forked from hacc/haccfiles
services/vaultwarden: init vaultwarden
This commit is contained in:
parent
2044b77401
commit
56cbb7601b
4 changed files with 58 additions and 1 deletions
|
@ -21,6 +21,7 @@
|
|||
../../services/gitlab-runner.nix
|
||||
../../services/unifi.nix
|
||||
../../services/lantifa.nix
|
||||
../../services/vaultwarden.nix
|
||||
|
||||
./lxc.nix
|
||||
];
|
||||
|
|
|
@ -5,5 +5,12 @@ in {
|
|||
imports = [
|
||||
./nftnat
|
||||
./decklink.nix
|
||||
"${sources.nixpkgs-unstable}/nixos/modules/services/security/vaultwarden"
|
||||
];
|
||||
|
||||
# disabled since vaultwarden defines a dummy bitwarden_rs option that
|
||||
# shows a deprication warning, which conflicts with this module
|
||||
disabledModules = [
|
||||
"services/security/bitwarden_rs/default.nix"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -60,7 +60,7 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
inherit (unstable) bottom;
|
||||
inherit (unstable) bottom vaultwarden vaultwarden-vault;
|
||||
};
|
||||
|
||||
in pkgs.extend(_: _: newpkgs)
|
||||
|
|
49
services/vaultwarden.nix
Normal file
49
services/vaultwarden.nix
Normal file
|
@ -0,0 +1,49 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
DATA_FOLDER="/persist/var/lib/vaultwarden/data";
|
||||
LOG_LEVEL="error";
|
||||
SIGNUPS_ALLOWED=false;
|
||||
SIGNUPS_VERIFY=true;
|
||||
SIGNUPS_DOMAINS_WHITELIST="hacc.space";
|
||||
ORG_CREATION_USERS="admin@hacc.space";
|
||||
INVITATIONS_ALLOWED=true;
|
||||
INVITATION_ORG_NAME="haccwarden";
|
||||
|
||||
TRASH_AUTO_DELETE_DAYS=90;
|
||||
|
||||
DOMAIN="https://pw.hacc.space";
|
||||
ROCKET_ADDRESS="127.0.0.1";
|
||||
ROCKET_PORT=5354;
|
||||
ROCKET_WORKERS=2;
|
||||
|
||||
SMTP_HOST="mail.hacc.space";
|
||||
SMTP_FROM="vaultwarden@hacc.space";
|
||||
SMTP_FROM_NAME="haccwarden";
|
||||
SMTP_PORT=587;
|
||||
SMTP_USERNAME="noreply@infra4future.de";
|
||||
|
||||
};
|
||||
environmentFile = "/persist/var/lib/vaultwarden/vaultwarden.env"; #contains SMTP_PASSWORD
|
||||
dbBackend = "sqlite";
|
||||
backupDir = "/persist/data/vaultwarden_backups/";
|
||||
};
|
||||
|
||||
#work around ProtectSystem=strict, cleanup
|
||||
systemd.services.vaultwarden.serviceConfig = {
|
||||
ReadWritePaths = [ "/persist/var/lib/vaultwarden" ];
|
||||
StateDirectory = lib.mkForce "";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."pw.hacc.space" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5354";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue