45 lines
1.1 KiB
Nix
45 lines
1.1 KiB
Nix
|
{ config, ... }:
|
||
|
|
{
|
||
|
|
services.vaultwarden = {
|
||
|
|
enable = true;
|
||
|
|
dbBackend = "sqlite";
|
||
|
|
backupDir = "/var/lib/backup/vaultwarden";
|
||
|
|
config = {
|
||
|
|
DOMAIN = "https://vault.rebmit.moe";
|
||
|
|
SIGNUPS_ALLOWED = false;
|
||
|
|
EMERGENCY_ACCESS_ALLOWED = false;
|
||
|
|
SENDS_ALLOWED = false;
|
||
|
|
ORG_CREATION_USERS = "none";
|
||
|
|
ROCKET_ADDRESS = "127.0.0.1";
|
||
|
|
ROCKET_PORT = config.networking.ports.vaultwarden;
|
||
|
|
IP_HEADER = "X-Forwarded-For";
|
||
|
|
ENABLE_WEBSOCKET = false;
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
services.caddy.virtualHosts."vault.rebmit.moe" = {
|
||
|
|
extraConfig = with config.services.vaultwarden.config; ''
|
||
|
|
reverse_proxy ${ROCKET_ADDRESS}:${toString ROCKET_PORT}
|
||
|
|
'';
|
||
|
|
};
|
||
|
|
|
||
|
|
preservation.preserveAt."/persist".directories = [
|
||
|
|
{
|
||
|
|
directory = "/var/lib/vaultwarden";
|
||
|
|
mode = "-";
|
||
|
|
user = "-";
|
||
|
|
group = "-";
|
||
|
|
}
|
||
|
|
{
|
||
|
|
directory = config.services.vaultwarden.backupDir;
|
||
|
|
mode = "-";
|
||
|
|
user = "-";
|
||
|
|
group = "-";
|
||
|
|
}
|
||
|
|
];
|
||
|
|
|
||
|
|
services.restic.backups.b2.paths = [
|
||
|
|
"/persist${config.services.vaultwarden.backupDir}"
|
||
|
|
];
|
||
|
|
}
|