hackens-org-configurations/machines/hackens-org/webpass.nix

45 lines
1.1 KiB
Nix
Raw Permalink Normal View History

{ pkgs, ... }:
{
security.acme = {
2023-01-12 18:39:33 +01:00
defaults.email = "hackens@clipper.ens.fr";
acceptTerms = true;
};
services.vaultwarden = {
enable = true;
config = {
2023-12-20 19:53:09 +01:00
DOMAIN = "https://pass.hackens.org";
WEBSOCKET_ENABLED = true;
WEBSOCKET_PORT = 10500;
SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu";
ROCKET_PORT = 10501;
ROCKET_ADDRESS = "127.0.0.1";
2023-07-25 18:59:13 +02:00
LOG_FILE = "/var/lib/bitwarden_rs/logfile";
SIGNUPS_VERIFY = true;
};
environmentFile = "/etc/secrets/vaultwarden.env";
};
2023-01-12 18:39:33 +01:00
services.nginx.enable = true;
2023-12-20 19:53:09 +01:00
services.nginx.virtualHosts."pass.hackens.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:10501";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://localhost:10500";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://localhost:10501";
proxyWebsockets = true;
};
};
2024-09-24 12:33:51 +02:00
networking.firewall.allowedTCPPorts = [
80
443
];
}