Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Infini-SERVER: pull vaultwarden into its own module

Browse source
This commit is contained in:
Infinidoge 2024-01-08 23:03:43 -05:00
parent c1cacb5ed2
commit 6174326ae7
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
3 changed files with 42 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

32
hosts/Infini-SERVER/default.nix
View file

@ -4,6 +4,8 @@
private.nixosModules.nitter private.nixosModules.nitter
./hardware-configuration.nix ./hardware-configuration.nix
./filesystems.nix ./filesystems.nix
./vaultwarden.nix
]; ];
system.stateVersion = "22.05"; system.stateVersion = "22.05";
@ -44,7 +46,6 @@
"/var/log" "/var/log"
"/var/lib/systemd/coredump" "/var/lib/systemd/coredump"
"/var/lib/tailscale" "/var/lib/tailscale"
"/var/lib/bitwarden_rs"
"/var/lib/thelounge" "/var/lib/thelounge"
"/srv" "/srv"
@ -65,7 +66,7 @@
nginx = nginx =
let let
cfg = config.services.nginx; cfg = config.services.nginx;
ssl = { sslCertificate = config.secrets."inx.moe.pem"; sslCertificateKey = config.secrets."inx.moe.key"; forceSSL = true; }; inherit (config.common.nginx) ssl;
in in
{ {
enable = true; enable = true;
@ -94,11 +95,6 @@
proxyPass = "http://localhost:8000"; proxyPass = "http://localhost:8000";
}; };
}; };
"bitwarden.inx.moe" = ssl // {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
"thelounge.inx.moe" = ssl // { "thelounge.inx.moe" = ssl // {
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString config.services.thelounge.port}"; proxyPass = "http://localhost:${toString config.services.thelounge.port}";
@ -107,28 +103,6 @@
}; };
}; };
vaultwarden = {
enable = true;
environmentFile = config.secrets."vaultwarden";
config = {
DOMAIN = "https://bitwarden.inx.moe";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
PUSH_ENABLED = true;
PUSH_RELAY_URI = "https://push.bitwarden.com";
SMTP_HOST = "live.smtp.mailtrap.io";
SMTP_FROM = "noreply@inx.moe";
SMTP_PORT = 587;
SMTP_SECURITY = "starttls";
SMTP_USERNAME = "api";
};
};
nitter = rec { nitter = rec {
enable = true; enable = true;
server = { server = {

35
hosts/Infini-SERVER/vaultwarden.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, lib, pkgs, ... }:
{
persist.directories = [ config.services.vaultwarden.config.DATA_FOLDER ];
services.nginx.virtualHosts."bitwarden.inx.moe" = config.common.nginx.ssl // {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
services.vaultwarden = {
enable = true;
environmentFile = config.secrets."vaultwarden";
config = {
DOMAIN = "https://bitwarden.inx.moe";
SIGNUPS_ALLOWED = false;
DATA_FOLDER = "/var/lib/bitwarden_rs";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
PUSH_ENABLED = true;
PUSH_RELAY_URI = "https://push.bitwarden.com";
SMTP_HOST = "smtp.purelymail.com";
SMTP_FROM = "noreply@inx.moe";
SMTP_PORT = 465;
SMTP_SECURITY = "force_tls";
SMTP_USERNAME = "noreply@inx.moe";
};
};
}

4
modules/global/security.nix
View file

@ -51,4 +51,8 @@ with lib;
} }
]; ];
}; };
common = {
nginx.ssl = { sslCertificate = config.secrets."inx.moe.pem"; sslCertificateKey = config.secrets."inx.moe.key"; forceSSL = true; };
};
} }