96 lines
2 KiB
Nix
96 lines
2 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
name = "vaultwarden";
|
|
hostDataDir = "/var/lib/${name}";
|
|
hostAddress = "192.168.100.2";
|
|
localAddress = "192.168.100.111";
|
|
|
|
binds = [
|
|
{
|
|
host = "${hostDataDir}";
|
|
container = "/data";
|
|
user = "vaultwarden";
|
|
uid = 114;
|
|
}
|
|
];
|
|
in
|
|
{
|
|
users = lib.foldl (
|
|
acc: bind:
|
|
{
|
|
users.${bind.user} = {
|
|
isSystemUser = true;
|
|
home = bind.host;
|
|
createHome = true;
|
|
group = bind.user;
|
|
uid = bind.uid;
|
|
};
|
|
groups.${bind.user}.gid = bind.uid;
|
|
}
|
|
// acc
|
|
) { } binds;
|
|
|
|
containers.${name} = {
|
|
ephemeral = true;
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
inherit localAddress hostAddress;
|
|
bindMounts = lib.foldl (
|
|
acc: bind:
|
|
{
|
|
"${bind.container}" = {
|
|
hostPath = bind.host;
|
|
isReadOnly = false;
|
|
};
|
|
}
|
|
// acc
|
|
) { } binds;
|
|
config =
|
|
{ ... }:
|
|
{
|
|
system.stateVersion = "24.11";
|
|
users = lib.foldl (
|
|
acc: bind:
|
|
{
|
|
users.${bind.user} = {
|
|
isSystemUser = true;
|
|
home = bind.container;
|
|
uid = bind.uid;
|
|
group = bind.user;
|
|
};
|
|
groups.${bind.user}.gid = bind.uid;
|
|
}
|
|
// acc
|
|
) { } binds;
|
|
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
dbBackend = "sqlite";
|
|
backupDir = "/data/backups";
|
|
config = {
|
|
DOMAIN = "https://vault.joshuabell.xyz";
|
|
SIGNUPS_ALLOWED = false;
|
|
};
|
|
};
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 8222 ];
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."vault.joshuabell.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = {
|
|
"/" = {
|
|
proxyWebsockets = true;
|
|
proxyPass = "http://${localAddress}:8222"; # vaultwarden TODO left off here the port is 8000 depsite the docs showing 8222 as default, set ecplisit
|
|
};
|
|
};
|
|
};
|
|
}
|