pass: add vaultwarden for pass.new.hackens.org

2022-03-29 13:17:30 -04:00 · 2022-03-29 13:17:30 -04:00 · dec8f0d43d
commit dec8f0d43d
parent 227181f825
2 changed files with 40 additions and 1 deletions
--- a/hosts/hackens-org/configuration.nix
+++ b/hosts/hackens-org/configuration.nix
@ -11,8 +11,8 @@
      ./physical.nix
      ../../profiles/core-hackens
      ./wiki.nix
+      ./webpass.nix
      # ./bridge.nix
-      # ./webpass.nix
      # ./gha.nix
      # ./sync.nix
      ./misc
--- a/hosts/hackens-org/webpass.nix
+++ b/hosts/hackens-org/webpass.nix
@ -0,0 +1,39 @@
+{ pkgs, ... }:
+{
+  security.acme = {
+    defaults.email = "hackens@clipper.ens.fr";
+    acceptTerms = true;
+  };
+
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      DOMAIN = "https://pass.new.hackens.org";
+      WEBSOCKET_ENABLED = true;
+      WEBSOCKET_PORT = 10500;
+      SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu";
+      ROCKET_PORT = 10501;
+      ROCKET_ADDRESS = "127.0.0.1";
+      LOG_FILE = "/var/log/vaultwarden";
+      SIGNUPS_VERIFY = true;
+    };
+    environmentFile = "/etc/secrets/vaultwarden.env";
+  };
+
+  services.nginx.virtualHosts."pass.new.hackens.org" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:10501";
+      proxyWebsockets = true;
+    };
+    locations."/notifications/hub" = {
+      proxyPass = "http://localhost:10500";
+      proxyWebsockets = true;
+    };
+    locations."/notifications/hub/negotiate" = {
+      proxyPass = "http://localhost:10501";
+      proxyWebsockets = true;
+    };
+  };
+}