port back vaultwarden from previous config

pull/1/head
Tudor Roman 2023-01-23 11:50:15 +01:00
parent 570bf8a67e
commit a00b3708d7
3 changed files with 49 additions and 0 deletions

View File

@ -9,6 +9,7 @@
nginx.enable = true;
cgit.enable = true;
site.enable = true;
vaultwarden.enable = true;
};
ipforward.enable = true;
tailscale.enable = true;

View File

@ -4,5 +4,6 @@
./cgit
./nginx.nix
./site.nix
./vaultwarden.nix
];
}

View File

@ -0,0 +1,47 @@
{ config, lib, pkgs, ... }:
let
cfg = config.systemModules.services.web.vaultwarden;
in
with lib; {
options.systemModules.services.web.vaultwarden.enable = mkEnableOption "vaultwarden";
config = mkIf cfg.enable {
services.vaultwarden = {
enable = true;
config = {
domain = "https://bw.tudorr.ro";
signupsAllowed = false;
rocketPort = 8080;
rocketLog = "critical";
};
dbBackend = "sqlite";
};
services.nginx.virtualHosts."bw.tudorr.ro" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8080";
};
"/notifications/hub" = {
proxyPass = "http://127.0.0.1:3012";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
"/notifications/hub/negotiate" = {
proxyPass = "http://127.0.0.1:8080";
};
};
extraConfig = ''
client_max_body_size 128M;
'';
};
};
}