cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

make vaultwarden a module and enable ssh-agent feature

Browse source
This commit is contained in:
cy 2025-03-04 13:00:48 -05:00
parent a6db9e3b8a
commit b5e3bf8e54
Signed by: cy
SSH key fingerprint: SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
5 changed files with 37 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
hosts/chunk/vaultwarden.nix
View file

@ -1,15 +1,6 @@
{ config, ... }: { ... }:
{ {
services.vaultwarden = { my.vaultwarden.enable = true;
enable = true;
dbBackend = "postgresql";
environmentFile = config.sops.secrets."vaultwarden/env".path;
config = {
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "8081";
DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
};
};
services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
import common import common

2
hosts/common.nix
View file

@ -54,7 +54,7 @@
# https://github.com/jauderho/nts-servers # https://github.com/jauderho/nts-servers
"ntp3.fau.de" "ntp3.fau.de"
"ntppool1.time.nl" "ntppool1.time.nl"
"time.signorini.ch" "ntpmon.dcs1.biz"
"stratum1.time.cifelli.xyz" "stratum1.time.cifelli.xyz"
"nts.teambelgium.net" "nts.teambelgium.net"
"c.st1.ntp.br" "c.st1.ntp.br"

11
hosts/ytnix/default.nix
View file

@ -406,14 +406,5 @@
enableTCPIP = true; enableTCPIP = true;
}; };
services.vaultwarden = { my.vaultwarden.enable = true;
enable = true;
dbBackend = "postgresql";
environmentFile = config.sops.secrets."vaultwarden/env".path;
config = {
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = "8081";
DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
};
};
} }

1
modules/default.nix
View file

@ -6,5 +6,6 @@
./roundcube.nix ./roundcube.nix
./zipline.nix ./zipline.nix
./containerization.nix ./containerization.nix
./vaultwarden.nix
]; ];
} }

32
modules/vaultwarden.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
lib,
...
}:
let
cfg = config.my.vaultwarden;
in
{
options.my.vaultwarden = {
enable = lib.mkEnableOption "vaultwarden";
domain = lib.mkOption {
type = lib.types.str;
default = "https://pass.cy7.sh";
};
};
config = lib.mkIf cfg.enable {
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = config.sops.secrets."vaultwarden/env".path;
config = {
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = "8081";
DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,ssh-agent,ssh-key-vault-item,autofill-v2";
DOMAIN = cfg.domain;
};
};
};
}