c3d2/nixos-modules
c3d2
/
nixos-modules
mirror of https://github.com/SuperSandro2000/nixos-modules.git
21
0
Fork 0
Code Releases Activity
nixos-modules/modules/vaultwarden.nix

84 lines
2.6 KiB
Nix
Raw Permalink Blame History

{ config, lib, libS, ... }:
let
cfg = config.services.vaultwarden;
usingPostgres = cfg.dbBackend == "postgresql";
in
{
options = {
services.vaultwarden = {
configureNginx = libS.mkOpinionatedOption "configure nginx for the configured domain";
domain = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
description = lib.mdDoc ''
The domain under which vaultwarden will be reachable.
'';
};
recommendedDefaults = libS.mkOpinionatedOption "set recommended default settings";
};
};
config = lib.mkIf cfg.enable {
assertions = [{
assertion = cfg.configureNginx -> cfg.domain != null;
message = ''
Setting services.vaultwarden.configureNginx to true requires configuring services.vaultwarden.domain!
'';
}];
services = {
nginx = lib.mkIf cfg.configureNginx {
upstreams.vaultwarden.servers."127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}" = { };
virtualHosts.${cfg.domain}.locations = {
"/".proxyPass = "http://vaultwarden";
"/notifications/hub" = {
proxyPass = "http://vaultwarden";
proxyWebsockets = true;
};
};
};
postgresql = lib.mkIf usingPostgres {
enable = true;
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensureDBOwnership = true;
}];
};
vaultwarden.config = lib.mkMerge [
{
DATABASE_URL = lib.mkIf usingPostgres "postgresql:///vaultwarden?host=/run/postgresql";
DOMAIN = lib.mkIf (cfg.domain != null) "https://${cfg.domain}";
}
(lib.mkIf cfg.recommendedDefaults {
DATA_FOLDER = "/var/lib/vaultwarden"; # changes data directory
# TODO: change with 1.31.0 update
# ENABLE_WEBSOCKET = true;
LOG_LEVEL = "warn";
PASSWORD_ITERATIONS = 600000;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = lib.mkDefault 8222;
SIGNUPS_VERIFY = true;
TRASH_AUTO_DELETE_DAYS = 30;
WEBSOCKET_ADDRESS = "127.0.0.1";
WEBSOCKET_ENABLED = true;
WEBSOCKET_PORT = lib.mkDefault 8223;
})
];
};
systemd.services.vaultwarden = {
after = lib.mkIf usingPostgres [ "postgresql.service" ];
requires = lib.mkIf usingPostgres [ "postgresql.service" ];
serviceConfig = lib.mkIf cfg.recommendedDefaults {
StateDirectory = lib.mkForce "vaultwarden"; # modules defaults to bitwarden_rs
};
};
};
}
View Git Blame Copy Permalink