mirror of
https://github.com/blahai/nyx.git
synced 2025-02-23 22:55:09 +00:00
53 lines
1.3 KiB
Nix
53 lines
1.3 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}: let
|
|
inherit (lib.modules) mkIf;
|
|
inherit (lib.services) mkServiceOption;
|
|
inherit (lib.secrets) mkSecret;
|
|
|
|
rdomain = config.networking.domain;
|
|
cfg = config.olympus.services.vaultwarden;
|
|
in {
|
|
options.olympus.services.vaultwarden = mkServiceOption "vaultwarden" {
|
|
port = 8222;
|
|
domain = "vault.${rdomain}";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
age.secrets.vaultwarden-env = mkSecret {
|
|
file = "vaultwarden-env";
|
|
owner = "vaultwarden";
|
|
group = "vaultwarden";
|
|
};
|
|
|
|
services = {
|
|
vaultwarden = {
|
|
enable = true;
|
|
environmentFile = config.age.secrets.vaultwarden-env.path;
|
|
|
|
config = {
|
|
DOMAIN = "https://${cfg.domain}";
|
|
ROCKET_ADDRESS = cfg.host;
|
|
ROCKET_PORT = cfg.port;
|
|
extendedLogging = true;
|
|
invitationsAllowed = true;
|
|
useSyslog = true;
|
|
logLevel = "warn";
|
|
showPasswordHint = false;
|
|
SIGNUPS_ALLOWED = false;
|
|
signupsAllowed = false;
|
|
signupsDomainsWhitelist = "${rdomain}";
|
|
dataDir = "/var/lib/vaultwarden";
|
|
};
|
|
};
|
|
|
|
caddy.virtualHosts.${cfg.domain} = {
|
|
extraConfig = ''
|
|
reverse_proxy localhost:${toString cfg.port}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|