c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity
nixos-config/services/vaultwarden.nix
Christoph Heiss ccbfff0b13
services: vaultwarden: factor out fqdn construction 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2024-08-17 17:50:56 +02:00

40 lines
1,009 B
Nix
Raw Blame History

{ lib, my, secrets, ... }:
let fqdn = "vault.${my.domain}";
in {
sops.secrets."vaultwarden/env" = {
sopsFile = ../secrets/sops/vaultwarden.yaml;
owner = "vaultwarden";
restartUnits = [ "vaultwarden.service" ];
};
services.vaultwarden = {
enable = true;
environmentFile = secrets."vaultwarden/env".path;
dbBackend = "postgresql";
config = {
DOMAIN = "https://${fqdn}";
DATA_FOLDER = "/var/lib/vaultwarden";
DATABASE_URL = "postgresql:///vaultwarden";
SIGNUPS_ALLOWED = false;
INVITATIONS_ALLOWED = false;
SHOW_PASSWORD_HINT = false;
ROCKET_ADDRESS = "::1";
ROCKET_PORT = 8222;
ROCKET_WORKERS = 4; # more than enough
};
};
systemd.services.vaultwarden.serviceConfig.StateDirectory =
lib.mkForce "vaultwarden";
services.postgresql = {
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensureDBOwnership = true;
ensureClauses.login = true;
}];
};
}
Reference in a new issue View git blame Copy permalink