2024-05-31 11:11:57 +02:00
|
|
|
{ pkgs, lib, ... }:
|
2021-04-04 08:43:55 +02:00
|
|
|
let
|
|
|
|
port = 8812;
|
|
|
|
in {
|
2021-12-17 21:11:21 +01:00
|
|
|
services.vaultwarden = {
|
2021-04-04 08:43:55 +02:00
|
|
|
enable = true;
|
|
|
|
dbBackend = "postgresql";
|
|
|
|
config.signups_allowed = false;
|
|
|
|
config.rocketPort = port;
|
|
|
|
config.domain = "https://bw.euer.krebsco.de";
|
|
|
|
#config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden";
|
|
|
|
config.databaseUrl = "postgresql:///bitwarden";
|
|
|
|
config.websocket_enabled = true;
|
|
|
|
};
|
|
|
|
|
2021-12-17 21:11:21 +01:00
|
|
|
systemd.services.vaultwarden.after = [ "postgresql.service" ];
|
2021-04-04 08:43:55 +02:00
|
|
|
|
|
|
|
services.postgresql = {
|
|
|
|
enable = true;
|
2024-05-31 11:11:57 +02:00
|
|
|
ensureDatabases = [ "bitwarden" "vaultwarden" ];
|
2021-12-17 21:11:21 +01:00
|
|
|
ensureUsers = [
|
2024-05-31 11:11:57 +02:00
|
|
|
{ name = "vaultwarden"; ensureDBOwnership = true; }
|
2021-12-17 21:11:21 +01:00
|
|
|
];
|
2021-04-04 08:43:55 +02:00
|
|
|
};
|
2024-05-31 11:11:57 +02:00
|
|
|
systemd.services.postgresql.postStart = lib.mkAfter ''
|
|
|
|
$PSQL -tAc 'GRANT ALL ON DATABASE bitwarden to vaultwarden' || true
|
|
|
|
'';
|
2022-06-06 21:15:49 +02:00
|
|
|
services.postgresqlBackup = {
|
|
|
|
enable = true;
|
2024-05-31 11:11:57 +02:00
|
|
|
databases = [ "bitwarden" "vaultwarden" ];
|
2022-06-06 21:15:49 +02:00
|
|
|
};
|
2022-06-06 21:17:35 +02:00
|
|
|
systemd.services.postgresqlBackup-bitwarden.serviceConfig.SupplementaryGroups = [ "download" ];
|
2024-05-31 11:11:57 +02:00
|
|
|
systemd.services.postgresqlBackup-vaultwarden.serviceConfig.SupplementaryGroups = [ "download" ];
|
2022-06-06 21:15:49 +02:00
|
|
|
|
2021-04-04 08:43:55 +02:00
|
|
|
|
|
|
|
services.nginx.virtualHosts."bw.euer.krebsco.de" ={
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://localhost:8812";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
locations."/notifications/hub" = {
|
|
|
|
proxyPass = "http://localhost:3012";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
locations."/notifications/hub/negotiate" = {
|
|
|
|
proxyPass = "http://localhost:8812";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|