diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 3c88617..726e377 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -35,6 +35,7 @@ ./services/prosody.nix ./services/ss.nix ./services/synapse.nix + ./services/vaultwarden.nix ./services/yggdrasil.nix ]; diff --git a/nixos/databases/postgres.nix b/nixos/databases/postgres.nix index fa5477b..c423b97 100644 --- a/nixos/databases/postgres.nix +++ b/nixos/databases/postgres.nix @@ -15,6 +15,7 @@ "grafana" "postgres-exporter" "forgejo" + "vaultwarden" ]; ensureUsers = [ { @@ -72,6 +73,11 @@ ensureDBOwnership = true; ensureClauses.login = true; } + { + name = "vaultwarden"; + ensureDBOwnership = true; + ensureClauses.login = true; + } ]; identMap = '' # ArbitraryMapName systemUser DBUser diff --git a/nixos/networking/unbound.nix b/nixos/networking/unbound.nix index 44114e7..adbabe2 100644 --- a/nixos/networking/unbound.nix +++ b/nixos/networking/unbound.nix @@ -11,11 +11,10 @@ "10.100.0.0/24 allow" ]; local-zone = [ - "\"comfycamp.lan\" static" + "\"vault.comfycamp.space\" static" ]; local-data = [ - "\"comfycamp.lan IN A 10.100.0.1\"" - "\"vault.comfycamp.lan IN A 10.100.0.1\"" + "\"vault.comfycamp.space IN A 10.100.0.1\"" ]; }; forward-zone = [ diff --git a/nixos/services/vaultwarden.nix b/nixos/services/vaultwarden.nix new file mode 100644 index 0000000..980fe20 --- /dev/null +++ b/nixos/services/vaultwarden.nix @@ -0,0 +1,27 @@ +{ config, ... }: +{ + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + config = { + DOMAIN = "https://vault.comfycamp.space"; + + DATABASE_URL = "postgresql:///vaultwarden?host=/var/run/postgresql"; + + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + ROCKET_LOG = "warn"; + }; + }; + + services.nginx.virtualHosts."vault.comfycamp.space" = { + useACMEHost = "comfycamp.space"; + forceSSL = true; + listenAddresses = [ + "10.100.0.1" + ]; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; + }; + }; +}