83 lines
2.2 KiB
Nix
83 lines
2.2 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.custom.services.vaultwarden;
|
|
in
|
|
{
|
|
options.custom.services.vaultwarden.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
custom.services = {
|
|
nginxHttpsServer.enable = true;
|
|
certStoreClient.enable = true;
|
|
};
|
|
|
|
environment.persistence."/persist".directories = [
|
|
{
|
|
directory = "/var/lib/vaultwarden";
|
|
user = "vaultwarden";
|
|
group = "vaultwarden";
|
|
mode = "u=rwx,g=,o=";
|
|
}
|
|
];
|
|
|
|
sops = {
|
|
secrets = {
|
|
smtp-pass = {
|
|
sopsFile = ../../secrets/vaultwarden.yaml;
|
|
restartUnits = [ "vaultwarden.service" ];
|
|
};
|
|
admin-token = {
|
|
sopsFile = ../../secrets/vaultwarden.yaml;
|
|
restartUnits = [ "vaultwarden.service" ];
|
|
};
|
|
};
|
|
|
|
templates."vaultwarden.env" = {
|
|
owner = "vaultwarden";
|
|
content = ''
|
|
SMTP_FROM=vmsskv12@gmail.com
|
|
SMTP_USERNAME=vmsskv12@gmail.com
|
|
SMTP_PASSWORD=${config.sops.placeholder.smtp-pass}
|
|
ADMIN_TOKEN=${config.sops.placeholder.admin-token}
|
|
'';
|
|
};
|
|
};
|
|
|
|
services = {
|
|
vaultwarden = {
|
|
enable = true;
|
|
environmentFile = config.sops.templates."vaultwarden.env".path;
|
|
config = {
|
|
DOMAIN = "https://vaultwarden.vsinerva.fi";
|
|
LOGIN_RATELIMIT_MAX_BURST = 10;
|
|
LOGIN_RATELIMIT_SECONDS = 60;
|
|
ADMIN_RATELIMIT_MAX_BURST = 10;
|
|
ADMIN_RATELIMIT_SECONDS = 60;
|
|
SENDS_ALLOWED = true;
|
|
EMERGENCY_ACCESS_ALLOWED = true;
|
|
WEB_VAULT_ENABLED = true;
|
|
SIGNUPS_ALLOWED = true;
|
|
SIGNUPS_VERIFY = true;
|
|
SIGNUPS_VERIFY_RESEND_TIME = 3600;
|
|
SIGNUPS_VERIFY_RESEND_LIMIT = 5;
|
|
SMTP_HOST = "smtp.gmail.com";
|
|
SMTP_FROM_NAME = "Vaultwarden";
|
|
SMTP_SECURITY = "starttls";
|
|
SMTP_PORT = 587;
|
|
SMTP_AUTH_MECHANISM = "Login";
|
|
};
|
|
};
|
|
|
|
nginx = {
|
|
virtualHosts."vaultwarden.vsinerva.fi" = {
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:8000";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|