pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Done Postgresql and Vaultwarden

Browse source
This commit is contained in:
pazpi 2025-01-02 12:40:48 +01:00
parent 199db5b3bc
commit eab5c16eb3
3 changed files with 198 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

24
modules/services/vaultwarden.nix
View file

@ -6,8 +6,7 @@
}:
let
cfg = config.my.services.vaultwarden;
user = config.users.users.vaultwarden.name;
group = config.users.groups.vaultwarden.name;
rocketPort = 8222;
in
{
@ -41,6 +40,16 @@ in
age.secrets.vaultwarden-admin-pwd.file = ../../secrets/vaultwarden-admin-pwd.age;
my.services.postgresql = {
enable = true;
ensures = [
{
username = "vaultwarden";
database = "vaultwarden";
}
];
};
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
@ -51,16 +60,23 @@ in
SIGNUPS_ALLOWED = false;
WEBSOCKET_ENABLED = true;
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = 8222;
ROCKET_PORT = rocketPort;
DATABASE_URL = "postgresql:///vaultwarden?host=/run/postgresql";
SMTP_HOST = "smtp.eu.mailgun.org";
SMTP_FROM = "vault@pazpi.top";
SMTP_SECURITY = "starttls";
SMTP_USERNAME = "vault@pazpi.top";
};
};
networking.firewall.allowedTCPPorts = [ rocketPort ];
})
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."vault.${domain}".extraConfig = ''
reverse_proxy http://${host}:80
reverse_proxy http://${host}:${toString rocketPort}
import cloudflare
'';
};