80 lines
1.9 KiB
Nix
80 lines
1.9 KiB
Nix
{
|
|
...
|
|
}:
|
|
let
|
|
name = "vaultwarden";
|
|
user = name;
|
|
uid = 114;
|
|
hostDataDir = "/var/lib/${name}";
|
|
|
|
v_port = 8222;
|
|
in
|
|
{
|
|
users = {
|
|
users.${user} = {
|
|
isSystemUser = true;
|
|
group = user;
|
|
inherit uid;
|
|
};
|
|
groups.${user}.gid = uid;
|
|
};
|
|
system.activationScripts.createMediaServerDirs = ''
|
|
mkdir -p ${hostDataDir}/data
|
|
mkdir -p ${hostDataDir}/backups
|
|
chown -R ${toString uid}:${toString uid} ${hostDataDir}
|
|
chmod -R 750 ${hostDataDir}
|
|
'';
|
|
|
|
containers.${name} = {
|
|
ephemeral = true;
|
|
autoStart = true;
|
|
privateNetwork = false;
|
|
bindMounts = {
|
|
"/var/lib/vaultwarden" = {
|
|
hostPath = "${hostDataDir}/data";
|
|
isReadOnly = false;
|
|
};
|
|
"/var/lib/backups/vaultwarden" = {
|
|
hostPath = "${hostDataDir}/backups";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
config =
|
|
{ ... }:
|
|
{
|
|
system.stateVersion = "24.11";
|
|
users = {
|
|
users.${user} = {
|
|
isSystemUser = true;
|
|
group = user;
|
|
inherit uid;
|
|
};
|
|
groups.${user}.gid = uid;
|
|
};
|
|
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
dbBackend = "sqlite";
|
|
backupDir = "/var/lib/backups/vaultwarden";
|
|
config = {
|
|
DOMAIN = "https://vault.joshuabell.xyz";
|
|
SIGNUPS_ALLOWED = false;
|
|
ROCKET_PORT = builtins.toString v_port;
|
|
ROCKET_ADDRESS = "127.0.0.1";
|
|
ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$YMFEq4GZiCeM+MBSW75G+gq6Dnywszaqhhdrt5pIyLw$zdlU/ws8kfBVa/FWp1LVfhnu+CVuItG2nPGXgKyjWug";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."vault.joshuabell.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = {
|
|
"/" = {
|
|
proxyWebsockets = true;
|
|
proxyPass = "http://127.0.0.1:${builtins.toString v_port}";
|
|
};
|
|
};
|
|
};
|
|
}
|