38 lines
958 B
Nix
38 lines
958 B
Nix
{ config, ... }: {
|
|
age.secrets.vaultwarden-secrets.file = ../secrets/vaultwarden-secrets.age;
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
backups = {
|
|
directories = [ "/var/lib/bitwarden_rs" ];
|
|
sqliteDatabases = {
|
|
vaultwarden = "/var/lib/bitwarden_rs/db.sqlite3";
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
|
|
virtualHosts."vault.federez.net" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:8222";
|
|
};
|
|
};
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
environmentFile = config.age.secrets.vaultwarden-secrets.path;
|
|
config = {
|
|
DOMAIN = "https://vault.federez.net";
|
|
SIGNUPS_ALLOWED = false;
|
|
|
|
ROCKET_ADDRESS = "127.0.0.1";
|
|
ROCKET_PORT = 8222;
|
|
|
|
ROCKET_LOG = "critical";
|
|
};
|
|
};
|
|
}
|