NixOS-Config/system/server/vaultwarden.nix

33 lines
949 B
Nix

{outputs, ...}: {
services = {
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://warden.${outputs.secrets.jimDomain}";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
# Smtp email
SMTP_HOST = "mx.${outputs.secrets.jimDomain}";
SMTP_FROM = "Jimbo's Vaultwarden <noreply@${outputs.secrets.jimDomain}>";
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "noreply@${outputs.secrets.jimDomain}";
SMTP_PASSWORD = outputs.secrets.noreplyPassword;
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
SMTP_TIMEOUT = 15;
};
};
nginx.virtualHosts."warden.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8222";
proxyWebsockets = true;
};
};
};
}