pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
nix/modules/services/vaultwarden.nix
pazpi eab5c16eb3 Done Postgresql and Vaultwarden
2025-01-02 12:40:48 +01:00

85 lines
2 KiB
Nix
Raw Blame History

{
lib,
config,
pkgs,
...
}:
let
cfg = config.my.services.vaultwarden;
rocketPort = 8222;
in
{
options.my.services.vaultwarden = {
enable = lib.mkEnableOption "Enable Vaultwarden module";
proxy = {
enable = lib.mkEnableOption "Set the proxy entry for this service";
domain = lib.mkOption {
default = "example.com";
type = lib.types.str;
description = ''
The domain where Caddy is reachable
'';
};
host = lib.mkOption {
default = "localhost";
type = lib.types.str;
description = ''
host name where the service is running
'';
};
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
age.secrets.vaultwarden-admin-pwd.file = ../../secrets/vaultwarden-admin-pwd.age;
my.services.postgresql = {
enable = true;
ensures = [
{
username = "vaultwarden";
database = "vaultwarden";
}
];
};
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = config.age.secrets.vaultwarden-admin-pwd.path;
config = {
DOMAIN = "https://vault.${cfg.proxy.domain}";
SENDS_ALLOWED = true;
SIGNUPS_ALLOWED = false;
WEBSOCKET_ENABLED = true;
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = rocketPort;
DATABASE_URL = "postgresql:///vaultwarden?host=/run/postgresql";
SMTP_HOST = "smtp.eu.mailgun.org";
SMTP_FROM = "vault@pazpi.top";
SMTP_SECURITY = "starttls";
SMTP_USERNAME = "vault@pazpi.top";
};
};
networking.firewall.allowedTCPPorts = [ rocketPort ];
})
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."vault.${domain}".extraConfig = ''
reverse_proxy http://${host}:${toString rocketPort}
import cloudflare
'';
};
})
];
}
Reference in a new issue View git blame Copy permalink