nicks-nix-config/hosts/Alaska/modules/vaultwarden.nix

{ config, lib, pkgs, ... }:

let 

in 
{
  services.vaultwarden = {
    enable = true;
    # Set to sqlite to enable the default backups
    dbBackend = "sqlite";
    backupDir = "/Aurora/Backups/Vaultwarden";
    environmentFile = "/home/nixolas/.passfiles/vaultwarden.env";
    # https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
    config = {
      DOMAIN = "https://vaultwarden.nickiel.net";
      ROCKET_PORT = 8022;

      # for some reason, crashes when log_file is set
      # But it logs to systemctl just fine
      LOG_LEVEL = "trace";
      SIGNUPS_VERIFY = true;
      SIGNUPS_ALLOWED = false;

      # You can enable this in the admin portal
      # USE_SENDMAIL = true; # is broken rn :`(
      SENDMAIL_COMMAND = "/run/wrappers/sendmail";

      WEB_VAULT_FOLDER = "${pkgs.vaultwarden.webvault}/share/vaultwarden/vault";
      WEB_VAULT_ENABLED = true;
      WEBSOCKET_ENABLED = true;
      WEBSOCKET_ADDRESS = "0.0.0.0";
      WEBSOCKET_PORT = 3012;
    };
  };

  services.nginx.virtualHosts = {
    "vaultwarden.nickiel.net" = {
      forceSSL = true;
      enableACME = true;
      locations = {
        "/" = {
          proxyPass = "http://127.0.0.1:8022";
          extraConfig = ''
            allow 100.64.0.0/16;
            allow 127.0.0.1;
            deny all;
          '';
        };
# got the below from https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/hosts/ao/modules/vaultwarden.nix#L21

        "/notifications/hub/negotiate" = {
          proxyPass = "http://127.0.0.1:8022";
          proxyWebsockets = true;
          extraConfig = ''
            allow 100.64.0.0/16;
            allow 127.0.0.1;
            deny all;
          '';
        };
        "/notifications/hub" = {
          proxyPass = "http://127.0.0.1:3012";
          proxyWebsockets = true;
          extraConfig = ''
            allow 100.64.0.0/16;
            allow 127.0.0.1;
            deny all;
          '';
        };
      };
    };
  };
}
added self-hosted vaultwarden instance 2023-10-14 20:02:06 -07:00			`{ config, lib, pkgs, ... }:`

			`let`

			`in`
			`{`
			`services.vaultwarden = {`
			`enable = true;`
			`# Set to sqlite to enable the default backups`
			`dbBackend = "sqlite";`
			`backupDir = "/Aurora/Backups/Vaultwarden";`
			`environmentFile = "/home/nixolas/.passfiles/vaultwarden.env";`
			`# https://github.com/dani-garcia/vaultwarden/blob/main/.env.template`
			`config = {`
			`DOMAIN = "https://vaultwarden.nickiel.net";`
			`ROCKET_PORT = 8022;`

			`# for some reason, crashes when log_file is set`
			`# But it logs to systemctl just fine`
			`LOG_LEVEL = "trace";`
			`SIGNUPS_VERIFY = true;`
			`SIGNUPS_ALLOWED = false;`

			`# You can enable this in the admin portal`
			# USE_SENDMAIL = true; # is broken rn :`(
pointed at wrapped sendmail 2023-11-11 10:46:47 -08:00			`SENDMAIL_COMMAND = "/run/wrappers/sendmail";`
added self-hosted vaultwarden instance 2023-10-14 20:02:06 -07:00
			`WEB_VAULT_FOLDER = "${pkgs.vaultwarden.webvault}/share/vaultwarden/vault";`
			`WEB_VAULT_ENABLED = true;`
			`WEBSOCKET_ENABLED = true;`
			`WEBSOCKET_ADDRESS = "0.0.0.0";`
			`WEBSOCKET_PORT = 3012;`
			`};`
			`};`

			`services.nginx.virtualHosts = {`
			`"vaultwarden.nickiel.net" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations = {`
			`"/" = {`
			`proxyPass = "http://127.0.0.1:8022";`
			`extraConfig = ''`
			`allow 100.64.0.0/16;`
			`allow 127.0.0.1;`
			`deny all;`
			`'';`
			`};`
			`# got the below from https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/hosts/ao/modules/vaultwarden.nix#L21`

			`"/notifications/hub/negotiate" = {`
			`proxyPass = "http://127.0.0.1:8022";`
			`proxyWebsockets = true;`
			`extraConfig = ''`
			`allow 100.64.0.0/16;`
			`allow 127.0.0.1;`
			`deny all;`
			`'';`
			`};`
			`"/notifications/hub" = {`
			`proxyPass = "http://127.0.0.1:3012";`
			`proxyWebsockets = true;`
			`extraConfig = ''`
			`allow 100.64.0.0/16;`
			`allow 127.0.0.1;`
			`deny all;`
			`'';`
			`};`
			`};`
			`};`
			`};`
			`}`