cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity
Files
6d683042014f1605b173b2c171d2dac1fdb47569
cnix/modules/server/vaultwarden/default.nix
cnst 6d68304201 homelab tinkering 5
2025-07-16 08:04:34 +02:00

54 lines
1.3 KiB
Nix
Raw Blame History

# yanked from @fufexan
{
config,
self,
lib,
...
}: let
inherit (config.networking) domain;
inherit (lib) mkIf mkEnableOption;
vcfg = config.services.vaultwarden.config;
cfg = config.server.vaultwarden;
in {
options = {
server.vaultwarden.enable = mkEnableOption "Enables vaultwarden";
};
config = mkIf cfg.enable {
age.secrets.vaultwarden-env = {
file = "${self}/secrets/vaultwarden-env.age";
owner = "vaultwarden";
mode = "400";
};
# allow SMTP
# networking.firewall.allowedTCPPorts = [587];
# this forces the system to create backup folder
systemd.services.backup-vaultwarden.serviceConfig = {
User = "root";
Group = "root";
};
services.caddy.virtualHosts."vault.cnst.dev".extraConfig = ''
reverse_proxy 127.0.0.1:${toString cfg.port}
'';
services.vaultwarden = {
enable = true;
# environmentFile = config.age.secrets.vaultwarden-env.path;
backupDir = "/var/backup/vaultwarden";
config = {
DOMAIN = "https://vault.${domain}";
SIGNUPS_ALLOWED = true;
# ROCKET_ADDRESS = "127.0.0.1";
# ROCKET_PORT = 8222;
# EXTENDED_LOGGING = true;
# LOG_LEVEL = "warn";
# IP_HEADER = "CF-Connecting-IP";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink