hosts/weird-row-server/vaultwarden.nix at main · wiro.world/dotfiles

wiro.world / dotfiles

yep, more dotfiles

dotfiles / hosts / weird-row-server / vaultwarden.nix

at main 1.1 kB view raw

 1{ config
 2, ...
 3}:
 4
 5let
 6  vaultwarden-port = 3011;
 7  vaultwarden-hostname = "vault.wiro.world";
 8in
 9{
10  config = {
11    age.secrets.vaultwarden-env.file = secrets/vaultwarden-env.age;
12    services.vaultwarden = {
13      enable = true;
14
15      environmentFile = config.age.secrets.vaultwarden-env.path;
16      config = {
17        ROCKET_PORT = vaultwarden-port;
18        DOMAIN = "https://${vaultwarden-hostname}";
19        SIGNUPS_ALLOWED = false;
20        ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$YIe9wmrTsmjgZNPxe8m34O/d3XW3Fl/uZPPLQs79dAc$mjDVQSdBJqz2uBJuxtAvCIoHPzOnTDhNPuhER3dhHrY";
21
22        SMTP_HOST = "smtp.resend.com";
23        SMTP_PORT = 2465;
24        SMTP_SECURITY = "force_tls";
25        SMTP_USERNAME = "resend";
26        # SMTP_PASSWORD = ...; # Via secret env
27        SMTP_FROM = "bitwarden@wiro.world";
28        SMTP_FROM_NAME = "Bitwarden wiro.world";
29      };
30    };
31
32    services.caddy = {
33      virtualHosts.${vaultwarden-hostname}.extraConfig = ''
34        reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}
35      '';
36    };
37  };
38}