tyo0: add vaultwarden
This commit is contained in:
parent
faf34f2718
commit
f45dd5d1df
4 changed files with 43 additions and 15 deletions
|
@ -91,20 +91,20 @@ element.ny4.dev {
|
||||||
cinny.ny4.dev {
|
cinny.ny4.dev {
|
||||||
import default
|
import default
|
||||||
|
|
||||||
@index {
|
@index {
|
||||||
not path /index.html
|
not path /index.html
|
||||||
not path /public/*
|
not path /public/*
|
||||||
not path /assets/*
|
not path /assets/*
|
||||||
not path /config.json
|
not path /config.json
|
||||||
not path /manifest.json
|
not path /manifest.json
|
||||||
not path /pdf.worker.min.js
|
not path /pdf.worker.min.js
|
||||||
not path /olm.wasm
|
not path /olm.wasm
|
||||||
path /*
|
path /*
|
||||||
}
|
}
|
||||||
|
|
||||||
root * @cinny@
|
root * @cinny@
|
||||||
rewrite /*/olm.wasm /olm.wasm
|
rewrite /*/olm.wasm /olm.wasm
|
||||||
rewrite @index /index.html
|
rewrite @index /index.html
|
||||||
file_server
|
file_server
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -122,3 +122,8 @@ reddit.ny4.dev {
|
||||||
import default
|
import default
|
||||||
reverse_proxy localhost:9400
|
reverse_proxy localhost:9400
|
||||||
}
|
}
|
||||||
|
|
||||||
|
vault.ny4.dev {
|
||||||
|
import default
|
||||||
|
reverse_proxy localhost:9500
|
||||||
|
}
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
./services/ntfy.nix
|
./services/ntfy.nix
|
||||||
./services/pixivfe.nix
|
./services/pixivfe.nix
|
||||||
./services/searx.nix
|
./services/searx.nix
|
||||||
|
./services/vaultwarden.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
time.timeZone = "Asia/Tokyo";
|
time.timeZone = "Asia/Tokyo";
|
||||||
|
@ -47,6 +48,9 @@
|
||||||
"miniflux/environment" = {
|
"miniflux/environment" = {
|
||||||
restartUnits = ["miniflux.service"];
|
restartUnits = ["miniflux.service"];
|
||||||
};
|
};
|
||||||
|
"vaultwarden/environment" = {
|
||||||
|
restartUnits = ["vaultwarden.service"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
### Services
|
### Services
|
||||||
|
|
|
@ -6,6 +6,8 @@ pixivfe:
|
||||||
environment: ENC[AES256_GCM,data:/Q/rShBXlXkWOOP+7OhKtKTSrp2zNizMaAOyKfWbKgJMHTjNfmMtRuGKRez9KXM5MDIMIF9iJSQ=,iv:whIAkaWiZcZT4HfmJw4qA+fbQ9zHFp+kTuHxQDE3XoU=,tag:FroLTMtNwGlvZw3osftj3A==,type:str]
|
environment: ENC[AES256_GCM,data:/Q/rShBXlXkWOOP+7OhKtKTSrp2zNizMaAOyKfWbKgJMHTjNfmMtRuGKRez9KXM5MDIMIF9iJSQ=,iv:whIAkaWiZcZT4HfmJw4qA+fbQ9zHFp+kTuHxQDE3XoU=,tag:FroLTMtNwGlvZw3osftj3A==,type:str]
|
||||||
miniflux:
|
miniflux:
