diff options
| author | azahi <azat@bahawi.net> | 2024-11-10 01:08:38 +0300 |
|---|---|---|
| committer | azahi <azat@bahawi.net> | 2024-11-10 01:08:38 +0300 |
| commit | 693768ee37098dbebb38c86e27044f2faa38348d (patch) | |
| tree | 37c92a1c83cf22fa5e5a570baa8598ba6063c795 /modules/vaultwarden.nix | |
| parent | 2024-10-29 (diff) | |
Diffstat (limited to 'modules/vaultwarden.nix')
| -rw-r--r-- | modules/vaultwarden.nix | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index edce8e5..124ff78 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -5,17 +5,16 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.vaultwarden; in { options.nixfiles.modules.vaultwarden = { - enable = mkEnableOption "Vaultwarden"; + enable = lib.mkEnableOption "Vaultwarden"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "vaultwarden.${config.networking.domain}"; }; }; @@ -24,7 +23,7 @@ in let db = "vaultwarden"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { ark.directories = [ "/var/lib/bitwarden_rs" ]; secrets.vaultwarden-environment = { @@ -73,7 +72,7 @@ in WEB_VAULT_ENABLED = true; - DOMAIN = optionalString (cfg.domain != null) "http://${cfg.domain}"; + DOMAIN = lib.optionalString (cfg.domain != null) "http://${cfg.domain}"; SIGNUPS_ALLOWED = false; INVITATIONS_ALLOWED = false; @@ -127,14 +126,14 @@ in }; environment.etc = { - "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI { } { + "fail2ban/filter.d/vaultwarden.conf".text = lib.generators.toINI { } { Definition = { failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"; ignoreregex = ""; journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; }; }; - "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI { } { + "fail2ban/filter.d/vaultwarden-admin.conf".text = lib.generators.toINI { } { Definition = { failregex = "^.*Invalid admin token\. IP: <ADDR>.*$"; ignoreregex = ""; @@ -143,9 +142,9 @@ in }; }; - topology = with cfg; { + topology = { nodes.${this.hostname}.services.vaultwarden = { - info = mkForce domain; + info = lib.mkForce cfg.domain; }; }; }; |