nixos-conf/servers/vaultwarden.nix

74 lines
1.8 KiB
Nix
Raw Normal View History

2025-06-21 15:53:31 +03:00
{ config, ... }:
2024-05-23 13:39:48 +03:00
{
2025-06-05 00:09:04 +03:00
imports = [
./utils/nginx-https-server.nix
./utils/cert-store-client.nix
];
environment.persistence."/persist".directories = [
{
directory = "/var/lib/vaultwarden";
user = "vaultwarden";
group = "vaultwarden";
mode = "u=rwx,g=,o=";
}
];
2025-06-21 15:53:31 +03:00
sops = {
secrets = {
smtp-pass = {
sopsFile = ../secrets/vaultwarden.yaml;
restartUnits = [ "vaultwarden.service" ];
};
admin-token = {
sopsFile = ../secrets/vaultwarden.yaml;
restartUnits = [ "vaultwarden.service" ];
};
};
templates."vaultwarden.env" = {
owner = "vaultwarden";
content = ''
SMTP_FROM=vmsskv12@gmail.com
SMTP_USERNAME=vmsskv12@gmail.com
SMTP_PASSWORD=${config.sops.placeholder.smtp-pass}
ADMIN_TOKEN=${config.sops.placeholder.admin-token}
'';
};
};
2024-06-02 05:53:39 +03:00
services = {
vaultwarden = {
enable = true;
2025-06-21 15:53:31 +03:00
environmentFile = config.sops.templates."vaultwarden.env".path;
2024-06-02 05:53:39 +03:00
config = {
DOMAIN = "https://vaultwarden.vsinerva.fi";
LOGIN_RATELIMIT_MAX_BURST = 10;
LOGIN_RATELIMIT_SECONDS = 60;
ADMIN_RATELIMIT_MAX_BURST = 10;
ADMIN_RATELIMIT_SECONDS = 60;
SENDS_ALLOWED = true;
EMERGENCY_ACCESS_ALLOWED = true;
WEB_VAULT_ENABLED = true;
SIGNUPS_ALLOWED = true;
SIGNUPS_VERIFY = true;
SIGNUPS_VERIFY_RESEND_TIME = 3600;
SIGNUPS_VERIFY_RESEND_LIMIT = 5;
SMTP_HOST = "smtp.gmail.com";
SMTP_FROM_NAME = "Vaultwarden";
2025-01-15 03:55:09 +02:00
SMTP_SECURITY = "starttls";
2025-01-15 03:47:37 +02:00
SMTP_PORT = 587;
2024-06-02 05:53:39 +03:00
SMTP_AUTH_MECHANISM = "Login";
};
};
2024-05-23 13:39:48 +03:00
2024-06-02 05:53:39 +03:00
nginx = {
virtualHosts."vaultwarden.vsinerva.fi" = {
locations."/" = {
2025-01-15 00:29:25 +02:00
proxyPass = "http://localhost:8000";
2024-06-02 05:53:39 +03:00
};
};
};
};
2024-05-23 13:39:48 +03:00
}