From e86c5f5d817461bf3f8e2f3e37058efd7cd7ac62 Mon Sep 17 00:00:00 2001
From: cnst <adam@cnst.dev>
Date: Wed, 16 Jul 2025 15:47:59 +0200
Subject: [PATCH] fail2ban test 10

---
 modules/nixos/services/agenix/default.nix | 1 +
 modules/server/vaultwarden/default.nix    | 7 +------
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/modules/nixos/services/agenix/default.nix b/modules/nixos/services/agenix/default.nix
index 442ec5d7..2839e1c8 100644
--- a/modules/nixos/services/agenix/default.nix
+++ b/modules/nixos/services/agenix/default.nix
@@ -58,6 +58,7 @@ in {
       (mkIf cfg.sobotka.enable {
         secrets = {
           cloudflareFirewallApiKey.file = "${self}/secrets/cloudflareFirewallApiKey.age";
+          vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age";
         };
       })
       (mkIf cfg.toothpc.enable {
diff --git a/modules/server/vaultwarden/default.nix b/modules/server/vaultwarden/default.nix
index fc5726dc..7b98a90a 100644
--- a/modules/server/vaultwarden/default.nix
+++ b/modules/server/vaultwarden/default.nix
@@ -10,12 +10,6 @@
   vcfg = config.services.vaultwarden.config;
   cfg = config.server.vaultwarden;
 in {
-  age.secrets.vaultwarden-env = {
-    file = "${self}/secrets/vaultwarden-env.age";
-    owner = "vaultwarden";
-    mode = "400";
-  };
-
   options = {
     server.vaultwarden.enable = mkEnableOption "Enables vaultwarden";
   };
@@ -44,6 +38,7 @@ in {
         };
       };
     };
+
     services.vaultwarden = {
       enable = true;
       environmentFile = config.age.secrets.vaultwarden-env.path;