34 lines
751 B
Nix
34 lines
751 B
Nix
{ ... }:
|
|
let
|
|
directories = [
|
|
"/opt/vaultwarden"
|
|
];
|
|
domain = "crypt.tdback.net";
|
|
port = "11001";
|
|
in
|
|
{
|
|
systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories;
|
|
virtualisation.oci-containers.containers.vaultwarden = {
|
|
image = "vaultwarden/server:latest";
|
|
autoStart = true;
|
|
ports = [
|
|
"${port}:80"
|
|
];
|
|
volumes = [
|
|
"/opt/vaultwarden/data:/data"
|
|
];
|
|
environment = {
|
|
DOMAIN = domain;
|
|
WEBSOCKET_ENABLED = "true";
|
|
SIGNUPS_ALLOWED = "false";
|
|
SHOW_PASSWORD_HINT = "false";
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."${domain}".extraConfig = ''
|
|
encode zstd gzip
|
|
reverse_proxy http://localhost:${port} {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
'';
|
|
}
|