# SPDX-FileCopyrightText: 2024 Tom Hubrecht # # SPDX-License-Identifier: EUPL-1.2 { config, ... }: let host = "pass.dgnum.eu"; port = 10501; wsPort = 10500; in { services.vaultwarden = { enable = true; config = { DOMAIN = "https://${host}"; WEBSOCKET_ENABLED = true; WEBSOCKET_PORT = wsPort; SIGNUPS_DOMAINS_WHITELIST = "dgnum.eu,ens.fr,ens.psl.eu"; ROCKET_PORT = port; ROCKET_ADDRESS = "127.0.0.1"; SIGNUPS_VERIFY = true; USE_SYSLOG = true; DATABASE_URL = "postgresql://vaultwarden?host=/run/postgresql"; SMTP_USERNAME = "web-services@infra.dgnum.eu"; SMTP_FROM = "noreply@infra.dgnum.eu"; SMTP_FROM_NAME = "DGNum Vault"; SMTP_PORT = 465; SMTP_HOST = "kurisu.lahfa.xyz"; SMTP_SECURITY = "force_tls"; }; dbBackend = "postgresql"; environmentFile = config.age.secrets."vaultwarden-environment_file".path; }; dgn-web = { internalPorts.vaultwarden-websockets = wsPort; simpleProxies.vaultwarden = { inherit host port; proxyWebsockets = true; vhostConfig.locations = { "/notifications/hub" = { proxyPass = "http://127.0.0.1:${builtins.toString port}"; proxyWebsockets = true; }; "/notifications/hub/negotiate" = { proxyPass = "http://127.0.0.1:${builtins.toString wsPort}"; proxyWebsockets = true; }; }; }; }; services.postgresql = { enable = true; ensureDatabases = [ "vaultwarden" ]; ensureUsers = [ { name = "vaultwarden"; ensureDBOwnership = true; } ]; }; dgn-backups.jobs.vaultwarden.settings.paths = [ "/var/lib/bitwarden_rs" ]; dgn-backups.postgresDatabases = [ "vaultwarden" ]; }