Initial commit

2023-08-03 14:54:05 +02:00 · 2023-08-03 14:54:05 +02:00 · 9661927410
commit 9661927410
27 changed files with 1091 additions and 0 deletions
--- a/hosts/kazuki/vault.nix
+++ b/hosts/kazuki/vault.nix
@ -0,0 +1,34 @@
+{config, ...}: {
+  age.secrets.vault-cert-env.file = ../../secrets/vault-cert-env.age;
+
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      ROCKET_PORT = 60001;
+    };
+  };
+
+  users.users.nginx.extraGroups = ["acme"];
+  networking.firewall.allowedTCPPorts = [80 443 8448 2222];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts."vault.rabulinski.com" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://vaultwarden";
+      };
+    };
+
+    upstreams.vaultwarden.servers = {
+      "localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = {};
+    };
+  };
+
+  security.acme.certs."valut.rabulinski.com" = {
+    dnsProvider = "cloudflare";
+    credentialsFile = config.age.secrets.vault-cert-env.path;
+  };
+}