mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-09 23:22:57 +00:00
working vaultwarden
haven't tested websockets
This commit is contained in:
parent
7bca2775d1
commit
6f67e31723
@ -22,6 +22,7 @@ nixpkgs.lib.nixosSystem {
|
|||||||
nextcloudServer = "cloud.masu.rs";
|
nextcloudServer = "cloud.masu.rs";
|
||||||
transmissionServer = "download.masu.rs";
|
transmissionServer = "download.masu.rs";
|
||||||
metricsServer = "metrics.masu.rs";
|
metricsServer = "metrics.masu.rs";
|
||||||
|
vaultwardenServer = "vault.masu.rs";
|
||||||
|
|
||||||
# Disable passwords, only use SSH key
|
# Disable passwords, only use SSH key
|
||||||
passwordHash = null;
|
passwordHash = null;
|
||||||
@ -80,6 +81,7 @@ nixpkgs.lib.nixosSystem {
|
|||||||
../../modules/services/cloudflare.nix
|
../../modules/services/cloudflare.nix
|
||||||
../../modules/services/transmission.nix
|
../../modules/services/transmission.nix
|
||||||
../../modules/services/prometheus.nix
|
../../modules/services/prometheus.nix
|
||||||
|
../../modules/services/vaultwarden.nix
|
||||||
../../modules/gaming/minecraft-server.nix
|
../../modules/gaming/minecraft-server.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
@ -13,12 +13,40 @@
|
|||||||
services.vaultwarden = {
|
services.vaultwarden = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = {
|
config = {
|
||||||
DOMAIN = config.vaultwardenServer;
|
DOMAIN = "https://${config.vaultwardenServer}";
|
||||||
SIGNUPS_ALLOWED = false;
|
SIGNUPS_ALLOWED = false;
|
||||||
|
SIGNUPS_VERIFY = true;
|
||||||
|
INVITATIONS_ALLOWED = true;
|
||||||
|
WEB_VAULT_ENABLED = true;
|
||||||
|
ROCKET_ADDRESS = "127.0.0.1";
|
||||||
|
ROCKET_PORT = 8222;
|
||||||
|
WEBSOCKET_ENABLED = true;
|
||||||
|
WEBSOCKET_ADDRESS = "0.0.0.0";
|
||||||
|
WEBSOCKET_PORT = 3012;
|
||||||
|
LOGIN_RATELIMIT_SECONDS = 60;
|
||||||
|
LOGIN_RATELIMIT_MAX_BURST = 10;
|
||||||
|
ADMIN_RATELIMIT_SECONDS = 300;
|
||||||
|
ADMIN_RATELIMIT_MAX_BURST = 3;
|
||||||
};
|
};
|
||||||
environmentFile = null;
|
environmentFile = config.secrets.vaultwarden.dest;
|
||||||
dbBackend = "sqlite";
|
dbBackend = "sqlite";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
secrets.vaultwarden = {
|
||||||
|
source = ../../private/vaultwarden.age;
|
||||||
|
dest = "${config.secretsDirectory}/vaultwarden";
|
||||||
|
owner = "vaultwarden";
|
||||||
|
group = "vaultwarden";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 3012 ];
|
||||||
|
|
||||||
|
caddyRoutes = [{
|
||||||
|
match = [{ host = [ config.vaultwardenServer ]; }];
|
||||||
|
handle = [{
|
||||||
|
handler = "reverse_proxy";
|
||||||
|
upstreams = [{ dial = "localhost:8222"; }];
|
||||||
|
}];
|
||||||
|
}];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
11
private/vaultwarden.age
Normal file
11
private/vaultwarden.age
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBqNm0x
|
||||||
|
YVc0bXp6eldNdkp1QWk2cEI0WFBhVVd3cHhDODNwMS9UUTBPN25JCmxXZnRIcFZr
|
||||||
|
SFJrQnI3R1BTUk1BcVl3RjlUaXMzSXpqaGdTMi9reno1eHcKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgWXlTVU1RIFlKWCtsWGtWdTI4L0ZFTVRHNFN5by9vTE95MXFoMVZGYlYrM1I2
|
||||||
|
alREaE0Kd251SGRDdE96VmZqblhEWXFkZDhvRUZsZ1pnZ3NqdEdJSlBvaXhoOHVB
|
||||||
|
WQotLS0gaGJNRm14SkdXcTFmYlJUell1WUZUeEllT3ZwMkNaejF3eWJ5U1ZSdno1
|
||||||
|
MAqQIT8vvUro+C+avm6lCPfrX9yigKzx/gtKfMB//1Ie7BUo1+o5iYoA+R0luMU8
|
||||||
|
/zVX1yGAzDPqas/HfYclIPg3bdjm2dnpz0ltOrOvjA4x3nEzzrmS96zo3Fy1d8oX
|
||||||
|
oAMw2l/p2QDHI60cyhvC
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
Loading…
Reference in New Issue
Block a user