mirror of
https://github.com/nmasur/dotfiles
synced 2024-12-24 17:44:52 +00:00
working vaultwarden
haven't tested websockets
This commit is contained in:
parent
7bca2775d1
commit
6f67e31723
@ -22,6 +22,7 @@ nixpkgs.lib.nixosSystem {
|
||||
nextcloudServer = "cloud.masu.rs";
|
||||
transmissionServer = "download.masu.rs";
|
||||
metricsServer = "metrics.masu.rs";
|
||||
vaultwardenServer = "vault.masu.rs";
|
||||
|
||||
# Disable passwords, only use SSH key
|
||||
passwordHash = null;
|
||||
@ -80,6 +81,7 @@ nixpkgs.lib.nixosSystem {
|
||||
../../modules/services/cloudflare.nix
|
||||
../../modules/services/transmission.nix
|
||||
../../modules/services/prometheus.nix
|
||||
../../modules/services/vaultwarden.nix
|
||||
../../modules/gaming/minecraft-server.nix
|
||||
];
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
{ config, lib, ... }: {
|
||||
|
||||
options = {
|
||||
|
||||
@ -13,12 +13,40 @@
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
DOMAIN = config.vaultwardenServer;
|
||||
DOMAIN = "https://${config.vaultwardenServer}";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
SIGNUPS_VERIFY = true;
|
||||
INVITATIONS_ALLOWED = true;
|
||||
WEB_VAULT_ENABLED = true;
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 8222;
|
||||
WEBSOCKET_ENABLED = true;
|
||||
WEBSOCKET_ADDRESS = "0.0.0.0";
|
||||
WEBSOCKET_PORT = 3012;
|
||||
LOGIN_RATELIMIT_SECONDS = 60;
|
||||
LOGIN_RATELIMIT_MAX_BURST = 10;
|
||||
ADMIN_RATELIMIT_SECONDS = 300;
|
||||
ADMIN_RATELIMIT_MAX_BURST = 3;
|
||||
};
|
||||
environmentFile = null;
|
||||
environmentFile = config.secrets.vaultwarden.dest;
|
||||
dbBackend = "sqlite";
|
||||
};
|
||||
};
|
||||
|
||||
secrets.vaultwarden = {
|
||||
source = ../../private/vaultwarden.age;
|
||||
dest = "${config.secretsDirectory}/vaultwarden";
|
||||
owner = "vaultwarden";
|
||||
group = "vaultwarden";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 3012 ];
|
||||
|
||||
caddyRoutes = [{
|
||||
match = [{ host = [ config.vaultwardenServer ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:8222"; }];
|
||||
}];
|
||||
}];
|
||||
|
||||
}
|
||||
|
11
private/vaultwarden.age
Normal file
11
private/vaultwarden.age
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBqNm0x
|
||||
YVc0bXp6eldNdkp1QWk2cEI0WFBhVVd3cHhDODNwMS9UUTBPN25JCmxXZnRIcFZr
|
||||
SFJrQnI3R1BTUk1BcVl3RjlUaXMzSXpqaGdTMi9reno1eHcKLT4gc3NoLWVkMjU1
|
||||
MTkgWXlTVU1RIFlKWCtsWGtWdTI4L0ZFTVRHNFN5by9vTE95MXFoMVZGYlYrM1I2
|
||||
alREaE0Kd251SGRDdE96VmZqblhEWXFkZDhvRUZsZ1pnZ3NqdEdJSlBvaXhoOHVB
|
||||
WQotLS0gaGJNRm14SkdXcTFmYlJUell1WUZUeEllT3ZwMkNaejF3eWJ5U1ZSdno1
|
||||
MAqQIT8vvUro+C+avm6lCPfrX9yigKzx/gtKfMB//1Ie7BUo1+o5iYoA+R0luMU8
|
||||
/zVX1yGAzDPqas/HfYclIPg3bdjm2dnpz0ltOrOvjA4x3nEzzrmS96zo3Fy1d8oX
|
||||
oAMw2l/p2QDHI60cyhvC
|
||||
-----END AGE ENCRYPTED FILE-----
|
Loading…
Reference in New Issue
Block a user