init: public

2025-04-13 15:09:14 +08:00
parent 5995c2050b
commit 50247d94e8
253 changed files with 12964 additions and 567 deletions
--- a/config/hosts/imxyy-nix-server/vault.nix
+++ b/config/hosts/imxyy-nix-server/vault.nix
@@ -0,0 +1,31 @@
+{ config, sopsRoot, ... }:
+{
+  sops.secrets.vaultwarden-env = {
+    sopsFile = sopsRoot + /vaultwarden.env;
+    format = "dotenv";
+  };
+  services.postgresql.ensureUsers = [
+    {
+      name = "vaultwarden";
+      ensureDBOwnership = true;
+    }
+  ];
+  services.postgresql.ensureDatabases = [ "vaultwarden" ];
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "postgresql";
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8083;
+      DOMAIN = "https://vault.imxyy.top";
+    };
+    environmentFile = "${config.sops.secrets.vaultwarden-env.path}";
+  };
+  services.caddy.virtualHosts."vault.imxyy.top" = {
+    extraConfig = ''
+      reverse_proxy :8083 {
+        header_up X-Real-IP {remote_host}
+      }
+    '';
+  };
+}