From 0a5754541bb01e96021ca7ee74f1256a8ee68bc4 Mon Sep 17 00:00:00 2001
From: tdback <tyler@tdback.net>
Date: Sat, 21 Dec 2024 15:32:13 -0500
Subject: initial commit to self-hosted git

---
 modules/containers/vaultwarden/default.nix | 34 ++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 modules/containers/vaultwarden/default.nix

(limited to 'modules/containers/vaultwarden')

diff --git a/modules/containers/vaultwarden/default.nix b/modules/containers/vaultwarden/default.nix
new file mode 100644
index 0000000..cc6b86f
--- /dev/null
+++ b/modules/containers/vaultwarden/default.nix
@@ -0,0 +1,34 @@
+{ lib, ... }:
+let
+  directory = "/opt/vaultwarden";
+  domain = "steel-mountain.brownbread.net";
+  port = "11001";
+in
+{
+  systemd.tmpfiles.rules =
+    map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory);
+
+  virtualisation.oci-containers.containers.vaultwarden = {
+    image = "vaultwarden/server:latest";
+    autoStart = true;
+    ports = [
+      "${port}:80"
+    ];
+    volumes = [
+      "${directory}/data:/data"
+    ];
+    environment = {
+      DOMAIN = domain;
+      WEBSOCKET_ENABLED = "true";
+      SIGNUPS_ALLOWED = "false";
+      SHOW_PASSWORD_HINT = "false";
+    };
+  };
+
+  services.caddy.virtualHosts.${domain}.extraConfig = ''
+    encode zstd gzip
+    reverse_proxy http://localhost:${port} {
+      header_up X-Real-IP {remote_host}
+    }
+  '';
+}
-- 
cgit v1.2.3