nix
This commit is contained in:
44
hosts/server/modules/vaultwarden.nix
Normal file
44
hosts/server/modules/vaultwarden.nix
Normal file
@@ -0,0 +1,44 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
dbBackend = "sqlite";
|
||||
environmentFile = "/private/vaultwarden/vaultwarden.env";
|
||||
config = {
|
||||
# Keep data alongside the secret env file so we can back it up together.
|
||||
DATA_FOLDER = "/private/vaultwarden/data";
|
||||
PUSH_RELAY_URI = "https://api.bitwarden.eu";
|
||||
PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
|
||||
DOMAIN = "https://vault.ocbwoy3.dev";
|
||||
ROCKET_ADDRESS = "0.0.0.0";
|
||||
ROCKET_PORT = 8222;
|
||||
WEBSOCKET_ENABLED = true;
|
||||
WEBSOCKET_ADDRESS = "0.0.0.0";
|
||||
WEBSOCKET_PORT = 3012;
|
||||
SIGNUPS_ALLOWED = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Allow vaultwarden to write under /private/vaultwarden and ensure the directory exists.
|
||||
systemd.services.vaultwarden.serviceConfig = {
|
||||
ReadWritePaths = [ "/private/vaultwarden" ];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings."10-vaultwarden-private"."/private/vaultwarden/data".d = {
|
||||
user = "vaultwarden";
|
||||
group = "vaultwarden";
|
||||
mode = "0750";
|
||||
};
|
||||
|
||||
# cloudflared!!
|
||||
# networking.firewall.allowedTCPPorts = [
|
||||
# 8222
|
||||
# 3012
|
||||
# ];
|
||||
}
|
||||
Reference in New Issue
Block a user