config/profiles/web/services/vaultwarden.nix

31 lines
981 B
Nix

{ config, pkgs, lib, mkDomain, ... }:
{
# vaultwarden
# Unofficial Bitwarden compatible server written in Rust
services.vaultwarden = {
enable = true;
config = {
# https://github.com/dani-garcia/vaultwarden/blob/1.24.0/.env.template
# camelCase is converted to UPPER_SNAKE_CASE
domain = "https://${mkDomain "vaultwarden"}"; # port is supported
signupsAllowed = false;
# rocket is the http library
rocketAddress = "127.0.0.1";
rocketPort = 8222;
#rocketWorkers = 10;
rocketLog = "critical";
};
#dbBackend = "sqlite";
# backupDir = ""; # TODO
};
services.nginx.virtualHosts.${mkDomain "vaultwarden"} = lib.mkIf config.services.vaultwarden.enable {
forceSSL = true; # addSSL = true;
enableACME = true; #useACMEHost = acmeDomain;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
proxyWebsockets = true;
};
};
}