nixos/modules/vaultwarden.nix

{ config, pkgs, ... }:
let
  cfg = config.services.vaultwarden;
  cfgUser = config.users.users.vaultwarden.name;
in
{
  services = {
    vaultwarden = {
      enable = true;
      dbBackend = "sqlite";
      environmentFile = "/run/agenix/vaultwarden";
      config = {
        DOMAIN = "https://vault.bhankas.org";
        SIGNUPS_ALLOWED = false;
        SIGNUPS_VERIFY = false;

        ROCKET_ADDRESS = "127.0.0.1";
        ROCKET_PORT = "8222";
        ROCKET_LOG = "critical";

        USE_SENDMAIL = true;
        SENDMAIL_COMMAND = "/run/wrappers/bin/sendmail";
        SMTP_HOST = "smtp.purelymail.com";
        SMTP_PORT = 587;
        SMTP_SECURITY = "starttls";
        SMTP_USERNAME = "gandalf@bhankas.org";
        SMTP_FROM = "gandalf@bhankas.org";
        # SMTP_PASSWORD is included in envFile
      };
    };

    nginx = {
      enable = true;
      virtualHosts = {
        "vault.bhankas.org" = {
          addSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:8222";
            proxyWebsockets = false;
            extraConfig =
              "proxy_set_header Host $host;"
            ;
          };
        };
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    certs = {
      "vault.bhankas.org" = {
        email = "admin@bhankas.org";
        dnsResolver = "1.1.1.1:53";
      };
    };
  };
}
bebop: Add vaultwarden 2023-06-05 20:37:08 +05:30			`{ config, pkgs, ... }:`
vaultwarden: fix user 2023-06-05 21:03:35 +05:30			`let`
			`cfg = config.services.vaultwarden;`
vaultwarden: enable service 2023-06-05 21:15:29 +05:30			`cfgUser = config.users.users.vaultwarden.name;`
vaultwarden: fix user 2023-06-05 21:03:35 +05:30			`in`
bebop: Add vaultwarden 2023-06-05 20:37:08 +05:30			`{`
			`services = {`
			`vaultwarden = {`
vaultwarden: enable service 2023-06-05 21:15:29 +05:30			`enable = true;`
bebop: Add vaultwarden 2023-06-05 20:37:08 +05:30			`dbBackend = "sqlite";`
vaultwarden: enable admin panel 2023-06-07 21:49:01 +05:30			`environmentFile = "/run/agenix/vaultwarden";`
bebop: Add vaultwarden 2023-06-05 20:37:08 +05:30			`config = {`
			`DOMAIN = "https://vault.bhankas.org";`
			`SIGNUPS_ALLOWED = false;`
vaultwarden: SMTP config 2023-06-05 21:30:11 +05:30			`SIGNUPS_VERIFY = false;`
bebop: Add vaultwarden 2023-06-05 20:37:08 +05:30
			`ROCKET_ADDRESS = "127.0.0.1";`
			`ROCKET_PORT = "8222";`
			`ROCKET_LOG = "critical";`
vaultwarden: SMTP config 2023-06-05 21:30:11 +05:30
vaultwarden: Add sendmail path 2023-06-05 21:38:28 +05:30			`USE_SENDMAIL = true;`
vaultwarden: try fix mail 2023-06-07 21:37:08 +05:30			`SENDMAIL_COMMAND = "/run/wrappers/bin/sendmail";`
everywhere: Update email 2023-06-08 23:22:45 +05:30			`SMTP_HOST = "smtp.purelymail.com";`
vaultwarden: use starttls 2023-06-05 21:50:47 +05:30			`SMTP_PORT = 587;`
			`SMTP_SECURITY = "starttls";`
everywhere: Update email 2023-06-08 23:22:45 +05:30			`SMTP_USERNAME = "gandalf@bhankas.org";`
			`SMTP_FROM = "gandalf@bhankas.org";`
vaultwarden: SMTP config 2023-06-05 21:30:11 +05:30			`# SMTP_PASSWORD is included in envFile`
bebop: Add vaultwarden 2023-06-05 20:37:08 +05:30			`};`
			`};`

			`nginx = {`
			`enable = true;`
			`virtualHosts = {`
			`"vault.bhankas.org" = {`
			`addSSL = true;`
			`enableACME = true;`
nginx: add config to set http_header 2023-06-07 20:16:22 +05:30			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:8222";`
			`proxyWebsockets = false;`
			`extraConfig =`
nginx: attempt to fix header 2023-06-07 20:42:49 +05:30			`"proxy_set_header Host $host;"`
nginx: add config to set http_header 2023-06-07 20:16:22 +05:30			`;`
			`};`
bebop: Add vaultwarden 2023-06-05 20:37:08 +05:30			`};`
			`};`
			`};`
			`};`

			`security.acme = {`
			`acceptTerms = true;`
			`certs = {`
			`"vault.bhankas.org" = {`
everywhere: Update email 2023-06-08 23:22:45 +05:30			`email = "admin@bhankas.org";`
bebop: Add vaultwarden 2023-06-05 20:37:08 +05:30			`dnsResolver = "1.1.1.1:53";`
			`};`
			`};`
			`};`
			`}`