51 lines
1.6 KiB
Nix
51 lines
1.6 KiB
Nix
{ config, ... }: {
|
|
sops.secrets."services/vaultwarden/environmentFile" = {
|
|
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
|
owner = "vaultwarden";
|
|
};
|
|
sops.secrets."services/vaultwarden/basicAuth" = {
|
|
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
|
owner = "nginx";
|
|
};
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
|
|
backupDir = "/var/backup/bitwarden_rs";
|
|
config = {
|
|
DOMAIN = "https://vault.kyouma.net";
|
|
DATABASE_MAX_CONNS = 15;
|
|
WEB_VAULT_ENABLED = true;
|
|
WEBSOCKET_ADDRESS = "::1";
|
|
SENDS_ALLOWED = true;
|
|
ORG_ATTACHMENT_LIMIT = 1048576;
|
|
USER_ATTACHMENT_LIMIT = 524288;
|
|
USER_SEND_LIMIT = 1048576;
|
|
INCOMPLETE_2FA_TIME_LIMIT = 5;
|
|
SIGNUPS_ALLOWED = true;
|
|
SIGNUPS_VERIFY = true;
|
|
INVITATION_ORG_NAME = "vault.kyouma.net";
|
|
PASSWORD_ITERATIONS = 1200000;
|
|
ICON_DOWNLOAD_TIMEOUT = 30;
|
|
SMTP_HOST = "mail.kyouma.net";
|
|
SMTP_FROM = "vault@kyouma.net";
|
|
SMTP_FROM_NAME = "vault.kyouma.net";
|
|
SMTP_USERNAME = "vault@kyouma.net";
|
|
SMTP_SECURITY = "starttls";
|
|
SMTP_PORT = 587;
|
|
ROCKET_ADDRESS = "::1";
|
|
ROCKET_PORT = 8222;
|
|
};
|
|
};
|
|
kyouma.nginx.virtualHosts."vault.kyouma.net" = {
|
|
locations."/" = {
|
|
proxyPass = "http://[::1]:8222";
|
|
proxyWebsockets = true;
|
|
};
|
|
locations."/admin" = {
|
|
proxyPass = "http://[::1]:8222";
|
|
basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
|
|
};
|
|
};
|
|
security.acme.certs."vault.kyouma.net" = {};
|
|
}
|