sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions
sid.ovh/hosts/rx4/services/vaultwarden.nix
sid e60e33b64b
All checks were successful
Build hosts / build-hosts (pull_request) Successful in 16s
Details
Flake check / flake-check (pull_request) Successful in 16s
Details
add vaultwarden
2026-04-03 13:44:28 +02:00

68 lines
1.5 KiB
Nix
Raw Blame History

{
constants,
config,
lib,
...
}:
let
inherit (constants) domain;
inherit (constants.services.vaultwarden) fqdn port;
inherit (lib) mkForce;
in
{
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
configurePostgres = true;
configureNginx = true;
domain = fqdn;
environmentFile = [ config.sops.templates."vaultwarden/env-file".path ];
config = {
SIGNUPS_ALLOWED = false;
SMTP_FROM = "vaultwarden@${domain}";
SMTP_FROM_NAME = "${domain} Vaultwarden server";
SMTP_HOST = "mail@${domain}";
SMTP_PORT = 587;
SMTP_SECURITY = "starttls";
SMTP_USERNAME = "vaultwarden@${domain}";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = port;
ROCKET_LOG = "critical";
};
};
services.nginx.virtualHosts."${fqdn}".forceSSL = mkForce false; # let Tailnet handle SSL
sops =
let
owner = config.users.users.vaultwarden.name;
group = config.users.groups.vaultwarden.name;
mode = "0400";
in
{
secrets = {
"vaultwarden/admin-token" = {
inherit owner group mode;
};
"vaultwarden/smtp-password" = {
inherit owner group mode;
};
};
templates = {
"vaultwarden/env-file" = {
inherit owner group mode;
content = ''
ADMIN_TOKEN=${config.sops.placeholder."vaultwarden/admin-token"}
SMTP_PASSWORD=${config.sops.placeholder."vaultwarden/smtp-password"}
'';
};
};
};
}
Reference in a new issue View git blame Copy permalink