aylac.top / nixcfg-own-knot
forked from aylac.top/nixcfg
this repo has no description
fork atom
nixcfg-own-knot / modules / nixos / services / vaultwarden / default.nix
at main 1.3 kB view raw
1{ 2 config, 3 lib, 4 self, 5 ... 6}: let 7 name = "vaultwarden"; 8 cfg = config.myNixOS.services.${name}; 9 10 network = config.mySnippets.tailnet; 11 service = network.networkMap.${name}; 12in { 13 options.myNixOS.services.${name} = { 14 enable = lib.mkEnableOption "${name} server"; 15 autoProxy = lib.mkOption { 16 default = true; 17 example = false; 18 description = "${name} auto proxy"; 19 type = lib.types.bool; 20 }; 21 }; 22 23 config = lib.mkIf cfg.enable { 24 age.secrets.vaultwarden.file = "${self.inputs.secrets}/vaultwarden.age"; 25 26 services = { 27 caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy '' 28 bind tailscale/vault 29 encode zstd gzip 30 reverse_proxy ${service.hostName}:${toString service.port} 31 ''; 32 33 vaultwarden = { 34 enable = true; 35 36 config = { 37 DOMAIN = "https://${service.vHost}"; 38 ROCKET_ADDRESS = "0.0.0.0"; 39 ROCKET_LOG = "critical"; 40 ROCKET_PORT = service.port; 41 SIGNUPS_ALLOWED = false; 42 ICON_SERVICE = "bitwarden"; 43 ICON_CACHE_TTL = 0; 44 #IP_HEADER = "CF-Connecting-IP"; 45 }; 46 47 environmentFile = config.age.secrets.vaultwarden.path; 48 }; 49 }; 50 }; 51}