c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity

services: vaultwarden: add initial service configuration

Browse source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2024-03-23 22:54:53 +01:00
parent d5681cc6a4
commit 8b44c5b6c1
Signed by: c8h4
GPG key ID: 73D5E7FDEE3DE49A
4 changed files with 32 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/tank.nix
View file

@ -16,6 +16,7 @@
../services/postgresql.nix ../services/postgresql.nix
../services/prometheus.nix ../services/prometheus.nix
../services/sourcehut.nix ../services/sourcehut.nix
../services/vaultwarden.nix
../system/baremetal-server.nix ../system/baremetal-server.nix
../system/ucode-amd.nix ../system/ucode-amd.nix
../system/zfs.nix ../system/zfs.nix

BIN
secrets/machines/tank.nix
View file

Binary file not shown.

BIN
secrets/morph/25dd1d32-7843-454d-9bbd-26b2a07954b9 Normal file
View file

Binary file not shown.

31
services/vaultwarden.nix Normal file
View file

@ -0,0 +1,31 @@
{ lib, my, secrets, ... }:
{
services.vaultwarden = {
enable = true;
environmentFile = secrets.vaultwarden-env.destination;
dbBackend = "postgresql";
config = {
DOMAIN = "https://vaultwarden.${my.domain}";
DATA_FOLDER = "/var/lib/vaultwarden";
DATABASE_URL = "postgresql:///vaultwarden";
SIGNUPS_ALLOWED = false;
INVITATIONS_ALLOWED = false;
SHOW_PASSWORD_HINT = false;
ROCKET_ADDRESS = "::1";
ROCKET_PORT = 8222;
};
};
systemd.services.vaultwarden.serviceConfig.StateDirectory =
lib.mkForce "vaultwarden";
services.postgresql = {
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensureDBOwnership = true;
ensureClauses.login = true;
}];
};
}