mirror of
https://github.com/ordinary-dev/nixos-config.git
synced 2024-09-20 03:40:29 +05:00
feat: add vaultwarden
This commit is contained in:
parent
4e4e1f1cf1
commit
c102e5c10c
|
@ -35,6 +35,7 @@
|
||||||
./services/prosody.nix
|
./services/prosody.nix
|
||||||
./services/ss.nix
|
./services/ss.nix
|
||||||
./services/synapse.nix
|
./services/synapse.nix
|
||||||
|
./services/vaultwarden.nix
|
||||||
./services/yggdrasil.nix
|
./services/yggdrasil.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
"grafana"
|
"grafana"
|
||||||
"postgres-exporter"
|
"postgres-exporter"
|
||||||
"forgejo"
|
"forgejo"
|
||||||
|
"vaultwarden"
|
||||||
];
|
];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
|
@ -72,6 +73,11 @@
|
||||||
ensureDBOwnership = true;
|
ensureDBOwnership = true;
|
||||||
ensureClauses.login = true;
|
ensureClauses.login = true;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "vaultwarden";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
ensureClauses.login = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
identMap = ''
|
identMap = ''
|
||||||
# ArbitraryMapName systemUser DBUser
|
# ArbitraryMapName systemUser DBUser
|
||||||
|
|
|
@ -11,11 +11,10 @@
|
||||||
"10.100.0.0/24 allow"
|
"10.100.0.0/24 allow"
|
||||||
];
|
];
|
||||||
local-zone = [
|
local-zone = [
|
||||||
"\"comfycamp.lan\" static"
|
"\"vault.comfycamp.space\" static"
|
||||||
];
|
];
|
||||||
local-data = [
|
local-data = [
|
||||||
"\"comfycamp.lan IN A 10.100.0.1\""
|
"\"vault.comfycamp.space IN A 10.100.0.1\""
|
||||||
"\"vault.comfycamp.lan IN A 10.100.0.1\""
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
forward-zone = [
|
forward-zone = [
|
||||||
|
|
27
nixos/services/vaultwarden.nix
Normal file
27
nixos/services/vaultwarden.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
dbBackend = "postgresql";
|
||||||
|
config = {
|
||||||
|
DOMAIN = "https://vault.comfycamp.space";
|
||||||
|
|
||||||
|
DATABASE_URL = "postgresql:///vaultwarden?host=/var/run/postgresql";
|
||||||
|
|
||||||
|
ROCKET_ADDRESS = "127.0.0.1";
|
||||||
|
ROCKET_PORT = 8222;
|
||||||
|
ROCKET_LOG = "warn";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."vault.comfycamp.space" = {
|
||||||
|
useACMEHost = "comfycamp.space";
|
||||||
|
forceSSL = true;
|
||||||
|
listenAddresses = [
|
||||||
|
"10.100.0.1"
|
||||||
|
];
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue