72 lines
1.7 KiB
Nix
72 lines
1.7 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
cfg = config.services.vaultwarden;
|
|
domain = "pw.feal.no";
|
|
address = "127.0.1.2";
|
|
port = 3011;
|
|
wsPort = 3012;
|
|
in {
|
|
sops.secrets."vaultwarden/admintoken" = {
|
|
owner = "vaultwarden";
|
|
group = "vaultwarden";
|
|
};
|
|
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
dbBackend = "postgresql";
|
|
environmentFile = config.sops.secrets."vaultwarden/admintoken".path;
|
|
config = {
|
|
domain = "https://${domain}";
|
|
|
|
rocketAddress = address;
|
|
rocketPort = port;
|
|
|
|
websocketEnabled = true;
|
|
websocketAddress = address;
|
|
websocketPort = wsPort;
|
|
|
|
signupsAllowed = true;
|
|
signupsVerify = true;
|
|
signupsDomainsWhitelist = "albrigtsen.it";
|
|
|
|
databaseUrl = "postgresql://vaultwarden@/vaultwarden";
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
ensureDatabases = [ "vaultwarden" ];
|
|
ensureUsers = [{
|
|
name = "vaultwarden";
|
|
ensureDBOwnership = true;
|
|
}];
|
|
};
|
|
|
|
services.postgresqlBackup.databases = [ "vaultwarden" ];
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
listen = [
|
|
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
|
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
|
|
];
|
|
|
|
extraConfig = ''
|
|
client_max_body_size 128M;
|
|
'';
|
|
locations."/" = {
|
|
proxyPass = "http://${address}:${toString port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
locations."/notifications/hub" = {
|
|
proxyPass = "http://${address}:${toString wsPort}";
|
|
proxyWebsockets = true;
|
|
};
|
|
locations."/notifications/hub/negotiate" = {
|
|
proxyPass = "http://${address}:${toString port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
}
|