forked from emily/nixfiles
48 lines
1.5 KiB
Nix
48 lines
1.5 KiB
Nix
|
{ config, inputs, pkgs, ... }: {
|
||
|
imports = [
|
||
|
inputs.sops-nix.nixosModules.sops
|
||
|
];
|
||
|
sops.secrets."services/vaultwarden/environmentFile" = {
|
||
|
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
||
|
owner = "vaultwarden";
|
||
|
};
|
||
|
services.vaultwarden = {
|
||
|
enable = true;
|
||
|
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
|
||
|
config = {
|
||
|
DATA_FOLDER = "/var/lib/vaultwarden";
|
||
|
DOMAIN = "staging.vault.kyouma.net";
|
||
|
DATABASE_MAX_CONNS = 15;
|
||
|
WEB_VAULT_ENABLED = true;
|
||
|
WEBSOCKET_ENABLED = true;
|
||
|
WEBSOCKET_ADDRESS = "::1";
|
||
|
WEBSOCKET_PORT = 3012;
|
||
|
SENDS_ALLOWED = true;
|
||
|
ORG_ATTACHMENT_LIMIT = 1048576;
|
||
|
USER_ATTACHMENT_LIMIT = 524288;
|
||
|
USER_SEND_LIMIT = 1048576;
|
||
|
INCOMPLETE_2FA_TIME_LIMIT = 5;
|
||
|
SIGNUPS_ALLOWED = true;
|
||
|
SIGNUPS_VERIFY = true;
|
||
|
INVITATION_ORG_NAME = "vault.kyouma.net";
|
||
|
PASSWORD_ITERATIONS = 1200000;
|
||
|
ICON_DOWNLOAD_TIMEOUT = 30;
|
||
|
SMTP_HOST = "mail.kyouma.net";
|
||
|
SMTP_FROM = "vault@kyouma.net";
|
||
|
SMTP_FROM_NAME = "vault.kyouma.net";
|
||
|
SMTP_USERNAME = "vault@kyouma.net";
|
||
|
SMTP_SECURITY = "starttls";
|
||
|
SMTP_PORT = 587;
|
||
|
ROCKET_ADDRESS = "unix:/run/vaultwarden/rocket.socket";
|
||
|
ROCKET_PORT = "";
|
||
|
};
|
||
|
};
|
||
|
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
|
||
|
locations."/" = {
|
||
|
proxyPass = "http://unix:/run/vaultwarden/rocket.socket";
|
||
|
proxyWebsockets = true;
|
||
|
};
|
||
|
};
|
||
|
security.acme.certs."staging.vault.kyouma.net" = {};
|
||
|
}
|