Drift/pvv-nixos-config
Drift
/
pvv-nixos-config
16
4
Fork 1
Code Issues Pull Requests 6 Wiki Activity

bekkalokk: add vaultwarden

This commit is contained in:
Felix Albrigtsen 2024-05-26 04:03:55 +02:00
parent 5fb1b805a8
commit baf96f928e
3 changed files with 77 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/bekkalokk/configuration.nix
View File

@ -6,13 +6,14 @@
../../base.nix
../../misc/metrics-exporters.nix
./services/website
./services/nginx.nix
./services/gitea/default.nix
./services/kerberos
./services/webmail
./services/mediawiki
./services/idp-simplesamlphp
./services/kerberos
./services/mediawiki
./services/nginx.nix
./services/vaultwarden.nix
./services/webmail
./services/website
];
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;

66
hosts/bekkalokk/services/vaultwarden.nix Normal file
View File

@ -0,0 +1,66 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.vaultwarden;
domain = "pw.pvv.ntnu.no";
address = "127.0.1.2";
port = 3011;
wsPort = 3012;
in {
sops.secrets."vaultwarden/environ" = {
owner = "vaultwarden";
group = "vaultwarden";
};
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = config.sops.secrets."vaultwarden/environ".path;
config = {
domain = "https://${domain}";
rocketAddress = address;
rocketPort = port;
websocketEnabled = true;
websocketAddress = address;
wsPort = wsPort;
signupsAllowed = true;
signupsVerify=true;
signupsDomainsWhitelist = "pvv.ntnu.no";
smtpFrom = "vaultwarden@pvv.ntnu.no";
smtpFromName = "VaultWarden PVV";
smtpHost = "smtp.pvv.ntnu.no";
smtpUsername = "vaultwarden";
smtpSecurity = "force_tls";
smtpAuthMechanism = "Login";
# Configured in environ:
# databaseUrl = "postgresql://vaultwarden@/vaultwarden";
# smtpPassword = hemli
};
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 128M;
'';
locations."/" = {
proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://${address}:${toString wsPort}";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true;
};
};
}

7
secrets/bekkalokk/bekkalokk.yaml
View File

@ -27,6 +27,8 @@ nettsiden:
postgres_password: ENC[AES256_GCM,data:SvbrdHF4vQ94DgoEfy67QS5oziAsMT8H,iv:LOHBqMecA6mgV3NMfmfTh3zDGiDve+t3+uaO53dIxt4=,tag:9ffz84ozIqytNdGB1COMhA==,type:str]
cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
vaultwarden:
environ: ENC[AES256_GCM,data:U0ZWUx5gSCWrp2Tlr0dnaJWiad/IO5bxTJt/vv9deFaYgMtN5m/syne8VuJwLjfOdj4TNewoVCZ5upt97mcFV3DQVU+l7ovZNlWYEUTrkqPuXdiLuLtxTFJ1iJ7GkHF00YjwpjqhBG0/BEuZSfM/IPdddZmYe3oZCe8DocwgquI=,iv:3vmQIer5xDJpYzew4Oihj1JhT1gl1fZg42c4hK1k0Fg=,tag:psOgZZUeL4w/hnqjOViLEw==,type:str]
sops:
kms: []
gcp_kms: []
@ -60,8 +62,8 @@ sops:
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-14T21:58:31Z"
mac: ENC[AES256_GCM,data:+o7YvaaKTjN/uZT5mv3z9FgIbXwG4NPJePWwRmtkBINn9X+vrCmYOXqWhKw7qfInn4Ftcg0FA7cYFZe5Pv8MNp+f8v1yoiLrVX12cxmEYtqTXJz7pNeD2st1YjGJKihNi2/fyCCf4YBCGN+8Ze//HeVf7/tfWNB+ysyC9g9Tze4=,iv:C6XBCVXn8GuNeaWGdJRnUIh1us0i8fSoxu9Sx7Feb58=,tag:W0RLPPv7eP5kCNrhMG3z7A==,type:str]
lastmodified: "2024-05-26T01:12:14Z"
mac: ENC[AES256_GCM,data:xiWGqNLaY9lAyU75HYS/J3thkYMwUYKfWXKzTLmoJ+mPys3wvO4uK2YIdTSzmRuBUtDrEl72zViOS8OebJaxrfjZ3O9jR56gD69ls+tEiIKDIUteMVxel6VU4pQzgtY321PEk+4NMhKyW0uIGY0oUjLnncAY9xM0NMy7setFhrU=,iv:iiwtNWlJY1sHMQ+WccIPp0dayD3tVxlmTaKSN7X4Gis=,tag:yT88BvGdCCGC1M5xMpZoAA==,type:str]
pgp:
- created_at: "2023-05-21T00:28:40Z"
enc: |
@ -85,3 +87,4 @@ sops:
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted
version: 3.8.1