fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Vaultwarden added

Browse source
This commit is contained in:
fwastring 2025-09-08 19:40:36 +02:00
parent 3e0ee3d933
commit 5078ac7952
2 changed files with 47 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

14
maskiner/desktop/configuration.nix
View file

@ -16,6 +16,7 @@
../../moduler/users.nix ../../moduler/users.nix
../../moduler/nginx.nix ../../moduler/nginx.nix
../../moduler/k3s.nix ../../moduler/k3s.nix
../../moduler/vaultwarden.nix
#../../moduler/lsp.nix #../../moduler/lsp.nix
]; ];
@ -27,19 +28,6 @@ neovim
services.tailscale.enable = true; services.tailscale.enable = true;
services.tailscale.package = pkgs.unstable.tailscale; services.tailscale.package = pkgs.unstable.tailscale;
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
environmentFile = "/var/lib/vaultwarden.env";
config = {
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
DOMAIN = "https://vault.example.org";
SIGNUPS_ALLOWED = true;
ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$...";
LOG_FILE = "/var/lib/bitwarden_rs/access.log";
};
};
networking.hostName = myhostname; networking.hostName = myhostname;

46
moduler/vaultwarden.nix Normal file
View file

@ -0,0 +1,46 @@
{
...
}:
{
security.acme = {
acceptTerms = true;
defaults.email = "fredrik@wastring.com";
certs."*.wastring.com" = {
dnsProvider = "gandiv5";
environmentFile = /run/secrets/gandi_key;
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# other Nginx options
virtualHosts."pass.wastring.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8222";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig =
# required when the target is also TLS server with multiple hosts
"proxy_ssl_server_name on;"
+
# required when the server wants to use HTTP Authentication
"proxy_pass_header Authorization;";
};
};
};
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
environmentFile = "/var/lib/vaultwarden.env";
config = {
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
DOMAIN = "https://pass.wastring.com";
SIGNUPS_ALLOWED = true;
LOG_FILE = "/var/lib/bitwarden_rs/access.log";
};
};
}