rice/hosts/ami/bitwarden.nix
2024-05-20 12:06:16 +02:00

35 lines
764 B
Nix

{config, ...}: let
port = 12224;
in {
age.secrets.bitwarden.file = ../../secrets/bitwarden.age;
services = {
vaultwarden = {
enable = true;
environmentFile = config.age.secrets.bitwarden.path;
config = {
domain = "https://bitwarden.buffet.sh/";
signupsAllowed = false;
rocketPort = port;
};
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."bitwarden.buffet.sh" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
};
};
};
};
}