bebop: Add vaultwarden
This commit is contained in:
parent
7a450cda50
commit
9521f186ee
5 changed files with 43 additions and 1 deletions
|
@ -85,6 +85,7 @@
|
|||
./modules/monitoring/monitoring.nix
|
||||
./modules/calibre.nix
|
||||
./modules/wiki.nix
|
||||
./modules/vaultwarden.nix
|
||||
|
||||
# Host-specific config
|
||||
nixos-hardware.nixosModules.raspberry-pi-4
|
||||
|
|
|
@ -27,7 +27,7 @@ in
|
|||
(n: _: nameValuePair (removeSuffix ".age" n)
|
||||
{
|
||||
file = "${secretsDir}/${n}";
|
||||
owner = payas;
|
||||
owner = if builtins.eq n "vaultwarden" then "vaultwarden" else payas;
|
||||
})
|
||||
(import secretsFile)
|
||||
else
|
||||
|
|
|
@ -13,4 +13,5 @@ in
|
|||
"minio.age".publicKeys = [ ageKey ];
|
||||
"minio_secret_key.age".publicKeys = [ ageKey ];
|
||||
"tunnel_bebop.json.age".publicKeys = [ ageKey ];
|
||||
"vaultwarden.age".publicKeys = [ ageKey ];
|
||||
}
|
||||
|
|
BIN
hosts/hermes/secrets/vaultwarden.age
Normal file
BIN
hosts/hermes/secrets/vaultwarden.age
Normal file
Binary file not shown.
40
modules/vaultwarden.nix
Normal file
40
modules/vaultwarden.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
services = {
|
||||
|
||||
vaultwarden = {
|
||||
enable = false;
|
||||
dbBackend = "sqlite";
|
||||
environmentFile = "/run/agenix/vaultwarden";
|
||||
config = {
|
||||
DOMAIN = "https://vault.bhankas.org";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = "8222";
|
||||
ROCKET_LOG = "critical";
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"vault.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:8222";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
certs = {
|
||||
"vault.bhankas.org" = {
|
||||
email = "relekarpayas@gmail.com";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Reference in a new issue