36 lines
803 B
Nix
36 lines
803 B
Nix
{ config, ... }:
|
|
let
|
|
domain = "pass.${config.networking.domain}";
|
|
in
|
|
{
|
|
|
|
age.secrets = {
|
|
vaultwarden_secret = {
|
|
file = ../../secrets/services/vaultwarden.age;
|
|
owner = "vaultwarden";
|
|
};
|
|
};
|
|
|
|
|
|
services.vaultwarden = {
|
|
enable = false; # TODO: enable
|
|
# TODO: move to pgsql
|
|
#dbBackend = "postgresql";
|
|
environmentFile = config.age.secrets.vaultwarden_secret.path;
|
|
config = {
|
|
DOMAIN = "https://${domain}";
|
|
SIGNUPS_ALLOWED = false;
|
|
|
|
ROCKET_ADDRESS = "::1";
|
|
ROCKET_PORT = 8222;
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."${domain}" = {
|
|
extraConfig = ''
|
|
reverse_proxy localhost:${builtins.toString config.services.vaultwarden.config.ROCKET_PORT} {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
'';
|
|
};
|
|
}
|