From 5051cd0cf62e7a1da8f6a436ebf66dc684e864e2 Mon Sep 17 00:00:00 2001
From: victor <victor@xirion.net>
Date: Tue, 11 Oct 2022 14:11:17 +0200
Subject: [PATCH] enable websockets vault

---
 .github/workflows/nixos.yml                   | 14 +++++++++
 nixos/hosts/olympus/nginx/configuration.nix   | 30 +++++++++++++------
 .../olympus/vaultwarden/configuration.nix     | 10 +++++--
 3 files changed, 43 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/nixos.yml b/.github/workflows/nixos.yml
index 672b9ec..672d3b7 100644
--- a/.github/workflows/nixos.yml
+++ b/.github/workflows/nixos.yml
@@ -9,6 +9,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2.3.2
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          # this might remove tools that are actually needed,
+          # if set to "true" but frees about 6 GB
+          tool-cache: true
+          
+          # all of these default to true, but feel free to set to
+          # "false" if necessary for your workflow
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          swap-storage: true
       - name: "Install Nix ❄️"
         uses: cachix/install-nix-action@v15
       - name: "Install Cachix ❄️"
diff --git a/nixos/hosts/olympus/nginx/configuration.nix b/nixos/hosts/olympus/nginx/configuration.nix
index 58e7f1d..cc6fa7f 100644
--- a/nixos/hosts/olympus/nginx/configuration.nix
+++ b/nixos/hosts/olympus/nginx/configuration.nix
@@ -22,8 +22,7 @@ let
     add_header Access-Control-Allow-Origin *;
     return 200 '${builtins.toJSON data}';
   '';
-in
-{
+in {
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
@@ -32,9 +31,6 @@ in
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "21.05"; # Did you read the comment?
 
-  # Additional packages
-  environment.systemPackages = with pkgs; [ ];
-
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 
   services.nginx = {
@@ -51,14 +47,28 @@ in
 
     # 0x76.dev
     virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
-    # virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
     virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/";
     virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
     virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
     virtualHosts."grafana.0x76.dev" = proxy "http://victoriametrics.olympus:2342";
     virtualHosts."outline.0x76.dev" = proxy "http://outline.olympus:3000";
     virtualHosts."id.0x76.dev" = proxy "http://keycloak.olympus:80";
-    virtualHosts."pass.0x76.dev" = proxy "http://vaultwarden.olympus:8222";
+    virtualHosts."pass.0x76.dev" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://vaultwarden.olympus:8222";
+        proxyWebsockets = true;
+      };
+      locations."/notifications/hub/negotiate" = {
+        proxyPass = "http://vaultwarden.olympus:8222";
+        proxyWebsockets = true;
+      };
+      locations."/notifications/hub" = {
+        proxyPass = "http://vaultwarden.olympus:3012";
+        proxyWebsockets = true;
+      };
+    };
 
     # Redshifts
     virtualHosts."andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008";
@@ -71,8 +81,10 @@ in
         add_header Content-Type 'text/html; charset=UTF-8';
         return 200 '<h1>meow</h1>';
       '';
-      locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
-      locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+      locations."= /.well-known/matrix/client".extraConfig =
+        mkWellKnown clientConfig;
+      locations."= /.well-known/matrix/server".extraConfig =
+        mkWellKnown serverConfig;
     };
     virtualHosts."chat.meowy.tech" = {
       enableACME = true;
diff --git a/nixos/hosts/olympus/vaultwarden/configuration.nix b/nixos/hosts/olympus/vaultwarden/configuration.nix
index 37dc0f3..f4ae4fd 100644
--- a/nixos/hosts/olympus/vaultwarden/configuration.nix
+++ b/nixos/hosts/olympus/vaultwarden/configuration.nix
@@ -3,7 +3,9 @@
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
 { config, pkgs, ... }:
-let vs = config.vault-secrets.secrets;
+let
+  vs = config.vault-secrets.secrets;
+  cfg = config.services.vaultwarden.config;
 in {
   imports = [ ];
 
@@ -18,7 +20,7 @@ in {
   # Additional packages
   environment.systemPackages = with pkgs; [ ];
 
-  networking.firewall.allowedTCPPorts = [ config.services.vaultwarden.config.ROCKET_PORT ];
+  networking.firewall.allowedTCPPorts = [ cfg.ROCKET_PORT cfg.WEBSOCKET_PORT ];
 
   vault-secrets.secrets.vaultwarden = {
     user = "vaultwarden";
@@ -35,6 +37,10 @@ in {
       ROCKET_ADDRESS = "0.0.0.0";
       ROCKET_PORT = 8222;
 
+      WEBSOCKET_ENABLED = true;
+      WEBSOCKET_ADDRESS = "0.0.0.0";
+      WEBSOCKET_PORT = 3012;
+
       SMTP_HOST = "mail.0x76.dev";
       SMTP_FROM = "vaultwarden@0x76.dev";
       SMTP_PORT = 465;