c3d2/nix-config
c3d2
/
nix-config
23
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity
nix-config/hosts/vaultwarden/default.nix

108 lines
2.8 KiB
Nix
Raw Permalink Blame History

{ config, pkgs, ... }:
{
c3d2 = {
deployment.server = "server10";
hq.sendmail = true;
};
networking.hostName = "vaultwarden";
services = {
backup = {
enable = true;
paths = [ "/var/lib/vaultwarden/" ];
exclude = [
"/var/lib/vaultwarden/icon_cache/"
"/var/lib/vaultwarden/tmp/"
];
};
bitwarden-directory-connector-cli = {
enable = true;
inherit (config.services.vaultwarden) domain;
ldap = {
ad = false;
hostname = "auth.c3d2.de";
port = 636;
rootPath = "dc=c3d2,dc=de";
ssl = true;
startTls = false;
username = "uid=search,ou=users,dc=c3d2,dc=de";
};
secrets = {
bitwarden = {
client_path_id = config.sops.secrets."bwdc/client-id".path;
client_path_secret = config.sops.secrets."bwdc/client-secret".path;
};
ldap = config.sops.secrets."bwdc/ldap-password".path;
};
sync = {
creationDateAttribute = "";
groups = true;
groupFilter = "(cn=vaultwarden-*)";
groupNameAttribute = "cn";
groupObjectClass = "groupOfNames";
groupPath = "ou=groups";
largeImport = false;
memberAttribute = "member";
overwriteExisting = false;
removeDisabled = true;
revisionDateAttribute = "";
useEmailPrefixSuffix = false;
userEmailAttribute = "mail";
userFilter = "(isMemberOf=cn=vaultwarden-users,ou=groups,dc=c3d2,dc=de)";
userObjectClass = "person";
userPath = "ou=users";
users = true;
};
};
nginx = {
enable = true;
virtualHosts."vaultwarden.c3d2.de" = {
forceSSL = true;
enableACME = true;
};
};
portunus.addToHosts = true;
postgresql = {
package = pkgs.postgresql_16;
upgrade.stopServices = [ "vaultwarden" ];
};
vaultwarden = {
enable = true;
config = {
PUSH_ENABLED = true;
PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
PUSH_RELAY_URI = "https://push.bitwarden.eu";
SENDMAIL_COMMAND = "/run/wrappers/bin/sendmail";
SMTP_DEBUG = false;
SMTP_FROM = "noreply@c3d2.de";
SMTP_FROM_NAME = "Vaultwarden";
SHOW_PASSWORD_HINT = false;
SIGNUPS_ALLOWED = false;
USE_SENDMAIL = true;
};
dbBackend = "postgresql";
domain = "vaultwarden.c3d2.de";
environmentFile = config.sops.secrets."vaultwarden/environment".path;
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"bwdc/client-id".owner = "bwdc";
"bwdc/client-secret".owner = "bwdc";
"bwdc/ldap-password".owner = "bwdc";
"vaultwarden/environment".owner = "vaultwarden";
};
};
system.stateVersion = "23.11";
}
Reference in New Issue View Git Blame Copy Permalink