hackens-org-configurations/hosts/hackens-org/webpass.nix

40 lines
1,000 B
Nix
Raw Permalink Normal View History

{ pkgs, ... }:
{
security.acme = {
defaults.email = "hackens@clipper.ens.fr";
acceptTerms = true;
};
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://pass.new.hackens.org";
WEBSOCKET_ENABLED = true;
WEBSOCKET_PORT = 10500;
SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu";
ROCKET_PORT = 10501;
ROCKET_ADDRESS = "127.0.0.1";
LOG_FILE = "/var/log/vaultwarden";
SIGNUPS_VERIFY = true;
};
environmentFile = "/etc/secrets/vaultwarden.env";
};
services.nginx.virtualHosts."pass.new.hackens.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:10501";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://localhost:10500";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://localhost:10501";
proxyWebsockets = true;
};
};
}