diff options
Diffstat (limited to 'modules/nixos/vaultwarden.nix')
| -rw-r--r-- | modules/nixos/vaultwarden.nix | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 53a3f81..2cacb6c 100644 --- a/modules/nixos/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix @@ -4,9 +4,11 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.vaultwarden; -in { +in +{ options.nixfiles.modules.vaultwarden = { enable = mkEnableOption "Vaultwarden"; @@ -17,11 +19,12 @@ in { }; }; - config = let - db = "vaultwarden"; - in + config = + let + db = "vaultwarden"; + in mkIf cfg.enable { - ark.directories = ["/var/lib/bitwarden_rs"]; + ark.directories = [ "/var/lib/bitwarden_rs" ]; secrets.vaultwarden-environment = { file = "${inputs.self}/secrets/vaultwarden-environment"; @@ -33,8 +36,8 @@ in { nginx = { enable = true; upstreams = with config.services.vaultwarden.config; { - vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {}; - vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {}; + vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = { }; + vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = { }; }; virtualHosts.${cfg.domain}.locations = { "/" = { @@ -95,7 +98,7 @@ in { }; postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -123,14 +126,14 @@ in { }; environment.etc = { - "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI {} { + "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI { } { Definition = { failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"; ignoreregex = ""; journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; }; }; - "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI {} { + "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI { } { Definition = { failregex = "^.*Invalid admin token\. IP: <ADDR>.*$"; ignoreregex = ""; |