services: adapt bitwarden to vaultwarden rename
This commit is contained in:
parent
8f1eb162b9
commit
2c7abf829a
|
|
@ -60,7 +60,7 @@ in
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
my.services = {
|
my.services = {
|
||||||
bitwarden_rs = {
|
vaultwarden = {
|
||||||
enable = true;
|
enable = true;
|
||||||
privatePort = 8081;
|
privatePort = 8081;
|
||||||
websocketPort = 3012;
|
websocketPort = 3012;
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./bitwarden_rs.nix
|
./vaultwarden.nix
|
||||||
./borg-backup.nix
|
./borg-backup.nix
|
||||||
./fail2ban.nix
|
./fail2ban.nix
|
||||||
./fava.nix
|
./fava.nix
|
||||||
|
|
|
||||||
|
|
@ -3,13 +3,13 @@
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.my.services.bitwarden_rs;
|
cfg = config.my.services.vaultwarden;
|
||||||
my = config.my;
|
my = config.my;
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
in {
|
in {
|
||||||
options.my.services.bitwarden_rs = {
|
options.my.services.vaultwarden = {
|
||||||
enable = mkEnableOption "Bitwarden";
|
enable = mkEnableOption "Vaultwarden";
|
||||||
|
|
||||||
privatePort = mkOption {
|
privatePort = mkOption {
|
||||||
type = types.port;
|
type = types.port;
|
||||||
|
|
@ -29,18 +29,13 @@ in {
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
initialScript = pkgs.writeText "bitwarden_rs-init.sql" ''
|
|
||||||
CREATE ROLE "bitwarden_rs" WITH LOGIN;
|
|
||||||
CREATE DATABASE "bitwarden_rs" WITH OWNER "bitwarden_rs";
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresqlBackup = {
|
services.postgresqlBackup = {
|
||||||
databases = [ "bitwarden_rs" ];
|
databases = [ "vaultwarden" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.bitwarden_rs = {
|
services.vaultwarden = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dbBackend = "postgresql";
|
dbBackend = "postgresql";
|
||||||
config = {
|
config = {
|
||||||
|
|
@ -54,7 +49,8 @@ in {
|
||||||
SIGNUPS_ALLOWED = false;
|
SIGNUPS_ALLOWED = false;
|
||||||
INVITATIONS_ALLOWED = false;
|
INVITATIONS_ALLOWED = false;
|
||||||
DOMAIN = "https://pass.${domain}";
|
DOMAIN = "https://pass.${domain}";
|
||||||
DATABASE_URL = "postgresql://bitwarden_rs@/bitwarden_rs";
|
# FIXME: should be renamed to vaultwarden eventually
|
||||||
|
DATABASE_URL = "postgresql://vaultwarden@/vaultwarden";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -80,46 +76,42 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# needed for bitwarden to find files to serve for the vault
|
# FIXME: should be renamed to vaultwarden eventually
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
bitwarden_rs-vault
|
|
||||||
];
|
|
||||||
|
|
||||||
my.services.restic-backup = mkIf cfg.enable {
|
my.services.restic-backup = mkIf cfg.enable {
|
||||||
paths = [ "/var/lib/bitwarden_rs" ];
|
paths = [ "/var/lib/bitwarden_rs" ];
|
||||||
exclude = [ "/var/lib/bitwarden_rs/icon_cache" ];
|
exclude = [ "/var/lib/bitwarden_rs/icon_cache" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.fail2ban.jails = {
|
services.fail2ban.jails = {
|
||||||
bitwarden_rs = ''
|
vaultwarden = ''
|
||||||
enabled = true
|
enabled = true
|
||||||
filter = bitwarden_rs
|
filter = vaultwarden
|
||||||
port = http,https
|
port = http,https
|
||||||
maxretry = 5
|
maxretry = 5
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Admin page isn't enabled by default, but just in case...
|
# Admin page isn't enabled by default, but just in case...
|
||||||
bitwarden_rs-admin = ''
|
vaultwarden-admin = ''
|
||||||
enabled = true
|
enabled = true
|
||||||
filter = bitwarden_rs-admin
|
filter = vaultwarden-admin
|
||||||
port = http,https
|
port = http,https
|
||||||
maxretry = 2
|
maxretry = 2
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
"fail2ban/filter.d/bitwarden_rs.conf".text = ''
|
"fail2ban/filter.d/vaultwarden.conf".text = ''
|
||||||
[Definition]
|
[Definition]
|
||||||
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
|
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
|
||||||
ignoreregex =
|
ignoreregex =
|
||||||
journalmatch = _SYSTEMD_UNIT=bitwarden_rs.service
|
journalmatch = _SYSTEMD_UNIT=vaultwarden.service
|
||||||
'';
|
'';
|
||||||
|
|
||||||
"fail2ban/filter.d/bitwarden_rs-admin.conf".text = ''
|
"fail2ban/filter.d/vaultwarden-admin.conf".text = ''
|
||||||
[Definition]
|
[Definition]
|
||||||
failregex = ^.*Invalid admin token\. IP: <ADDR>.*$
|
failregex = ^.*Invalid admin token\. IP: <ADDR>.*$
|
||||||
ignoreregex =
|
ignoreregex =
|
||||||
journalmatch = _SYSTEMD_UNIT=bitwarden_rs.service
|
journalmatch = _SYSTEMD_UNIT=vaultwarden.service
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
Loading…
Reference in a new issue