vaultwarden: Fix secret owner

This commit is contained in:
emily 2024-10-03 14:50:51 +02:00
parent a698502f25
commit eac20c1f2e
Signed by: emily
GPG key ID: F6F4C66207FCF995

View file

@ -5,14 +5,14 @@
}; };
sops.secrets."services/vaultwarden/basicAuth" = { sops.secrets."services/vaultwarden/basicAuth" = {
sopsFile = ../../secrets/services/vaultwarden.yaml; sopsFile = ../../secrets/services/vaultwarden.yaml;
owner = "vaultwarden"; owner = "nginx";
}; };
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path; environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
backupDir = "/var/backup/bitwarden_rs"; backupDir = "/var/backup/bitwarden_rs";
config = { config = {
DOMAIN = "https://staging.vault.kyouma.net"; DOMAIN = "https://vault.kyouma.net";
DATABASE_MAX_CONNS = 15; DATABASE_MAX_CONNS = 15;
WEB_VAULT_ENABLED = true; WEB_VAULT_ENABLED = true;
WEBSOCKET_ADDRESS = "::1"; WEBSOCKET_ADDRESS = "::1";
@ -33,10 +33,10 @@
SMTP_SECURITY = "starttls"; SMTP_SECURITY = "starttls";
SMTP_PORT = 587; SMTP_PORT = 587;
ROCKET_ADDRESS = "::1"; ROCKET_ADDRESS = "::1";
ROCKET_PORT = "8222"; ROCKET_PORT = 8222;
}; };
}; };
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = { kyouma.nginx.virtualHosts."vault.kyouma.net" = {
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:8222"; proxyPass = "http://[::1]:8222";
proxyWebsockets = true; proxyWebsockets = true;
@ -46,5 +46,5 @@
basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path; basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
}; };
}; };
security.acme.certs."staging.vault.kyouma.net" = {}; security.acme.certs."vault.kyouma.net" = {};
} }