34 lines
763 B
Nix
34 lines
763 B
Nix
{ lib, ... }:
|
|
let
|
|
domain = "crypt.tdback.net";
|
|
port = "11001";
|
|
directory = "/opt/vaultwarden";
|
|
in
|
|
{
|
|
systemd.tmpfiles.rules =
|
|
map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory);
|
|
|
|
virtualisation.oci-containers.containers.vaultwarden = {
|
|
image = "vaultwarden/server:latest";
|
|
autoStart = true;
|
|
ports = [
|
|
"${port}:80"
|
|
];
|
|
volumes = [
|
|
"${directory}/data:/data"
|
|
];
|
|
environment = {
|
|
DOMAIN = domain;
|
|
WEBSOCKET_ENABLED = "true";
|
|
SIGNUPS_ALLOWED = "false";
|
|
SHOW_PASSWORD_HINT = "false";
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
|
encode zstd gzip
|
|
reverse_proxy http://localhost:${port} {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
'';
|
|
}
|