feat: vaultwarden init
This commit is contained in:
parent
bed6aff773
commit
13d7b1da68
1 changed files with 30 additions and 0 deletions
30
hosts/hitsugibune/vaultwarden.nix
Normal file
30
hosts/hitsugibune/vaultwarden.nix
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
domain = "vaultwarden.sprechtl.me";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
config = {
|
||||||
|
DOMAIN = "https://${domain}";
|
||||||
|
SIGNUPS_ALLOWED = false;
|
||||||
|
ROCKET_PORT = 8222; # internal port (nginx will proxy to this)
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue