fix: simplify CrowdSec module

Remove LAPI server config causing null coercion error. Detection-only mode for now; bouncer can be added later. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 13:50:33 +01:00 · 2026-03-18 13:50:33 +01:00 · e0de37b15f
commit e0de37b15f
parent 9a57a2c511
5 changed files with 16 additions and 534 deletions
--- a/docs/superpowers/specs/2026-03-18-vaultwarden-design.md
+++ b/docs/superpowers/specs/2026-03-18-vaultwarden-design.md
@ -1,133 +0,0 @@
-# Vaultwarden Module Design
-
-## Overview
-
-Add Vaultwarden (a lightweight Bitwarden-compatible password manager) as a NixOS module following the existing Podman container pattern.
-
-## Requirements
-
- Domain: `vault.ashisgreat.xyz`
- WebSocket support for real-time sync
- Admin panel enabled
- No email functionality needed
-
-## Module Header Comment
-
-```nix
-# Vaultwarden Module (Podman)
-# Provides: Bitwarden-compatible password manager
-#
-# Usage:
-#   myModules.vaultwarden = {
-#     enable = true;
-#     port = 8222;
-#     websocketPort = 3012;
-#     domain = "vault.example.com";
-#   };
-```
-
-## Module Options
-
-```nix
-options.myModules.vaultwarden = {
-  enable = lib.mkEnableOption "Vaultwarden password manager";
-
-  domain = lib.mkOption {
-    type = lib.types.str;
-    example = "vault.example.com";
-    description = "Public domain for Vaultwarden";
-  };
-
-  port = lib.mkOption {
-    type = lib.types.port;
-    default = 8222;
-    description = "HTTP port for Vaultwarden web interface";
-  };
-
-  websocketPort = lib.mkOption {
-    type = lib.types.port;
-    default = 3012;
-    description = "WebSocket port for real-time sync";
-  };
-};
-```
-
-## Architecture
-
-### Container Configuration
-
- **Image**: `vaultwarden/server:latest`
- **Ports**:
-  - HTTP: `127.0.0.1:8222 → 80`
-  - WebSocket: `127.0.0.1:3012 → 3012`
- **Volumes**:
-  - `vaultwarden-data:/data` - Persistent storage for SQLite database
- **Environment**:
-  - `ADMIN_TOKEN` - From SOPS secret
-  - `SHOW_PASSWORD_HINT=false` - Disabled since no email
-  - `SIGNUPS_ALLOWED=true` - Can be changed via admin panel
-
-### Nginx Integration
-
-The module adds the domain to `myModules.nginx.domains` with WebSocket support via `extraConfig`:
-
-```nix
-myModules.nginx.domains = {
-  "${cfg.domain}" = {
-    port = cfg.port;
-    extraConfig = ''
-      location /notifications/hub {
-        proxyPass http://127.0.0.1:${toString cfg.websocketPort};
-        proxyHttpVersion 1.1;
-        proxySetHeader Upgrade $http_upgrade;
-        proxySetHeader Connection "upgrade";
-      }
-    '';
-  };
-};
-```
-
-This configures:
- Main location `/` → proxy to HTTP port (handled by nginx module)
- WebSocket location `/notifications/hub` → proxy to WebSocket port with upgrade headers
-
-### Secrets
-
-**SOPS secret declaration** (in configuration.nix):
-```nix
-sops.secrets.vaultwarden_admin_token = { };
-```
-
-**SOPS template** (in configuration.nix):
-```nix
-sops.templates."vaultwarden.env" = {
-  content = ''
-    ADMIN_TOKEN=${config.sops.placeholder.vaultwarden_admin_token}
-  '';
-};
-```
-
-**Secret required** in `secrets/secrets.yaml`:
- `vaultwarden_admin_token` - Token for accessing the admin panel at `/admin`
-
-## Files to Create/Modify
-
-| File | Action |
-|------|--------|
-| `modules/vaultwarden.nix` | Create - new module |
-| `modules/default.nix` | Modify - add import |
-| `configuration.nix` | Modify - enable module, add sops.secrets, add sops.templates |
-| `secrets/secrets.yaml` | Modify - add admin token (manual) |
-
-## Usage
-
-After deployment:
-1. Navigate to `https://vault.ashisgreat.xyz`
-2. Create an account
-3. Access admin panel at `https://vault.ashisgreat.xyz/admin` with the admin token
-
-## Dependencies
-
- `myModules.podman` - Container runtime
- `myModules.nginx` - Reverse proxy (for domain registration)
- SOPS-nix - Secrets management