almost ready. now to harden
This commit is contained in:
parent
29cbf8b2d8
commit
e856c0dfb1
20 changed files with 539 additions and 58 deletions
25
services/vaultwarden.nix
Normal file
25
services/vaultwarden.nix
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
vaultPort = 8222;
|
||||
onionUrl = "http://gfoqwlo4nmhcywzzyhfanhkf7hz64lkjayngfyrpbd7ohaucu3q4znqd.onion";
|
||||
in
|
||||
{
|
||||
age.secrets."vaultwarden.env".file = ../secrets/vaultwarden.env;
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
DOMAIN = "https://vault.distrust.network";
|
||||
ROCKET_PORT = vaultPort;
|
||||
};
|
||||
environmentFile = config.age.secrets."vaultwarden.env".path;
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."https://vault.distrust.network ${onionUrl}".extraConfig = ''
|
||||
reverse_proxy localhost:${toString vaultPort}
|
||||
'';
|
||||
|
||||
services.tor.relay.onionServices."vaultwarden".map = [
|
||||
80
|
||||
];
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue