bekkalokk: add vaultwarden
This commit is contained in:
parent
5fb1b805a8
commit
baf96f928e
@ -6,13 +6,14 @@
|
||||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
|
||||
./services/website
|
||||
./services/nginx.nix
|
||||
./services/gitea/default.nix
|
||||
./services/kerberos
|
||||
./services/webmail
|
||||
./services/mediawiki
|
||||
./services/idp-simplesamlphp
|
||||
./services/kerberos
|
||||
./services/mediawiki
|
||||
./services/nginx.nix
|
||||
./services/vaultwarden.nix
|
||||
./services/webmail
|
||||
./services/website
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
|
||||
|
66
hosts/bekkalokk/services/vaultwarden.nix
Normal file
66
hosts/bekkalokk/services/vaultwarden.nix
Normal file
@ -0,0 +1,66 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.vaultwarden;
|
||||
domain = "pw.pvv.ntnu.no";
|
||||
address = "127.0.1.2";
|
||||
port = 3011;
|
||||
wsPort = 3012;
|
||||
in {
|
||||
sops.secrets."vaultwarden/environ" = {
|
||||
owner = "vaultwarden";
|
||||
group = "vaultwarden";
|
||||
};
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
dbBackend = "postgresql";
|
||||
environmentFile = config.sops.secrets."vaultwarden/environ".path;
|
||||
config = {
|
||||
domain = "https://${domain}";
|
||||
|
||||
rocketAddress = address;
|
||||
rocketPort = port;
|
||||
|
||||
websocketEnabled = true;
|
||||
websocketAddress = address;
|
||||
wsPort = wsPort;
|
||||
|
||||
signupsAllowed = true;
|
||||
signupsVerify=true;
|
||||
signupsDomainsWhitelist = "pvv.ntnu.no";
|
||||
|
||||
smtpFrom = "vaultwarden@pvv.ntnu.no";
|
||||
smtpFromName = "VaultWarden PVV";
|
||||
|
||||
smtpHost = "smtp.pvv.ntnu.no";
|
||||
smtpUsername = "vaultwarden";
|
||||
smtpSecurity = "force_tls";
|
||||
smtpAuthMechanism = "Login";
|
||||
|
||||
# Configured in environ:
|
||||
# databaseUrl = "postgresql://vaultwarden@/vaultwarden";
|
||||
# smtpPassword = hemli
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
extraConfig = ''
|
||||
client_max_body_size 128M;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://${address}:${toString port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://${address}:${toString wsPort}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://${address}:${toString port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
}
|
@ -27,6 +27,8 @@ nettsiden:
|
||||
postgres_password: ENC[AES256_GCM,data:SvbrdHF4vQ94DgoEfy67QS5oziAsMT8H,iv:LOHBqMecA6mgV3NMfmfTh3zDGiDve+t3+uaO53dIxt4=,tag:9ffz84ozIqytNdGB1COMhA==,type:str]
|
||||
cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
|
||||
admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
|
||||
vaultwarden:
|
||||
environ: ENC[AES256_GCM,data:U0ZWUx5gSCWrp2Tlr0dnaJWiad/IO5bxTJt/vv9deFaYgMtN5m/syne8VuJwLjfOdj4TNewoVCZ5upt97mcFV3DQVU+l7ovZNlWYEUTrkqPuXdiLuLtxTFJ1iJ7GkHF00YjwpjqhBG0/BEuZSfM/IPdddZmYe3oZCe8DocwgquI=,iv:3vmQIer5xDJpYzew4Oihj1JhT1gl1fZg42c4hK1k0Fg=,tag:psOgZZUeL4w/hnqjOViLEw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -60,8 +62,8 @@ sops:
|
||||
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
|
||||
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-14T21:58:31Z"
|
||||
mac: ENC[AES256_GCM,data:+o7YvaaKTjN/uZT5mv3z9FgIbXwG4NPJePWwRmtkBINn9X+vrCmYOXqWhKw7qfInn4Ftcg0FA7cYFZe5Pv8MNp+f8v1yoiLrVX12cxmEYtqTXJz7pNeD2st1YjGJKihNi2/fyCCf4YBCGN+8Ze//HeVf7/tfWNB+ysyC9g9Tze4=,iv:C6XBCVXn8GuNeaWGdJRnUIh1us0i8fSoxu9Sx7Feb58=,tag:W0RLPPv7eP5kCNrhMG3z7A==,type:str]
|
||||
lastmodified: "2024-05-26T01:12:14Z"
|
||||
mac: ENC[AES256_GCM,data:xiWGqNLaY9lAyU75HYS/J3thkYMwUYKfWXKzTLmoJ+mPys3wvO4uK2YIdTSzmRuBUtDrEl72zViOS8OebJaxrfjZ3O9jR56gD69ls+tEiIKDIUteMVxel6VU4pQzgtY321PEk+4NMhKyW0uIGY0oUjLnncAY9xM0NMy7setFhrU=,iv:iiwtNWlJY1sHMQ+WccIPp0dayD3tVxlmTaKSN7X4Gis=,tag:yT88BvGdCCGC1M5xMpZoAA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-21T00:28:40Z"
|
||||
enc: |
|
||||
@ -85,3 +87,4 @@ sops:
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user