ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/hosts/oracle/o001/vaultwarden.nix
RingOfStorms (Joshua Bell) c8a9fa024b update note
2025-03-12 10:05:49 -05:00

80 lines
1.8 KiB
Nix
Raw Blame History

{
...
}:
let
name = "vaultwarden";
user = name;
uid = 114;
hostDataDir = "/var/lib/${name}";
v_port = 8222;
in
{
users = {
users.${user} = {
isSystemUser = true;
group = user;
inherit uid;
};
groups.${user}.gid = uid;
};
system.activationScripts.createMediaServerDirs = ''
mkdir -p ${hostDataDir}/data
mkdir -p ${hostDataDir}/backups
chown -R ${toString uid}:${toString uid} ${hostDataDir}
chmod -R 750 ${hostDataDir}
'';
containers.${name} = {
ephemeral = true;
autoStart = true;
privateNetwork = false;
bindMounts = {
"/var/lib/vaultwarden" = {
hostPath = "${hostDataDir}/data";
isReadOnly = false;
};
"/var/lib/backups/vaultwarden" = {
hostPath = "${hostDataDir}/backups";
isReadOnly = false;
};
};
config =
{ ... }:
{
system.stateVersion = "24.11";
users = {
users.${user} = {
isSystemUser = true;
group = user;
inherit uid;
};
groups.${user}.gid = uid;
};
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
backupDir = "/var/lib/backups/vaultwarden";
config = {
DOMAIN = "https://vault.joshuabell.xyz";
SIGNUPS_ALLOWED = false;
ROCKET_PORT = builtins.toString v_port;
ROCKET_ADDRESS = "127.0.0.1";
# ADMIN_TOKEN = "> vaultwarden hash";
};
};
};
};
services.nginx.virtualHosts."vault.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:${builtins.toString v_port}";
};
};
};
}
Reference in a new issue View git blame Copy permalink