Re-add Vaultwarden

2025-01-01 14:47:09 +00:00 · 2025-01-01 14:47:09 +00:00 · 7f2b50f736
parent 07fde36fb0
commit 7f2b50f736
3 changed files with 33 additions and 1 deletions
--- a/nix/hosts/nixedo/default.nix
+++ b/nix/hosts/nixedo/default.nix
@ -13,7 +13,7 @@
      paperless.enable = true;
      pihole.enable = true;
      tubearchivist-container.enable = true;
-      # vaultwarden.enable = true;
+      vaultwarden.enable = true;
    };
  };

--- a/nix/modules/nixos/features/homelab/default.nix
+++ b/nix/modules/nixos/features/homelab/default.nix
@ -9,5 +9,6 @@
    ./paperless.nix
    ./pi-hole.nix
    ./tubearchivist-container.nix
+    ./vaultwarden.nix
  ];
 }
--- a/nix/modules/nixos/features/homelab/vaultwarden.nix
+++ b/nix/modules/nixos/features/homelab/vaultwarden.nix
@ -0,0 +1,31 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  options.features.homelab.vaultwarden.enable = mkEnableOption "Enable vaultwarden";
+
+  config = mkIf config.features.homelab.vaultwarden.enable {
+    services = {
+      vaultwarden = {
+        enable = true;
+
+        config = {
+          DOMAIN = "https://vaultwarden.opdavies.uk";
+
+          # TODO: check registrations are disabled.
+          SIGNUPS_ALLOWED = false;
+
+          ROCKET_ADDRESS = "127.0.0.1";
+          ROCKET_PORT = 8222;
+        };
+      };
+
+      caddy.virtualHosts."vaultwarden.opdavies.uk" = {
+        useACMEHost = "opdavies.uk";
+
+        extraConfig = "reverse_proxy localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+      };
+    };
+  };
+}