infrastructure/hosts/phoenix.lewd.wtf/services/vaultwarden.nix

61 lines
2.1 KiB
Nix
Raw Normal View History

2024-02-10 18:26:29 +00:00
{ config, ... }:
{
users.users.vaultwarden.extraGroups = [ config.users.groups.keys.name ];
services.vaultwarden = {
enable = true;
environmentFile = "/run/secrets/services/vaultwarden/.env";
config = {
DOMAIN = "https://vault.lewd.wtf";
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = false;
WEBSOCKET_ENABLED = true;
WEBSOCKET_PORT = 3012;
ROCKET_PORT = 8222;
SMTP_HOST = "mail.your-server.de";
SMTP_FROM = "vaultwarden@lewd.wtf";
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "vaultwarden@lewd.wtf";
YUBICO_CLIENT_ID = 88022;
};
};
services.nginx.clientMaxBodySize = "128M";
services.nginx.virtualHosts."vault.lewd.wtf" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8222";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig =
"proxy_set_header Host $host;" +
"proxy_set_header X-Real-IP $remote_addr;" +
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
"proxy_set_header X-Forwarded-Proto $scheme;"
;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://127.0.0.1:8222";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig =
"proxy_set_header Host $host;" +
"proxy_set_header X-Real-IP $remote_addr;" +
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
"proxy_set_header X-Forwarded-Proto $scheme;"
;
};
locations."/notifications/hub" = {
proxyPass = "http://127.0.0.1:3012";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig =
"proxy_set_header Host $host;" +
"proxy_set_header X-Real-IP $remote_addr;" +
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
"proxy_set_header X-Forwarded-Proto $scheme;"
;
};
};
}