modules/nixos/services/vaultwarden/default.nix at 4571d5df3c9a6d2e4c49fc07a5b5b6fcaa362a46 · aylac.top/nixcfg-own-knot

this repo has no description

nixcfg-own-knot / modules / nixos / services / vaultwarden / default.nix

at 4571d5df3c9a6d2e4c49fc07a5b5b6fcaa362a46 1.3 kB view raw

 1{
 2  config,
 3  lib,
 4  self,
 5  ...
 6}: let
 7  name = "vaultwarden";
 8  cfg = config.myNixOS.services.${name};
 9
10  network = config.mySnippets.tailnet;
11  service = network.networkMap.${name};
12in {
13  options.myNixOS.services.${name} = {
14    enable = lib.mkEnableOption "${name} server";
15    autoProxy = lib.mkOption {
16      default = true;
17      example = false;
18      description = "${name} auto proxy";
19      type = lib.types.bool;
20    };
21  };
22
23  config = lib.mkIf cfg.enable {
24    age.secrets.vaultwarden.file = "${self.inputs.secrets}/vaultwarden.age";
25
26    services = {
27      caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''
28        bind tailscale/vault
29        encode zstd gzip
30        reverse_proxy ${service.hostName}:${toString service.port}
31      '';
32
33      vaultwarden = {
34        enable = true;
35
36        config = {
37          DOMAIN = "https://${service.vHost}";
38          ROCKET_ADDRESS = "0.0.0.0";
39          ROCKET_LOG = "critical";
40          ROCKET_PORT = service.port;
41          SIGNUPS_ALLOWED = false;
42          ICON_SERVICE = "bitwarden";
43          ICON_CACHE_TTL = 0;
44          #IP_HEADER = "CF-Connecting-IP";
45        };
46
47        environmentFile = config.age.secrets.vaultwarden.path;
48      };
49    };
50  };
51}