felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-05-24 23:31:12 +02:00
Code Issues Projects Releases Wiki Activity

bekkalokk/vaultwarden: render environment_file as sops template

Browse Source
This commit is contained in:
h7x4
2026-05-22 17:58:46 +09:00
parent 3141b1f76b
commit 6f99fa575d
2 changed files with 17 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
hosts/bekkalokk/services/vaultwarden.nix
View File

@@ -6,11 +6,6 @@ let
port = 3011;
wsPort = 3012;
in {
sops.secrets."vaultwarden/environ" = {
owner = "vaultwarden";
group = "vaultwarden";
mode = "440";
};
sops.secrets."vaultwarden/rsa_key.pem" = {
owner = "vaultwarden";
group = "vaultwarden";
@@ -21,11 +16,22 @@ in {
group = "vaultwarden";
mode = "440";
};
sops.secrets."vaultwarden/env/DATABASE_PASSWORD" = { };
sops.secrets."vaultwarden/env/SMTP_PASSWORD" = { };
sops.templates."vaultwarden/environment_file" = {
owner = "vaultwarden";
group = "vaultwarden";
mode = "440";
content = ''
DATABASE_URL=postgresql://vaultwarden:${config.sops.placeholder."vaultwarden/env/DATABASE_PASSWORD"}@postgres.pvv.ntnu.no/vaultwarden
SMTP_PASSWORD=${config.sops.placeholder."vaultwarden/env/SMTP_PASSWORD"}
'';
};
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = config.sops.secrets."vaultwarden/environ".path;
environmentFile = config.sops.templates."vaultwarden/environment_file".path;
config = {
DOMAIN = "https://${domain}";
@@ -49,10 +55,6 @@ in {
SMTP_AUTH_MECHANISM = "Login";
RSA_KEY_FILENAME = lib.removeSuffix ".pem" config.sops.secrets."vaultwarden/rsa_key.pem".path;
# Configured in environ:
# DATABASE_URL = "postgresql://vaultwarden@/vaultwarden";
# SMTP_PASSWORD = hemli
};
};