VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Move vaultwarden to sops-nix

Browse source
This commit is contained in:
Vili Sinervä 2025-06-21 15:53:31 +03:00
parent ec685a2e86
commit 9a36134fac
Signed by: Vili Sinervä
SSH key fingerprint: SHA256:FladqYjaE4scJY3Hi+gnShZ6ygnTJgixy0I6BAoHyos
3 changed files with 57 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

27
servers/vaultwarden.nix
View file

@ -1,14 +1,37 @@
{ ... }:
{ config, ... }:
{
imports = [
./utils/nginx-https-server.nix
./utils/cert-store-client.nix
];
sops = {
secrets = {
smtp-pass = {
sopsFile = ../secrets/vaultwarden.yaml;
restartUnits = [ "vaultwarden.service" ];
};
admin-token = {
sopsFile = ../secrets/vaultwarden.yaml;
restartUnits = [ "vaultwarden.service" ];
};
};
templates."vaultwarden.env" = {
owner = "vaultwarden";
content = ''
SMTP_FROM=vmsskv12@gmail.com
SMTP_USERNAME=vmsskv12@gmail.com
SMTP_PASSWORD=${config.sops.placeholder.smtp-pass}
ADMIN_TOKEN=${config.sops.placeholder.admin-token}
'';
};
};
services = {
vaultwarden = {
enable = true;
environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
environmentFile = config.sops.templates."vaultwarden.env".path;
config = {
DOMAIN = "https://vaultwarden.vsinerva.fi";
LOGIN_RATELIMIT_MAX_BURST = 10;