vaultwarden

2025-12-17 03:29:20 +00:00 · 2024-10-15 16:32:53 +01:00 · 2024-10-15 16:32:53 +01:00 · af15c64ead
commit af15c64ead
parent 661ded9126
5 changed files with 39 additions and 1 deletions
--- a/hosts/hermes/default.nix
+++ b/hosts/hermes/default.nix
@ -11,5 +11,6 @@
    ./media.nix
    ./headscale.nix
    ./forgejo.nix
+    ./vaultwarden.nix
  ];
 }
--- a/hosts/hermes/vaultwarden.nix
+++ b/hosts/hermes/vaultwarden.nix
@ -0,0 +1,29 @@
+{config, ...}: let
+  domain = "vaultwarden.cleslie.uk";
+in {
+  services = {
+    cloudflare-dyndns.domains = [domain];
+    vaultwarden = {
+      enable = true;
+      dbBackend = "sqlite";
+      config = {
+        DOMAIN = "https://${domain}";
+        SIGNUPS_ALLOWED = false;
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_PORT = 8222;
+        ROCKET_LOG = "critical";
+      };
+      environmentFile = "${config.age.secrets.vaultwarden-env.path}";
+    };
+
+    caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} {
+        header_up X-Real-IP {remote_host}
+      }
+    '';
+  };
+
+  age.secrets."vaultwarden-env" = {
+    file = ../../secrets/vaultwarden-env.age;
+  };
+}