pass: add vaultwarden for pass.new.hackens.org

This commit is contained in:
Raito Bezarius 2022-03-29 13:17:30 -04:00
parent 227181f825
commit dec8f0d43d
2 changed files with 40 additions and 1 deletions

View file

@ -11,8 +11,8 @@
./physical.nix
../../profiles/core-hackens
./wiki.nix
./webpass.nix
# ./bridge.nix
# ./webpass.nix
# ./gha.nix
# ./sync.nix
./misc

View file

@ -0,0 +1,39 @@
{ pkgs, ... }:
{
security.acme = {
defaults.email = "hackens@clipper.ens.fr";
acceptTerms = true;
};
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://pass.new.hackens.org";
WEBSOCKET_ENABLED = true;
WEBSOCKET_PORT = 10500;
SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu";
ROCKET_PORT = 10501;
ROCKET_ADDRESS = "127.0.0.1";
LOG_FILE = "/var/log/vaultwarden";
SIGNUPS_VERIFY = true;
};
environmentFile = "/etc/secrets/vaultwarden.env";
};
services.nginx.virtualHosts."pass.new.hackens.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:10501";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://localhost:10500";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://localhost:10501";
proxyWebsockets = true;
};
};
}