nix-config/containers/vaultwarden/default.nix

{ ... }:
let
  directories = [
    "/opt/vaultwarden"
  ];
  domain = "crypt.tdback.net";
  port = "11001";
in
{
  systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories;
  virtualisation.oci-containers.containers.vaultwarden = {
    image = "vaultwarden/server:latest";
    autoStart = true;
    ports = [
      "${port}:80"
    ];
    volumes = [
      "/opt/vaultwarden/data:/data"
    ];
    environment = {
      DOMAIN = domain;
      WEBSOCKET_ENABLED = "true";
      SIGNUPS_ALLOWED = "false";
      SHOW_PASSWORD_HINT = "false";
    };
  };

  services.caddy.virtualHosts."${domain}".extraConfig = ''
    encode zstd gzip
    reverse_proxy http://localhost:${port} {
      header_up X-Real-IP {remote_host}
    }
  '';
}
starting fresh on a self-hosted forge 2024-11-10 17:54:08 -05:00			`{ ... }:`
			`let`
			`directories = [`
			`"/opt/vaultwarden"`
			`];`
			`domain = "crypt.tdback.net";`
			`port = "11001";`
			`in`
			`{`
			`systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories;`
			`virtualisation.oci-containers.containers.vaultwarden = {`
			`image = "vaultwarden/server:latest";`
			`autoStart = true;`
			`ports = [`
			`"${port}:80"`
			`];`
			`volumes = [`
			`"/opt/vaultwarden/data:/data"`
			`];`
			`environment = {`
			`DOMAIN = domain;`
			`WEBSOCKET_ENABLED = "true";`
			`SIGNUPS_ALLOWED = "false";`
			`SHOW_PASSWORD_HINT = "false";`
			`};`
			`};`

			`services.caddy.virtualHosts."${domain}".extraConfig = ''`
			`encode zstd gzip`
			`reverse_proxy http://localhost:${port} {`
			`header_up X-Real-IP {remote_host}`
			`}`
			`'';`
			`}`