2024-10-19 05:00:06 +00:00
|
|
|
{
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
ports,
|
|
|
|
...
|
|
|
|
}:
|
2024-09-06 12:19:44 +00:00
|
|
|
let
|
2024-10-19 05:00:06 +00:00
|
|
|
port = ports.vaultwarden;
|
2024-09-06 12:19:44 +00:00
|
|
|
in
|
2024-08-25 15:02:35 +00:00
|
|
|
{
|
2024-08-12 13:23:46 +00:00
|
|
|
services.vaultwarden = {
|
|
|
|
enable = true;
|
|
|
|
environmentFile = config.sops.secrets."vaultwarden/environment".path;
|
|
|
|
config = {
|
|
|
|
DOMAIN = "https://vault.ny4.dev";
|
|
|
|
IP_HEADER = "X-Forwarded-For";
|
|
|
|
ROCKET_ADDRESS = "127.0.0.1";
|
2024-09-06 12:19:44 +00:00
|
|
|
ROCKET_PORT = port;
|
2024-08-12 13:23:46 +00:00
|
|
|
|
|
|
|
EMERGENCY_ACCESS_ALLOWED = false;
|
|
|
|
SENDS_ALLOWED = false;
|
|
|
|
SIGNUPS_ALLOWED = false;
|
|
|
|
ORG_CREATION_USERS = "none";
|
|
|
|
};
|
|
|
|
};
|
2024-08-31 02:15:09 +00:00
|
|
|
|
|
|
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
2024-09-20 17:38:01 +00:00
|
|
|
match = lib.singleton { host = [ "vault.ny4.dev" ]; };
|
2024-08-31 02:15:09 +00:00
|
|
|
handle = lib.singleton {
|
|
|
|
handler = "reverse_proxy";
|
2024-09-06 12:19:44 +00:00
|
|
|
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
2024-08-31 02:15:09 +00:00
|
|
|
};
|
|
|
|
};
|
2024-08-12 13:23:46 +00:00
|
|
|
}
|