59 lines
1.4 KiB
Nix
59 lines
1.4 KiB
Nix
{ config, pkgs, ... }:
|
|
let
|
|
cfg = config.services.vaultwarden;
|
|
cfgUser = config.users.users.vaultwarden.name;
|
|
in
|
|
{
|
|
services = {
|
|
vaultwarden = {
|
|
enable = true;
|
|
dbBackend = "sqlite";
|
|
environmentFile = "/run/agenix/vaultwarden";
|
|
config = {
|
|
DOMAIN = "https://vault.bhankas.org";
|
|
SIGNUPS_ALLOWED = false;
|
|
SIGNUPS_VERIFY = false;
|
|
|
|
ROCKET_ADDRESS = "127.0.0.1";
|
|
ROCKET_PORT = "8222";
|
|
ROCKET_LOG = "critical";
|
|
|
|
USE_SENDMAIL = true;
|
|
SENDMAIL_COMMAND = "/run/wrappers/bin/sendmail";
|
|
SMTP_HOST = "smtp.purelymail.com";
|
|
SMTP_PORT = 587;
|
|
SMTP_SECURITY = "starttls";
|
|
SMTP_USERNAME = "gandalf@bhankas.org";
|
|
SMTP_FROM = "gandalf@bhankas.org";
|
|
# SMTP_PASSWORD is included in envFile
|
|
};
|
|
};
|
|
|
|
nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"vault.bhankas.org" = {
|
|
addSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8222";
|
|
proxyWebsockets = false;
|
|
extraConfig =
|
|
"proxy_set_header Host $host;"
|
|
;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
certs = {
|
|
"vault.bhankas.org" = {
|
|
email = "admin@bhankas.org";
|
|
dnsResolver = "1.1.1.1:53";
|
|
};
|
|
};
|
|
};
|
|
}
|