nixos/applications/bitwarden/vaultwarden.nix

84 lines
1.8 KiB
Nix
Raw Permalink Normal View History

{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "vaultwarden";
cfg = config.services.skynet."${name}";
domain_sub = "pw";
domain = "${domain_sub}.skynet.ie";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet VaultWarden server";
};
config = mkIf cfg.enable {
#backups = [ "/etc/silver_ul_ical/database.db" ];
# Website config
services.skynet.acme.domains = [
domain
];
services.skynet.dns.records = [
{
record = domain_sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
# has ADMIN_TOKEN and SMTP_PASSWORD
age.secrets.bitwarden_details.file = ../../secrets/bitwarden/details.age;
services.vaultwarden = {
enable = true;
environmentFile = config.age.secrets.bitwarden_details.path;
config = {
DOMAIN = "https://${domain}";
SENDS_ALLOWED = true;
SIGNUPS_ALLOWED = false;
INVITATION_ORG_NAME = "Skyhold";
ORG_GROUPS_ENABLED = true;
USE_SENDMAIL = false;
SMTP_HOST = "mail.skynet.ie";
SMTP_FROM = "vaultwarden@skynet.ie";
SMTP_FROM_NAME = "Skynet Bitwarden server";
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
SMTP_USERNAME = "vaultwarden@skynet.ie";
SMTP_AUTH_MECHANISM = "Login";
SMTP_EMBED_IMAGES = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
};
}