From 079ece082a4870ff0bfd81b014daf0ad0ab5e11a Mon Sep 17 00:00:00 2001 From: xinyangli Date: Sun, 17 Dec 2023 14:55:53 +0800 Subject: [PATCH] massicot: add vaultwarden server --- flake.nix | 5 ++-- machines/massicot/services.nix | 5 ++++ modules/nixos/default.nix | 1 + modules/nixos/vaultwarden.nix | 47 ++++++++++++++++++++++++++++++++++ 4 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 modules/nixos/vaultwarden.nix diff --git a/flake.nix b/flake.nix index 0ed4249..8584b8d 100644 --- a/flake.nix +++ b/flake.nix @@ -85,11 +85,12 @@ }; massicot = { name, nodes, pkgs, ... }: with inputs; { - deployment.targetHost = "***REMOVED***"; - deployment.targetUser = "root"; + deployment.targetHost = "49.13.13.122"; + deployment.targetUser = "xin"; imports = [ { nixpkgs.system = "aarch64-linux"; } + self.nixosModules.default machines/massicot ]; }; diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index 48cbed2..410d546 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -6,6 +6,11 @@ in networking.firewall.allowedTCPPorts = [ 80 443 2222 8448 ]; networking.firewall.allowedUDPPorts = [ 80 443 8448 ]; + custom.vaultwarden = { + enable = true; + domain = "vaultwarden.xinyang.life"; + }; + fileSystems = builtins.listToAttrs (map (share: { name = "/mnt/storage/${share}"; value = { diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 1759f2f..1b91ad5 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -2,5 +2,6 @@ { imports = [ ./restic.nix + ./vaultwarden.nix ]; } \ No newline at end of file diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix new file mode 100644 index 0000000..6c0af66 --- /dev/null +++ b/modules/nixos/vaultwarden.nix @@ -0,0 +1,47 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.custom.vaultwarden; +in +{ + options = { + custom.vaultwarden = { + enable = mkEnableOption "vaultwarden server"; + domain = mkOption { + type = types.str; + default = "bitwarden.example.com"; + description = "Domain name of the vaultwarden server"; + }; + caddy = mkOption { + type = types.bool; + default = true; + description = "Enable Caddy as reverse proxy"; + }; + # TODO: mailserver support + }; + }; + config = { + services.vaultwarden = mkIf cfg.enable { + enable = true; + dbBackend = "sqlite"; + config = { + DOMAIN = "https://${cfg.domain}"; + SIGNUPS_ALLOWED = false; + + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + + ROCKET_LOG = "critical"; + }; + }; + services.caddy = mkIf cfg.caddy { + enable = true; + virtualHosts."https://${cfg.domain}".extraConfig = '' + reverse_proxy ${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT} + ''; + }; + }; +} +