modules/server/vaultwarden.nix at main · kitten.sh/system

kitten.sh / system

Personal Nix setup

system / modules / server / vaultwarden.nix

at main 1.2 kB view raw

 1{ lib, config, hostname, helpers, ... }:
 2
 3with lib;
 4let
 5  address = config.modules.router.adress;
 6  cfg = config.modules.server;
 7in helpers.linuxAttrs {
 8  options.modules.server.vaultwarden = {
 9    enable = mkOption {
10      default = false;
11      example = true;
12      description = "Whether to enable Vaultwarden.";
13      type = types.bool;
14    };
15  };
16
17  config = mkIf (cfg.enable && cfg.vaultwarden.enable) {
18    services.vaultwarden = let
19      baseURL = if (cfg.caddy.enable && cfg.tailscale.enable)
20        then "https://${hostname}.fable-pancake.ts.net/vault/"
21        else if cfg.caddy.enable then "http://${address}/vault/"
22        else "http://${address}:8000/vault/";
23    in {
24      enable = true;
25      dbBackend = "sqlite";
26      config = {
27        IP_HEADER = "X-Real-IP";
28        ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$+5A5H6YiN6OxyrFggkrft8Mm+sxgh/tL3USbaYFZ/h8$qj8NjE+COL4WXjmjkPWSQk7iLfhaBfBtV6k06Bql3CQ";
29        PASSWORD_HINTS_ALLOWED = "false";
30        SIGNUPS_ALLOWED = "false";
31        DOMAIN = baseURL;
32        WEBSOCKET_ADDRESS = "127.0.0.1";
33        ROCKET_ADDRESS = "127.0.0.1";
34        WEBSOCKET_PORT = "8001";
35        ROCKET_PORT = "8000";
36        ROCKET_LIMITS = "{json=10485760}";
37      };
38    };
39  };
40}