forked from malobeo/infrastructure
67 lines
1.5 KiB
Nix
67 lines
1.5 KiB
Nix
{ config, lib, pkgs, inputs, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
sops.secrets = {
|
|
vaultwarden_env = {
|
|
owner = "vaultwarden";
|
|
group = "vaultwarden";
|
|
};
|
|
|
|
vaultwarden_smtp = {
|
|
owner = "vaultwarden";
|
|
group = "vaultwarden";
|
|
};
|
|
};
|
|
networking = {
|
|
hostName = mkDefault "vaultwarden";
|
|
useDHCP = false;
|
|
};
|
|
|
|
imports = [
|
|
../modules/malobeo_user.nix
|
|
../modules/sshd.nix
|
|
];
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."keys.malobeo.org" = {
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
|
extraConfig = ''
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
backupDir = "/var/local/vaultwarden/backup";
|
|
environmentFile = config.sops.secrets.vaultwarden_env.path;
|
|
config = {
|
|
DOMAIN = "http://keys.malobeo.org";
|
|
SIGNUPS_ALLOWED = true;
|
|
#WEBSERVER
|
|
ROCKET_ADDRESS = "127.0.0.1";
|
|
ROCKET_PORT = 8222;
|
|
ROCKET_LOG = "critical";
|
|
#EMAIL
|
|
SMTP_HOST = "mail.systemli.org";
|
|
SMTP_PORT = 465;
|
|
SMTP_SECURITY = "force_tls";
|
|
SMTP_USERNAME = "malobot@systemli.org";
|
|
SMTP_PASSWORD = config.sops.secrets.vaultwarden_smtp.path;
|
|
|
|
SMTP_FROM = "malobot@systemli.org";
|
|
SMTP_FROM_NAME = "Malobeo Vaultwarden Server";
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "22.11"; # Did you read the comment?
|
|
}
|
|
|