services: vaultwarden: add initial service configuration
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
d5681cc6a4
commit
8b44c5b6c1
|
@ -16,6 +16,7 @@
|
||||||
../services/postgresql.nix
|
../services/postgresql.nix
|
||||||
../services/prometheus.nix
|
../services/prometheus.nix
|
||||||
../services/sourcehut.nix
|
../services/sourcehut.nix
|
||||||
|
../services/vaultwarden.nix
|
||||||
../system/baremetal-server.nix
|
../system/baremetal-server.nix
|
||||||
../system/ucode-amd.nix
|
../system/ucode-amd.nix
|
||||||
../system/zfs.nix
|
../system/zfs.nix
|
||||||
|
|
Binary file not shown.
BIN
secrets/morph/25dd1d32-7843-454d-9bbd-26b2a07954b9
Normal file
BIN
secrets/morph/25dd1d32-7843-454d-9bbd-26b2a07954b9
Normal file
Binary file not shown.
31
services/vaultwarden.nix
Normal file
31
services/vaultwarden.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ lib, my, secrets, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
environmentFile = secrets.vaultwarden-env.destination;
|
||||||
|
dbBackend = "postgresql";
|
||||||
|
config = {
|
||||||
|
DOMAIN = "https://vaultwarden.${my.domain}";
|
||||||
|
DATA_FOLDER = "/var/lib/vaultwarden";
|
||||||
|
DATABASE_URL = "postgresql:///vaultwarden";
|
||||||
|
SIGNUPS_ALLOWED = false;
|
||||||
|
INVITATIONS_ALLOWED = false;
|
||||||
|
SHOW_PASSWORD_HINT = false;
|
||||||
|
ROCKET_ADDRESS = "::1";
|
||||||
|
ROCKET_PORT = 8222;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.vaultwarden.serviceConfig.StateDirectory =
|
||||||
|
lib.mkForce "vaultwarden";
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
ensureDatabases = [ "vaultwarden" ];
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "vaultwarden";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
ensureClauses.login = true;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue