j00lz/strato-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add Vaultwarden

Browse source
This commit is contained in:
Julius 2022-05-22 12:09:12 +02:00
parent 75ade9c9e1
commit 7ef72afc56
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
4 changed files with 40 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
nixos/flake.nix
View file

@ -122,6 +122,14 @@
}; };
}; };
vaultwarden = {
imports = [ ./machines/vaultwarden ];
deployment = {
targetHost = "vaultwarden.lxd";
tags = [ "system" ];
};
};
# k3s = { # k3s = {
# imports = [ ./machines/k3s ]; # imports = [ ./machines/k3s ];
# deployment = { # deployment = {

1
nixos/machines/nginx/default.nix
View file

@ -46,6 +46,7 @@ in {
virtualHosts."s3.asraphiel.dev" = bigProxy "http://minio.lxd:9000/"; virtualHosts."s3.asraphiel.dev" = bigProxy "http://minio.lxd:9000/";
virtualHosts."shell.s3.asraphiel.dev" = proxy "http://minio.lxd:9001/"; virtualHosts."shell.s3.asraphiel.dev" = proxy "http://minio.lxd:9001/";
virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/"; virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/";
virtualHosts."vaultwarden.asraphiel.dev" = proxy "http://vaultwarden.lxd:8000/";
}; };
security.acme.email = "acme@voidcorp.nl"; security.acme.email = "acme@voidcorp.nl";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;

6
nixos/machines/postgres/default.nix
View file

@ -17,7 +17,7 @@
host all all 10.0.0.0/8 trust host all all 10.0.0.0/8 trust
host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
''; '';
ensureDatabases = [ "gitea" "vault" ]; ensureDatabases = [ "gitea" "vault" "vaultwarden" ];
ensureUsers = [ ensureUsers = [
{ {
name = "gitea"; name = "gitea";
@ -28,6 +28,10 @@
name = "vault"; name = "vault";
ensurePermissions = { "DATABASE \"vault\"" = "ALL PRIVILEGES"; }; ensurePermissions = { "DATABASE \"vault\"" = "ALL PRIVILEGES"; };
} }
{
name = "vaultwarden";
ensurePermissions = { "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; };
}
]; ];
enableTCPIP = true; enableTCPIP = true;

26
nixos/machines/vaultwarden/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, deployment, ... }: {
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "vaultwarden";
system.stateVersion = "21.11";
networking.firewall.allowedTCPPorts = [ 8000 ];
deployment.keys."envFile" = {
user = "vaultwarden";
group = "vaultwarden";
destDir = "/var/lib/keys";
keyCommand = [ "vault" "kv" "get" "-field=env" "kv/vaultwarden" ];
};
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = "/var/lib/keys/envFile";
config = {
domain = "https://vaultwarden.asraphiel.dev";
signupsDomainsWhitelist = "voidcorp.nl";
rocketPort = 8000;
};
};
}