nixfiles/config/services/vaultwarden.nix

51 lines
1.6 KiB
Nix
Raw Normal View History

2024-06-12 15:00:55 +02:00
{ config, ... }: {
2024-05-03 16:15:24 +02:00
sops.secrets."services/vaultwarden/environmentFile" = {
sopsFile = ../../secrets/services/vaultwarden.yaml;
owner = "vaultwarden";
};
sops.secrets."services/vaultwarden/basicAuth" = {
sopsFile = ../../secrets/services/vaultwarden.yaml;
owner = "vaultwarden";
};
2024-05-03 16:15:24 +02:00
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
2024-06-13 13:02:01 +02:00
backupDir = "/var/backup/bitwarden_rs";
2024-05-03 16:15:24 +02:00
config = {
2024-06-13 13:02:01 +02:00
DOMAIN = "https://staging.vault.kyouma.net";
2024-05-03 16:15:24 +02:00
DATABASE_MAX_CONNS = 15;
WEB_VAULT_ENABLED = true;
WEBSOCKET_ADDRESS = "::1";
SENDS_ALLOWED = true;
ORG_ATTACHMENT_LIMIT = 1048576;
USER_ATTACHMENT_LIMIT = 524288;
USER_SEND_LIMIT = 1048576;
INCOMPLETE_2FA_TIME_LIMIT = 5;
SIGNUPS_ALLOWED = true;
SIGNUPS_VERIFY = true;
INVITATION_ORG_NAME = "vault.kyouma.net";
PASSWORD_ITERATIONS = 1200000;
ICON_DOWNLOAD_TIMEOUT = 30;
SMTP_HOST = "mail.kyouma.net";
SMTP_FROM = "vault@kyouma.net";
SMTP_FROM_NAME = "vault.kyouma.net";
SMTP_USERNAME = "vault@kyouma.net";
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
2024-06-13 13:02:01 +02:00
ROCKET_ADDRESS = "::1";
ROCKET_PORT = "8222";
2024-05-03 16:15:24 +02:00
};
};
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
locations."/" = {
2024-06-13 13:02:01 +02:00
proxyPass = "http://[::1]:8222";
2024-05-03 16:15:24 +02:00
proxyWebsockets = true;
};
locations."/admin" = {
proxyPass = "http://[::1]:8222";
basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
};
2024-05-03 16:15:24 +02:00
};
security.acme.certs."staging.vault.kyouma.net" = {};
}