Infini-SERVER: pull vaultwarden into its own module

2024-01-08 23:03:43 -05:00 · 2024-01-08 23:03:43 -05:00 · 6174326ae7
commit 6174326ae7
parent c1cacb5ed2
3 changed files with 42 additions and 29 deletions
--- a/hosts/Infini-SERVER/vaultwarden.nix
+++ b/hosts/Infini-SERVER/vaultwarden.nix
@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+{
+  persist.directories = [ config.services.vaultwarden.config.DATA_FOLDER ];
+
+  services.nginx.virtualHosts."bitwarden.inx.moe" = config.common.nginx.ssl // {
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+    };
+  };
+
+  services.vaultwarden = {
+    enable = true;
+    environmentFile = config.secrets."vaultwarden";
+    config = {
+      DOMAIN = "https://bitwarden.inx.moe";
+      SIGNUPS_ALLOWED = false;
+
+      DATA_FOLDER = "/var/lib/bitwarden_rs";
+
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+      ROCKET_LOG = "critical";
+
+      PUSH_ENABLED = true;
+      PUSH_RELAY_URI = "https://push.bitwarden.com";
+
+      SMTP_HOST = "smtp.purelymail.com";
+      SMTP_FROM = "noreply@inx.moe";
+      SMTP_PORT = 465;
+      SMTP_SECURITY = "force_tls";
+      SMTP_USERNAME = "noreply@inx.moe";
+    };
+  };
+}