refactor: config/hosts => hosts

2025-12-27 17:58:48 +08:00
parent 99aea69128
commit f9308dda9e
40 changed files with 4 additions and 21 deletions
--- a/hosts/imxyy-nix-server/vault.nix
+++ b/hosts/imxyy-nix-server/vault.nix
@@ -0,0 +1,32 @@
+{ config, secrets, ... }:
+{
+  sops.secrets.vaultwarden-env = {
+    sopsFile = secrets.vaultwarden;
+    restartUnits = [ "vaultwarden.service" ];
+    format = "dotenv";
+  };
+  services.postgresql.ensureUsers = [
+    {
+      name = "vaultwarden";
+      ensureDBOwnership = true;
+    }
+  ];
+  services.postgresql.ensureDatabases = [ "vaultwarden" ];
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "postgresql";
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8083;
+      DOMAIN = "https://vault.imxyy.top";
+    };
+    environmentFile = "${config.sops.secrets.vaultwarden-env.path}";
+  };
+  services.caddy.virtualHosts."vault.imxyy.top" = {
+    extraConfig = ''
+      reverse_proxy :8083 {
+        header_up X-Real-IP {remote_host}
+      }
+    '';
+  };
+}