added vaultwarden

This commit is contained in:
emily 2024-05-03 16:15:24 +02:00
parent b2ca9b71c7
commit 68c2bf3546
Signed by: emily
GPG key ID: F6F4C66207FCF995
2 changed files with 81 additions and 0 deletions

View file

@ -0,0 +1,47 @@
{ config, inputs, pkgs, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
sops.secrets."services/vaultwarden/environmentFile" = {
sopsFile = ../../secrets/services/vaultwarden.yaml;
owner = "vaultwarden";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
config = {
DATA_FOLDER = "/var/lib/vaultwarden";
DOMAIN = "staging.vault.kyouma.net";
DATABASE_MAX_CONNS = 15;
WEB_VAULT_ENABLED = true;
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = "::1";
WEBSOCKET_PORT = 3012;
SENDS_ALLOWED = true;
ORG_ATTACHMENT_LIMIT = 1048576;
USER_ATTACHMENT_LIMIT = 524288;
USER_SEND_LIMIT = 1048576;
INCOMPLETE_2FA_TIME_LIMIT = 5;
SIGNUPS_ALLOWED = true;
SIGNUPS_VERIFY = true;
INVITATION_ORG_NAME = "vault.kyouma.net";
PASSWORD_ITERATIONS = 1200000;
ICON_DOWNLOAD_TIMEOUT = 30;
SMTP_HOST = "mail.kyouma.net";
SMTP_FROM = "vault@kyouma.net";
SMTP_FROM_NAME = "vault.kyouma.net";
SMTP_USERNAME = "vault@kyouma.net";
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
ROCKET_ADDRESS = "unix:/run/vaultwarden/rocket.socket";
ROCKET_PORT = "";
};
};
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
locations."/" = {
proxyPass = "http://unix:/run/vaultwarden/rocket.socket";
proxyWebsockets = true;
};
};
security.acme.certs."staging.vault.kyouma.net" = {};
}

View file

@ -0,0 +1,34 @@
services:
vaultwarden:
environmentFile: ENC[AES256_GCM,data:qCzqf1xSqKdVin18WMOkFatuL2TTpvOEl1gFQyjBHbVuauDl4IJZ6aL+APrk7ADH78CRx5SntD6hjrI6hWea/IQsvw9feTTZkp+pG5qVvLdgPdl61cnAaZCUNvvzxE2NTFOTPriNLSRxwT8We1meyNe4CAkkKsMMVFInNarY8ZxuEEIEkBr7VfhB/EHCj72FSv1kR2zTw15n9b0gNxFwBC0jkTKTfEBoQNVtU6gmFTfXSNi92cothuTQbPxsYtbALpC3Y/aAJBT6SGODuqEHZ+B+NfYemX6eRYX89pXy3Tb0r2frK2XbWLowq7IP/w0MTGOsMV+ytiAD03wa65qUlYMejkGYFX1Q,iv:F/NXvyegyvIApdYaITAgGZxLUl99yfMbN/WSUOEKDmg=,tag:1MXqbpwPqG3v9h0X57k6kQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYlRnYWU0V3dOdXNYVDNP
akh2T1dUa3VxVDFMQW8rWURWRUxLNXkwWDJRCloyUGlRbGZFY2owWldxblAvK1l2
S0UrODBFK1l0Rlp4VktlNGtONHFQWmcKLS0tICtYQkxQdlBMTGgwSGJIWHBpTWN2
Zzc0U3JJOGJDNTViNmpsM1RGYkRSYlEK5TwOYuhhtkD3S1gJGQWTDzr7z0MX9Lwx
lSMz7CYrJtVM+Ec+IBIMXopBOnrQWvOeBgEhN9KYfngLGNbUaJelFw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-03T13:05:08Z"
mac: ENC[AES256_GCM,data:xQtCP1lRVQvr3rY/Cb3eW7tAwUSge8yFMuYSzMRUzbaNz03dHU3lhp/FGFDa1aWvbxT9YdKr4rIY2sUlMAK5ltw5uiiOXo5RA0wiC80A9bRVudnxCpF0cvwzBUZyY4I5ydAKE+peKLf76GRVE9awkZLmCu/B+P/R9AuS0GEZxKA=,iv:G3HF5py8bTnbJZBSWDHPVY6yI/ZlDaTEG0XCq0t+ykY=,tag:bs95sOcYsLn1Pls8TpqzHw==,type:str]
pgp:
- created_at: "2024-05-03T12:00:19Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdA/lTtX2vY6hjiqZUniapNKZBVC7paxWONm33g8GyZgj4w
mAlvN+ydpKWy2MzMpJ30ZQVv9at9OzBJyUWYWC8BU3vhv9JTxua382lDhO1IvQdw
0l4BZayJ3woOdhIfX6BUE2jZTTBSEpdHT0hs2EVIBZSFi9fHsFpmdTGS0xAqmhra
l8nuCAPCImuRYkOHm1LIKL/QT7rPy7pcj4dXWVq/u9zexEEA24kdPvF32GQaPIbf
=bUVv
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.8.1