mirror of
https://github.com/ordinary-dev/nixos-config.git
synced 2024-09-19 19:30:28 +05:00
feat: add vaultwarden
This commit is contained in:
parent
4e4e1f1cf1
commit
c102e5c10c
|
@ -35,6 +35,7 @@
|
|||
./services/prosody.nix
|
||||
./services/ss.nix
|
||||
./services/synapse.nix
|
||||
./services/vaultwarden.nix
|
||||
./services/yggdrasil.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
"grafana"
|
||||
"postgres-exporter"
|
||||
"forgejo"
|
||||
"vaultwarden"
|
||||
];
|
||||
ensureUsers = [
|
||||
{
|
||||
|
@ -72,6 +73,11 @@
|
|||
ensureDBOwnership = true;
|
||||
ensureClauses.login = true;
|
||||
}
|
||||
{
|
||||
name = "vaultwarden";
|
||||
ensureDBOwnership = true;
|
||||
ensureClauses.login = true;
|
||||
}
|
||||
];
|
||||
identMap = ''
|
||||
# ArbitraryMapName systemUser DBUser
|
||||
|
|
|
@ -11,11 +11,10 @@
|
|||
"10.100.0.0/24 allow"
|
||||
];
|
||||
local-zone = [
|
||||
"\"comfycamp.lan\" static"
|
||||
"\"vault.comfycamp.space\" static"
|
||||
];
|
||||
local-data = [
|
||||
"\"comfycamp.lan IN A 10.100.0.1\""
|
||||
"\"vault.comfycamp.lan IN A 10.100.0.1\""
|
||||
"\"vault.comfycamp.space IN A 10.100.0.1\""
|
||||
];
|
||||
};
|
||||
forward-zone = [
|
||||
|
|
27
nixos/services/vaultwarden.nix
Normal file
27
nixos/services/vaultwarden.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
dbBackend = "postgresql";
|
||||
config = {
|
||||
DOMAIN = "https://vault.comfycamp.space";
|
||||
|
||||
DATABASE_URL = "postgresql:///vaultwarden?host=/var/run/postgresql";
|
||||
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 8222;
|
||||
ROCKET_LOG = "warn";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."vault.comfycamp.space" = {
|
||||
useACMEHost = "comfycamp.space";
|
||||
forceSSL = true;
|
||||
listenAddresses = [
|
||||
"10.100.0.1"
|
||||
];
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue