add zamok safe ip

hosts/physique/hyponix/services/fail2ban.nix

@@ -2,6 +2,10 @@
 {
   services.fail2ban = {
     enable = true;
+
+    ignoreIP = [
+      "zamok.crans.org"
+    ];
   };
 
   services.openssh.settings.LogLevel = "VERBOSE";

modules/available/vaultwarden.nix

@@ -0,0 +1,34 @@
+{ config, ... }:
+let
+  domain = "pass.${config.networking.domain}";
+in
+{
+
+  age.secrets = {
+    vaultwarden_secret = {
+      file = ../../secrets/services/vaultwarden.age;
+      owner = "vaultwarden";
+    };
+  };
+
+
+  services.vaultwarden = {
+    enable = false; # TODO: enable
+    # TODO: move to pgsql
+    #dbBackend = "postgresql";
+    environmentFile = config.age.secrets.vaultwarden_secret.path;
+    config = {
+      DOMAIN = "https://${domain}";
+      SIGNUPS_ALLOWED = false;
+      
+      ROCKET_ADDRESS = "::1";
+      ROCKET_PORT = 8222;
+    };
+  };
+
+  services.caddy.virtualHosts."${domain}" = {
+    extraConfig = ''
+      			reverse_proxy localhost:${builtins.toString config.services.vaultwarden.config.ROCKET_PORT}
+      		'';
+  };
+}