cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

services/vaultwarden: init

Browse source
This commit is contained in:
LavaDesu 2022-02-27 13:06:17 +07:00
parent b0923384df
commit aeec9b75c1
Signed by: cilly
GPG key ID: 6500251E087653C9
6 changed files with 50 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/services/unbound.nix
View file

@ -28,6 +28,11 @@ in {
"10.0.0.0/8 allow"
"192.168.100.0/24 allow"
];
domain-insecure = [ "local.lava.moe" ];
local-zone = [ "local.lava.moe. redirect" ];
local-data = [
"warden.local.lava.moe. IN A 192.168.100.15"
];
};
include = "${inputs.hosts-blocklists}/unbound/unbound.blacklist.conf";

31
modules/services/vaultwarden.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, ... }:
let
dir = "/persist/vaultwarden";
user = config.users.users.vaultwarden.name;
group = config.users.groups.vaultwarden.name;
in {
systemd.tmpfiles.rules = [
"d ${dir} 700 ${user} ${group}"
"d ${dir}_backup 700 ${user} ${group}"
];
services.vaultwarden = {
backupDir = "${dir}_backup";
config = {
dataFolder = dir;
signupsAllowed = false;
rocketPort = 8002;
};
domain = "warden.local.lava.moe";
environmentFile = config.age.secrets.warden_admin.path;
};
services.nginx.virtualHosts."warden.local.lava.moe" = {
forceSSL = true;
useACMEHost = "lava.moe";
locations."/".proxyPass = "http://[::1]:8002";
};
systemd.services.vaultwarden.serviceConfig.ReadWritePaths = [ dir ];
systemd.services.backup-vaultwarden.environment.DATA_FOLDER = dir;
}