diff --git a/hosts/tsuki/configuration.nix b/hosts/tsuki/configuration.nix index fd45628..48c775b 100644 --- a/hosts/tsuki/configuration.nix +++ b/hosts/tsuki/configuration.nix @@ -24,6 +24,7 @@ ./services/pgadmin.nix ./services/plex.nix ./services/postgres.nix + ./services/vaultwarden.nix ./services/vscode-server.nix ]; diff --git a/hosts/tsuki/services/nginx/default.nix b/hosts/tsuki/services/nginx/default.nix index 44b8cbf..555d3a2 100644 --- a/hosts/tsuki/services/nginx/default.nix +++ b/hosts/tsuki/services/nginx/default.nix @@ -162,6 +162,7 @@ (proxy ["py"] "http://localhost:${s ports.jupyterhub}" { locations."/".proxyWebsockets = true; }) + (proxy ["bw"] "http://localhost:${s config.services.vaultwarden.config.ROCKET_PORT}" {}) (proxy ["docs"] "http://localhost:${s config.services.hedgedoc.settings.port}" {}) (proxy ["map"] "http://localhost:${s ports.minecraft.dynmap}" {}) (proxy ["yt"] "http://localhost:${s config.services.invidious.port}" {}) diff --git a/hosts/tsuki/services/vaultwarden.nix b/hosts/tsuki/services/vaultwarden.nix new file mode 100644 index 0000000..be7bf8c --- /dev/null +++ b/hosts/tsuki/services/vaultwarden.nix @@ -0,0 +1,36 @@ +{ pkgs, config, ... }: +{ + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + # TODO: Set a database password + environmentFile = pkgs.writeText "vaultwarden.env" '' + DATABASE_URL=postgresql://vaultwarden:@%2Fvar%2Frun%2Fpostgresql/vaultwarden + ''; + config = { + DOMAIN = "https://bw.nani.wtf"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + ROCKET_LOG = "critical"; + ROCKET_WORKERS = 1; + }; + }; + + systemd.services.vaultwarden = { + requires = [ "postgresql.service" ]; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "vaultwarden" ]; + ensureUsers = [ + (rec { + name = "vaultwarden"; + ensurePermissions = { + "DATABASE \"${name}\"" = "ALL PRIVILEGES"; + }; + }) + ]; + }; +}