wiro.world / dotfiles
yep, more dotfiles
fork atom

server: add vaultwarden

wiro.world 7083f251 95fa5988

verified
options
unified split
Changed files
+30
nixos
profiles
server.nix
secrets
secrets.nix
vaultwarden-env.age
+28
nixos/profiles/server.nix 
···

       
76

       
76

       
 

       
  goatcounter-port = 3010;


     

       
77

       
77

       
 

       
  goatcounter-hostname = "stats.wiro.world";


     

       
78

       
78

       
 

       



     

       

       
79

       
+

       
  vaultwarden-port = 3011;


     

       

       
80

       
+

       
  vaultwarden-hostname = "vault.wiro.world";


     

       

       
81

       
+

       



     

       
79

       
82

       
 

       
  prometheus-port = 9001;


     

       
80

       
83

       
 

       
  prometheus-node-exporter-port = 9002;


     

       
81

       
84

       
 

       
  headscale-metrics-port = 9003;


     
···

       
247

       
250

       
 

       



     

       
248

       
251

       
 

       
      virtualHosts.${goatcounter-hostname}.extraConfig = ''


     

       
249

       
252

       
 

       
        reverse_proxy http://localhost:${toString goatcounter-port}


     

       

       
253

       
+

       
      '';


     

       

       
254

       
+

       



     

       

       
255

       
+

       
      virtualHosts.${vaultwarden-hostname}.extraConfig = ''


     

       

       
256

       
+

       
        reverse_proxy http://localhost:${toString vaultwarden-port}


     

       
250

       
257

       
 

       
      '';


     

       
251

       
258

       
 

       
    };


     

       
252

       
259

       
 

       



     
···

       
526

       
533

       
 

       
      port = goatcounter-port;


     

       
527

       
534

       
 

       
      proxy = true;


     

       
528

       
535

       
 

       
      extraArgs = [ "-automigrate" ];


     

       

       
536

       
+

       
    };


     

       

       
537

       
+

       



     

       

       
538

       
+

       
    age.secrets.vaultwarden-env.file = ../../secrets/vaultwarden-env.age; 


     

       

       
539

       
+

       
    services.vaultwarden = {


     

       

       
540

       
+

       
      enable = true;


     

       

       
541

       
+

       



     

       

       
542

       
+

       
      environmentFile = config.age.secrets.vaultwarden-env.path;


     

       

       
543

       
+

       
      config = {


     

       

       
544

       
+

       
        ROCKET_PORT = vaultwarden-port;


     

       

       
545

       
+

       
        DOMAIN = "https://${vaultwarden-hostname}";


     

       

       
546

       
+

       
        SIGNUPS_ALLOWED = false;


     

       

       
547

       
+

       
        # ADMIN_TOKEN = ...; # Via secret env


     

       

       
548

       
+

       



     

       

       
549

       
+

       
        SMTP_HOST = "smtp.resend.com";


     

       

       
550

       
+

       
        SMTP_PORT = 2465;


     

       

       
551

       
+

       
        SMTP_SECURITY = "force_tls";


     

       

       
552

       
+

       
        SMTP_USERNAME = "resend";


     

       

       
553

       
+

       
        # SMTP_PASSWORD = ...; # Via secret env


     

       

       
554

       
+

       
        SMTP_FROM = "bitwarden@wiro.world";


     

       

       
555

       
+

       
        SMTP_FROM_NAME = "Bitwarden wiro.world";


     

       

       
556

       
+

       
      };


     

       
529

       
557

       
 

       
    };


     

       
530

       
558

       
 

       
  };


     

       
531

       
559

       
 

       
}
+2
secrets/secrets.nix 
···

       
29

       
29

       
 

       
  "authelia-ldap-password.age".publicKeys = deploy;


     

       
30

       
30

       
 

       
  "authelia-smtp-password.age".publicKeys = deploy;


     

       
31

       
31

       
 

       
  "tuwunel-registration-tokens.age".publicKeys = deploy;


     

       

       
32

       
+

       
  # Defines `ADMIN_TOKEN`, `SMTP_PASSWORD`


     

       

       
33

       
+

       
  "vaultwarden-env.age".publicKeys = deploy;


     

       
32

       
34

       
 

       



     

       
33

       
35

       
 

       
  # Not used in config but useful


     

       
34

       
36

       
 

       
  "pgp-ca5e.age".publicKeys = users;
secrets/vaultwarden-env.age

This is a binary file and will not be displayed.