2021-10-16 20:34:42 +03:00
|
|
|
{ config, lib, tools, ... }:
|
|
|
|
with tools.nginx;
|
|
|
|
{
|
2021-11-29 02:38:59 +02:00
|
|
|
reservePortsFor = [ "bitwarden" ];
|
|
|
|
|
2021-10-16 20:34:42 +03:00
|
|
|
services.nginx.virtualHosts = mappers.mapSubdomains {
|
2021-11-29 02:38:59 +02:00
|
|
|
keychain = vhosts.proxy "http://127.0.0.1:${config.portsStr.bitwarden}";
|
2021-10-16 20:34:42 +03:00
|
|
|
};
|
2021-12-02 23:16:09 +02:00
|
|
|
services.vaultwarden = {
|
2021-10-16 20:34:42 +03:00
|
|
|
enable = true;
|
|
|
|
backupDir = "/srv/storage/private/bitwarden/backups";
|
|
|
|
config = {
|
|
|
|
dataFolder = "/srv/storage/private/bitwarden/data";
|
2021-11-29 02:38:59 +02:00
|
|
|
rocketPort = config.ports.bitwarden;
|
2021-10-16 20:34:42 +03:00
|
|
|
};
|
|
|
|
#environmentFile = ""; # TODO: agenix
|
|
|
|
};
|
2021-12-02 23:16:09 +02:00
|
|
|
systemd.services.vaultwarden.serviceConfig = {
|
2021-10-16 20:34:42 +03:00
|
|
|
ReadWriteDirectories = "/srv/storage/private/bitwarden";
|
|
|
|
};
|
2021-12-02 23:16:09 +02:00
|
|
|
systemd.services.backup-vaultwarden.environment.DATA_FOLDER = lib.mkForce config.services.vaultwarden.config.dataFolder;
|
2021-10-16 20:34:42 +03:00
|
|
|
}
|