = {
 			url = "github:spacebarchat/server";

hosts/server/configuration.nix

@@ -12,6 +12,7 @@
     ./modules/tangled.nix
     ../../modules/force.nix
     ./modules/gitea.nix
+    ./modules/vaultwarden.nix
   ];
 
   # gcc. shit breaks. wtf
@@ -40,9 +41,11 @@
     };
   };
 
-  services.openssh.settings = {
+  services.openssh.settings = lib.mkDefault {
     PubkeyAuthentication = "yes";
     TrustedUserCAKeys = "/etc/ssh/ca.pub";
+    PermitRootLogin = lib.mkDefault "prohibit-password";
+    KbdInteractiveAuthentication = lib.mkDefault false;
   };
 
   services.openssh = {
@@ -62,6 +65,7 @@
     extraGroups = [
       "wheel"
       "networkmanager"
+      "docker"
     ];
     shell = pkgs.zsh;
   };

hosts/server/modules/vaultwarden.nix

@@ -0,0 +1,44 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "sqlite";
+    environmentFile = "/private/vaultwarden/vaultwarden.env";
+    config = {
+      # Keep data alongside the secret env file so we can back it up together.
+      DATA_FOLDER = "/private/vaultwarden/data";
+      PUSH_RELAY_URI = "https://api.bitwarden.eu";
+      PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
+      DOMAIN = "https://vault.ocbwoy3.dev";
+      ROCKET_ADDRESS = "0.0.0.0";
+      ROCKET_PORT = 8222;
+      WEBSOCKET_ENABLED = true;
+      WEBSOCKET_ADDRESS = "0.0.0.0";
+      WEBSOCKET_PORT = 3012;
+      SIGNUPS_ALLOWED = false;
+    };
+  };
+
+  # Allow vaultwarden to write under /private/vaultwarden and ensure the directory exists.
+  systemd.services.vaultwarden.serviceConfig = {
+    ReadWritePaths = [ "/private/vaultwarden" ];
+  };
+
+  systemd.tmpfiles.settings."10-vaultwarden-private"."/private/vaultwarden/data".d = {
+    user = "vaultwarden";
+    group = "vaultwarden";
+    mode = "0750";
+  };
+
+  # cloudflared!!
+  # networking.firewall.allowedTCPPorts = [
+  #   8222
+  #   3012
+  # ];
+}

modules/force.nix

@@ -1,38 +1,39 @@
 { config, pkgs, ... }:
 
 {
-	imports = [
-		./nixos/bootloader.nix
-		./nixos/hardware.nix
-		./nixos/i18n.nix
-		./nixos/network.nix
-		./nixos/nixpkgs.nix
-		./nixos/nvidia.nix
-		./nixos/programs.nix
-		./stuff/nvim.nix
-		./stuff/zsh.nix
-	];
+  imports = [
+    ./nixos/bootloader.nix
+    ./nixos/hardware.nix
+    ./nixos/i18n.nix
+    ./nixos/network.nix
+    ./nixos/nixpkgs.nix
+    ./nixos/nvidia.nix
+    ./nixos/programs.nix
+    ./stuff/nvim.nix
+    ./stuff/zsh.nix
+  ];
 
-	environment.systemPackages = with pkgs; [
-		tmux
-		gh
-		file
-		glib
-		openssl
-		nss
-		glibc
-		nixfmt-rfc-style
-		killall
-		deno
-		bun
-		imagemagick
-		unzip
-		libwebp
-		nix-direnv
-		htop
-		nixpkgs-fmt
-		nixd
-		ffmpeg-full
-		gnupg
-	];
+  environment.systemPackages = with pkgs; [
+    tmux
+    gh
+    file
+    glib
+    openssl
+    nss
+    glibc
+    nixfmt-rfc-style
+    killall
+    deno
+    bun
+    imagemagick
+    unzip
+    libwebp
+    nix-direnv
+    htop
+    nixpkgs-fmt
+    nixd
+    ffmpeg-full
+    gnupg
+    codex
+  ];
 }