From e8d6ca3917c6618dcd355765b2648b66ea83cab2 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 25 Jan 2023 14:24:10 +0100 Subject: [PATCH] fixed vaultwarden --- hosts/nuc/default.nix | 1 + hosts/nuc/modules/vaultwarden/default.nix | 30 +++++++++++++++++------ 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 7c21792..396cd71 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -7,6 +7,7 @@ ./hardware-configuration.nix ./modules/networks ./modules/nextcloud + ./modules/vaultwarden ./modules/nginx ../../shared/vim.nix ../../shared/sops.nix diff --git a/hosts/nuc/modules/vaultwarden/default.nix b/hosts/nuc/modules/vaultwarden/default.nix index 5a8ab41..450303e 100644 --- a/hosts/nuc/modules/vaultwarden/default.nix +++ b/hosts/nuc/modules/vaultwarden/default.nix @@ -3,22 +3,36 @@ let domain = "vault.rfive.de"; in { - config.sops.secrets."vaultwarden/env" = { }; + sops.secrets."vaultwarden/env".owner = "vaultwarden"; services.vaultwarden = { enable = true; dbBackend = "postgresql"; environmentFile = config.sops.secrets."vaultwarden/env".path; config = { - domain = domain; + domain = "https://${domain}"; signupsAllowed = false; + # somehow this works + databaseUrl = "postgresql://vaultwarden@%2Frun%2Fpostgresql/vaultwarden"; rocketPort = 8000; }; - services.nginx.virtualHosts."bitwarden.example.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; - }; + }; + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = "vaultwarden"; + ensurePermissions = { + "DATABASE vaultwarden" = "ALL PRIVILEGES"; + }; + } + ]; + ensureDatabases = [ "vaultwarden" ]; + }; + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}"; }; }; }