|
||||||
environment: ENC[AES256_GCM,data:eT1rVeXbDANk/+9xmxmTHvMNofyplNGvVFgTj4lFQlJSHTi+br1qfg0tddf5aCtE8cNGt0fNm63qguI2Df/+KWENhb0vCpjRG7zryfBhEwMP5jkVgDnaHYolS1z3OmhlEpE=,iv:tWAUCtlk8wDGWGmn7j00QOVwjPYDkTPDGpyxd1pP6ig=,tag:gLNdzK9GZ/m5mWL5YNrzyQ==,type:str]
|
environment: ENC[AES256_GCM,data:eT1rVeXbDANk/+9xmxmTHvMNofyplNGvVFgTj4lFQlJSHTi+br1qfg0tddf5aCtE8cNGt0fNm63qguI2Df/+KWENhb0vCpjRG7zryfBhEwMP5jkVgDnaHYolS1z3OmhlEpE=,iv:tWAUCtlk8wDGWGmn7j00QOVwjPYDkTPDGpyxd1pP6ig=,tag:gLNdzK9GZ/m5mWL5YNrzyQ==,type:str]
|
||||||
|
vaultwarden:
|
||||||
|
environment: ENC[AES256_GCM,data:+pcUVL7yVXKVp57/feHHWmSuH/2B0hLtADxZWCQOOMG+M3UQh+4dHA5debiv,iv:Zy6xn4Z4VwVXfWWjVeCYY/gRnDp//7yUPLbtLuABFPY=,tag:LxEc31YhgyjEhDrqoJxCJw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -30,8 +32,8 @@ sops:
|
||||||
R1ZMMG1jWnljNWl5Nk5MU3RCMlFPYjgKL1ScxzF0D1R18H+oe6dlxUGlL9myHEr3
|
R1ZMMG1jWnljNWl5Nk5MU3RCMlFPYjgKL1ScxzF0D1R18H+oe6dlxUGlL9myHEr3
|
||||||
3HBPoapKCSQ/cT7Xma4bsWD1AVJIf1Ak+MeCs9ItGwKAcnd9JYZ9KA==
|
3HBPoapKCSQ/cT7Xma4bsWD1AVJIf1Ak+MeCs9ItGwKAcnd9JYZ9KA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-07-18T09:46:47Z"
|
lastmodified: "2024-08-12T12:55:54Z"
|
||||||
mac: ENC[AES256_GCM,data:EJsQO/XsF8SpyEP8s9u1DXQkSsqodknF9ibl94/kOOIutx9ML+L0ltYA3+/eW17K9Mwvy6CyojKiQLiYgL2RLJd1zxZKedmp+l3klu1im8Wocwh073nemHIR1J6H5hoE6y36tDCXRrMDbWIfMjvlp6FlhFsI/n3Na1iCDall6mA=,iv:O9Y0j5G3sE67Bfz0MhcPYYpU71cGgtIdde8a1WQiigs=,tag:eNIvBVu7LPnC5s2f3MzptQ==,type:str]
|
mac: ENC[AES256_GCM,data:H1zm+Rk9F9SkRbANU4GYjhZpys3e5qQNBBsdIbgXD3AZTAKZVyemT6Vb8k0ufkfzQ98L0Xrm/S1JQFvcyaZqRHv+C2GW3F34FlSS4IOtaJz9IgVIdvaM4WvaOTtpC5B+5CKnA/oBPOmhEBCdi2LIjzrUltEzKpemWHkIIT2eHQA=,iv:1RCjLEz0W+tHQep4EguweYKSfePXa1VE3+gzlcFsAug=,tag:Oonqihfe83l5SNOmLjOPYg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
17
hosts/tyo0/services/vaultwarden.nix
Normal file
17
hosts/tyo0/services/vaultwarden.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{config, ...}: {
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
environmentFile = config.sops.secrets."vaultwarden/environment".path;
|
||||||
|
config = {
|
||||||
|
DOMAIN = "https://vault.ny4.dev";
|
||||||
|
IP_HEADER = "X-Forwarded-For";
|
||||||
|
ROCKET_ADDRESS = "127.0.0.1";
|
||||||
|
ROCKET_PORT = 9500;
|
||||||
|
|
||||||
|
EMERGENCY_ACCESS_ALLOWED = false;
|
||||||
|
SENDS_ALLOWED = false;
|
||||||
|
SIGNUPS_ALLOWED = false;
|
||||||
|
ORG_CREATION_USERS = "none";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue