51 lines
1.5 KiB
Nix
51 lines
1.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.ragon.services.bitwarden;
|
|
domain = config.ragon.services.nginx.domain;
|
|
in
|
|
{
|
|
options.ragon.services.bitwarden.enable = lib.mkEnableOption "Enables the vaultwarden BitWarden Server";
|
|
options.ragon.services.bitwarden.domainPrefix =
|
|
lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "bw";
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
package = pkgs.unstable.vaultwarden;
|
|
#backupDir = "/persistent/backups/vaultwarden";
|
|
config = {
|
|
domain = "https://${cfg.domainPrefix}.${domain}";
|
|
signupsAllowed = true;
|
|
rocketPort = 8222;
|
|
rocketAddress = "127.0.0.1";
|
|
databaseUrl = "postgresql://%2Frun%2Fpostgresql/vaultwarden";
|
|
webVaultEnabled = true;
|
|
};
|
|
dbBackend = "postgresql";
|
|
|
|
};
|
|
services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
|
|
forceSSL = true;
|
|
useACMEHost = "${domain}";
|
|
locations."/".proxyPass = "http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}";
|
|
locations."/".proxyWebsockets = true;
|
|
};
|
|
services.postgresql = {
|
|
enable = true;
|
|
|
|
# Ensure the database, user, and permissions always exist
|
|
ensureDatabases = [ "vaultwarden" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "vaultwarden";
|
|
ensurePermissions."DATABASE vaultwarden" = "ALL PRIVILEGES";
|
|
}
|
|
];
|
|
};
|
|
ragon.persist.extraDirectories = [
|
|
"/var/lib/bitwarden_rs"
|
|
];
|
|
};
|
|
}
|