nix-home/modules/cloud/bitwarden/default.nix

77 lines
1.8 KiB
Nix
Raw Normal View History

2021-11-01 01:41:29 +00:00
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.cloud.bitwarden;
databaseUser = "bitwarden";
databaseUrl = "postgres:///${user}?user=${user}";
user = "bitwarden";
port = 8001;
host = "bw.nkagami.me";
2023-11-04 20:33:53 +00:00
2023-11-21 13:34:14 +00:00
package = pkgs.unstable.vaultwarden-postgresql;
2021-11-01 01:41:29 +00:00
in
{
2023-08-10 18:49:16 +00:00
options.cloud.bitwarden = {
envFile = mkOption {
type = types.nullOr types.path;
description = "Path to the env file containing stuff";
default = null;
};
};
2021-11-01 01:41:29 +00:00
config = {
# users
users.users."${user}" = {
group = "${user}";
isSystemUser = true;
};
users.groups."${user}" = { };
# database
cloud.postgresql.databases = [ databaseUser ];
# traefik
2021-11-01 18:41:55 +00:00
cloud.traefik.hosts.bitwarden = {
inherit port host;
noCloudflare = true;
2021-11-01 18:41:55 +00:00
};
2021-11-01 01:41:29 +00:00
# systemd unit
systemd.services.bitwarden-server = {
after = [ "network.target" ];
path = with pkgs; [ openssl ];
environment = {
SIGNUPS_ALLOWED = "false";
DATABASE_URL = databaseUrl;
DATA_FOLDER = "/var/lib/bitwarden-server";
WEB_VAULT_FOLDER = "${pkgs.unstable.vaultwarden-vault}/share/vaultwarden/vault";
ROCKET_PORT = toString port;
2021-11-01 19:03:23 +00:00
2023-11-21 13:34:14 +00:00
PUSH_ENABLED = "true";
DOMAIN = "https://${host}";
2021-11-01 01:41:29 +00:00
};
2023-08-10 18:49:16 +00:00
2021-11-01 01:41:29 +00:00
serviceConfig = {
User = user;
Group = user;
2023-11-04 20:33:53 +00:00
ExecStart = "${package}/bin/vaultwarden";
2023-08-10 18:49:16 +00:00
EnvironmentFile = lists.optional (cfg.envFile != null) cfg.envFile;
2021-11-01 01:41:29 +00:00
LimitNOFILE = "1048576";
PrivateTmp = "true";
PrivateDevices = "true";
ProtectHome = "true";
ProtectSystem = "strict";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
StateDirectory = "bitwarden-server";
};
requires = [ "postgresql.service" ];
2021-11-01 01:41:29 +00:00
wantedBy = [ "multi-user.target" ];
};
};
}