about summary refs log tree commit diff
path: root/modules/nixos/vaultwarden.nix
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2024-03-31 21:29:27 +0300
committerAzat Bahawi <azat@bahawi.net>2024-03-31 21:29:27 +0300
commit9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch)
treef28beec29deeea36038615a8fb98a810891940b5 /modules/nixos/vaultwarden.nix
parent2024-03-19 (diff)
2024-03-31
Diffstat (limited to '')
-rw-r--r--modules/nixos/vaultwarden.nix25
1 files changed, 14 insertions, 11 deletions
diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix
index 53a3f81..2cacb6c 100644
--- a/modules/nixos/vaultwarden.nix
+++ b/modules/nixos/vaultwarden.nix
@@ -4,9 +4,11 @@
   lib,
   ...
 }:
-with lib; let
+with lib;
+let
   cfg = config.nixfiles.modules.vaultwarden;
-in {
+in
+{
   options.nixfiles.modules.vaultwarden = {
     enable = mkEnableOption "Vaultwarden";
 
@@ -17,11 +19,12 @@ in {
     };
   };
 
-  config = let
-    db = "vaultwarden";
-  in
+  config =
+    let
+      db = "vaultwarden";
+    in
     mkIf cfg.enable {
-      ark.directories = ["/var/lib/bitwarden_rs"];
+      ark.directories = [ "/var/lib/bitwarden_rs" ];
 
       secrets.vaultwarden-environment = {
         file = "${inputs.self}/secrets/vaultwarden-environment";
@@ -33,8 +36,8 @@ in {
         nginx = {
           enable = true;
           upstreams = with config.services.vaultwarden.config; {
-            vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {};
-            vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {};
+            vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = { };
+            vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = { };
           };
           virtualHosts.${cfg.domain}.locations = {
             "/" = {
@@ -95,7 +98,7 @@ in {
         };
 
         postgresql = {
-          ensureDatabases = [db];
+          ensureDatabases = [ db ];
           ensureUsers = [
             {
               name = db;
@@ -123,14 +126,14 @@ in {
       };
 
       environment.etc = {
-        "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI {} {
+        "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI { } {
           Definition = {
             failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$";
             ignoreregex = "";
             journalmatch = "_SYSTEMD_UNIT=vaultwarden.service";
           };
         };
-        "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI {} {
+        "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI { } {
           Definition = {
             failregex = "^.*Invalid admin token\. IP: <ADDR>.*$";
             ignoreregex = "";

Consider giving Nix/NixOS a try! <3