55 lines
No EOL
1.3 KiB
Nix
55 lines
No EOL
1.3 KiB
Nix
{ abs, pkgs, lib, config, ... }@inputs:
|
|
|
|
let
|
|
containers = import (abs "lib/containers.nix") inputs;
|
|
secrets = import (abs "lib/secrets.nix");
|
|
|
|
env = secrets.mount config "vaultwarden-env";
|
|
in {
|
|
imports = [
|
|
(secrets.declare [ "vaultwarden-env" ])
|
|
(containers.mkNixosContainer {
|
|
name = "vault";
|
|
ip = ".0.7";
|
|
private = true;
|
|
|
|
config = { ... }: {
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
config = {
|
|
SIGNUPS_ALLOWED = false;
|
|
DOMAIN = "https://bw.tei.su";
|
|
WEBSOCKET_ENABLED = true;
|
|
ROCKET_ADDRESS = "0.0.0.0";
|
|
ROCKET_PORT = 80;
|
|
DATA_FOLDER = "/mnt/vault/data";
|
|
};
|
|
environmentFile = env.path;
|
|
};
|
|
|
|
systemd.services.vaultwarden.serviceConfig = {
|
|
ReadWritePaths = [ "/mnt/vault" ];
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
};
|
|
|
|
mounts = {
|
|
"/mnt/vault" = {
|
|
hostPath = "/mnt/puffer/vaultwarden-vault";
|
|
isReadOnly = false;
|
|
};
|
|
} // (env.mounts);
|
|
})
|
|
];
|
|
|
|
services.nginx.virtualHosts."bw.tei.su" = {
|
|
forceSSL = true;
|
|
useACMEHost = "tei.su";
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://vault.containers/";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
} |