initial config commit

2025-07-11 16:57:21 +10:00 · 2025-07-11 16:57:21 +10:00 · f3dc1d15ff
commit f3dc1d15ff
parent f8980b6805
79 changed files with 2725 additions and 0 deletions
--- a/modules/nixos/features/vaultwarden.nix
+++ b/modules/nixos/features/vaultwarden.nix
@ -0,0 +1,48 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+let
+  feature = "vaultwarden";
+  port = "5001";
+in
+{
+  config = lib.mkIf config.${feature}.enable {
+    services.${feature} = {
+      enable = true;
+      backupDir = "/srv/${feature}";
+      config = {
+        rocketPort = "${port}";
+        domain = "https://${feature}.fi33.buzz";
+        signupsAllowed = false;
+        invitationsAllowed = false;
+        showPasswordHint = false;
+        useSyslog = true;
+        extendedLogging = true;
+        adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}";
+      };
+    };
+
+    # reverse proxy
+    services.nginx.virtualHosts."${feature}.fi33.buzz" = {
+      forceSSL = true;
+      useACMEHost = "fi33.buzz";
+      locations."/" = {
+        proxyPass = "http://localhost:${port}";
+        proxyWebsockets = true;
+      };
+    };
+
+    # secrets
+    age.secrets = {
+      "vaultwarden-admin" = {
+        file = ../../../secrets/vaultwarden-admin.age;
+        owner = "${feature}";
+      };
+    };
+  };
+
+  options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
+}