pass: add vaultwarden for pass.new.hackens.org
This commit is contained in:
parent
227181f825
commit
dec8f0d43d
2 changed files with 40 additions and 1 deletions
|
@ -11,8 +11,8 @@
|
|||
./physical.nix
|
||||
../../profiles/core-hackens
|
||||
./wiki.nix
|
||||
./webpass.nix
|
||||
# ./bridge.nix
|
||||
# ./webpass.nix
|
||||
# ./gha.nix
|
||||
# ./sync.nix
|
||||
./misc
|
||||
|
|
39
hosts/hackens-org/webpass.nix
Normal file
39
hosts/hackens-org/webpass.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
security.acme = {
|
||||
defaults.email = "hackens@clipper.ens.fr";
|
||||
acceptTerms = true;
|
||||
};
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
DOMAIN = "https://pass.new.hackens.org";
|
||||
WEBSOCKET_ENABLED = true;
|
||||
WEBSOCKET_PORT = 10500;
|
||||
SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu";
|
||||
ROCKET_PORT = 10501;
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
LOG_FILE = "/var/log/vaultwarden";
|
||||
SIGNUPS_VERIFY = true;
|
||||
};
|
||||
environmentFile = "/etc/secrets/vaultwarden.env";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."pass.new.hackens.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:10501";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://localhost:10500";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://localhost:10501";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue