lumin/nixos-config
1
0
Fork 0
mirror of https://github.com/ordinary-dev/nixos-config.git synced 2024-09-19 19:30:28 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add vaultwarden

Browse source
This commit is contained in:
Ivan R. 2024-05-10 16:58:48 +05:00
parent 4e4e1f1cf1
commit c102e5c10c
No known key found for this signature in database
GPG key ID: 56C7BAAE859B302C
4 changed files with 36 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/configuration.nix
View file

@ -35,6 +35,7 @@
./services/prosody.nix
./services/ss.nix
./services/synapse.nix
./services/vaultwarden.nix
./services/yggdrasil.nix
];

6
nixos/databases/postgres.nix
View file

@ -15,6 +15,7 @@
"grafana"
"postgres-exporter"
"forgejo"
"vaultwarden"
];
ensureUsers = [
{
@ -72,6 +73,11 @@
ensureDBOwnership = true;
ensureClauses.login = true;
}
{
name = "vaultwarden";
ensureDBOwnership = true;
ensureClauses.login = true;
}
];
identMap = ''
# ArbitraryMapName systemUser DBUser

5
nixos/networking/unbound.nix
View file

@ -11,11 +11,10 @@
"10.100.0.0/24 allow"
];
local-zone = [
"\"comfycamp.lan\" static"
"\"vault.comfycamp.space\" static"
];
local-data = [
"\"comfycamp.lan IN A 10.100.0.1\""
"\"vault.comfycamp.lan IN A 10.100.0.1\""
"\"vault.comfycamp.space IN A 10.100.0.1\""
];
};
forward-zone = [

27
nixos/services/vaultwarden.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
config = {
DOMAIN = "https://vault.comfycamp.space";
DATABASE_URL = "postgresql:///vaultwarden?host=/var/run/postgresql";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "warn";
};
};
services.nginx.virtualHosts."vault.comfycamp.space" = {
useACMEHost = "comfycamp.space";
forceSSL = true;
listenAddresses = [
"10.100.0.1"
];
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
}