nixos-config/profiles/servers/vaultwarden.nix

{ config, lib, inputs, ... }: {
  sops.secrets.vaultwarden.sopsFile = inputs.self.secretsDir + /home-hypervisor/vaultwarden.yaml;
  sops.secrets.vaultwarden.owner = config.users.users.vaultwarden.name;
  sops.secrets.vaultwarden.restartUnits = [ "vaultwarden.service" ];

  services.vaultwarden = {
    enable = true;
    backupDir = "/srv/vaultwarden";
    config = {
      domain = "https://vw.ataraxiadev.com";
      extendedLogging = true;
      invitationsAllowed = false;
      useSyslog = true;
      logLevel = "warn";
      rocketAddress = "127.0.0.1";
      rocketPort = 8812;
      showPasswordHint = false;
      signupsAllowed = false;
      signupsDomainsWhitelist = "ataraxiadev.com";
      signupsVerify = true;
      smtpAuthMechanism = "Login";
      smtpFrom = "vaultwarden@ataraxiadev.com";
      smtpFromName = "Vaultwarden";
      smtpHost = "mail.ataraxiadev.com";
      smtpPort = 587;
      smtpSecurity = "starttls";
      websocketAddress = "127.0.0.1";
      websocketEnabled = true;
      websocketPort = 3012;
      webVaultEnabled = true;
      dataDir = "/var/lib/bitwarden_rs";
    };
    environmentFile = config.sops.secrets.vaultwarden.path;
  };

  # We need to do this to successufully create backup folder
  systemd.services.backup-vaultwarden.serviceConfig = {
    User = "root";
    Group = "root";
  };

  persist.state.directories = [
    config.services.vaultwarden.dataDir
  ] ++ lib.optionals (config.deviceSpecific.devInfo.fileSystem != "zfs") [
    config.services.vaultwarden.backupDir
  ];
}
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`{ config, lib, inputs, ... }: {`
			`sops.secrets.vaultwarden.sopsFile = inputs.self.secretsDir + /home-hypervisor/vaultwarden.yaml;`
			`sops.secrets.vaultwarden.owner = config.users.users.vaultwarden.name;`
			`sops.secrets.vaultwarden.restartUnits = [ "vaultwarden.service" ];`
add some services 2022-02-21 02:25:13 +03:00
			`services.vaultwarden = {`
			`enable = true;`
wip 2023-01-13 04:03:15 +03:00			`backupDir = "/srv/vaultwarden";`
add some services 2022-02-21 02:25:13 +03:00			`config = {`
			`domain = "https://vw.ataraxiadev.com";`
			`extendedLogging = true;`
			`invitationsAllowed = false;`
update vaultwarden config 2023-04-25 17:20:58 +03:00			`useSyslog = true;`
add some services 2022-02-21 02:25:13 +03:00			`logLevel = "warn";`
wip 2023-01-13 04:03:15 +03:00			`rocketAddress = "127.0.0.1";`
add some services 2022-02-21 02:25:13 +03:00			`rocketPort = 8812;`
			`showPasswordHint = false;`
			`signupsAllowed = false;`
			`signupsDomainsWhitelist = "ataraxiadev.com";`
			`signupsVerify = true;`
			`smtpAuthMechanism = "Login";`
			`smtpFrom = "vaultwarden@ataraxiadev.com";`
			`smtpFromName = "Vaultwarden";`
			`smtpHost = "mail.ataraxiadev.com";`
			`smtpPort = 587;`
wip 2023-01-13 04:03:15 +03:00			`smtpSecurity = "starttls";`
			`websocketAddress = "127.0.0.1";`
add some services 2022-02-21 02:25:13 +03:00			`websocketEnabled = true;`
			`websocketPort = 3012;`
			`webVaultEnabled = true;`
update vaultwarden config 2023-04-25 17:20:58 +03:00			`dataDir = "/var/lib/bitwarden_rs";`
add some services 2022-02-21 02:25:13 +03:00			`};`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`environmentFile = config.sops.secrets.vaultwarden.path;`
add some services 2022-02-21 02:25:13 +03:00			`};`
persist module 2022-12-14 23:46:25 +03:00
wip 2023-01-13 04:03:15 +03:00			`# We need to do this to successufully create backup folder`
			`systemd.services.backup-vaultwarden.serviceConfig = {`
			`User = "root";`
			`Group = "root";`
			`};`

fix vaultwarden config 2023-01-26 02:11:48 +03:00			`persist.state.directories = [`
update vaultwarden config 2023-04-25 17:20:58 +03:00			`config.services.vaultwarden.dataDir`
fix vaultwarden config 2023-01-26 02:11:48 +03:00			`] ++ lib.optionals (config.deviceSpecific.devInfo.fileSystem != "zfs") [`
wip 2023-01-13 04:03:15 +03:00			`config.services.vaultwarden.backupDir`
fix vaultwarden config 2023-01-26 02:11:48 +03:00			`];`
add some services 2022-02-21 02:25:13 +03:00			`}`