1
0
Fork 0
forked from emily/nixfiles
nixfiles-emily/config/services/vaultwarden.nix

48 lines
1.5 KiB
Nix
Raw Normal View History

2024-05-03 16:15:24 +02:00
{ config, inputs, pkgs, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
sops.secrets."services/vaultwarden/environmentFile" = {
sopsFile = ../../secrets/services/vaultwarden.yaml;
owner = "vaultwarden";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
config = {
DATA_FOLDER = "/var/lib/vaultwarden";
DOMAIN = "staging.vault.kyouma.net";
DATABASE_MAX_CONNS = 15;
WEB_VAULT_ENABLED = true;
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = "::1";
WEBSOCKET_PORT = 3012;
SENDS_ALLOWED = true;
ORG_ATTACHMENT_LIMIT = 1048576;
USER_ATTACHMENT_LIMIT = 524288;
USER_SEND_LIMIT = 1048576;
INCOMPLETE_2FA_TIME_LIMIT = 5;
SIGNUPS_ALLOWED = true;
SIGNUPS_VERIFY = true;
INVITATION_ORG_NAME = "vault.kyouma.net";
PASSWORD_ITERATIONS = 1200000;
ICON_DOWNLOAD_TIMEOUT = 30;
SMTP_HOST = "mail.kyouma.net";
SMTP_FROM = "vault@kyouma.net";
SMTP_FROM_NAME = "vault.kyouma.net";
SMTP_USERNAME = "vault@kyouma.net";
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
ROCKET_ADDRESS = "unix:/run/vaultwarden/rocket.socket";
ROCKET_PORT = "";
};
};
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
locations."/" = {
proxyPass = "http://unix:/run/vaultwarden/rocket.socket";
proxyWebsockets = true;
};
};
security.acme.certs."staging.vault.kyouma.net" = {};
}