Deploy Vaultwarden

nixos/hosts/eidola/mounts.nix

@@ -13,6 +13,8 @@
 
       "/etc/zfs"
       "/var/lib/samba"
+
+      "/var/lib/bitwarden_rs"
     ];
     files = [
       "/etc/machine-id"

nixos/hosts/eidola/services/default.nix

@@ -1,5 +1,6 @@
 {...}: {
   imports = [
     ./samba.nix
+    ./vaultwarden.nix
   ];
 }

nixos/hosts/eidola/services/vaultwarden.nix

@@ -0,0 +1,18 @@
+{...}: let
+  ipInternal = "10.13.1.1";
+
+  dom = "pw.min.rip";
+in {
+  services.vaultwarden = {
+    enable = true;
+
+    config = {
+      DOMAIN = "https://${dom}";
+      SIGNUPS_ALLOWED = false;
+      SHOW_PASSWORD_HINT = false;
+
+      ROCKET_ADDRESS = ipInternal;
+      ROCKET_PORT = 14210;
+    };
+  };
+}

nixos/hosts/silver/services/default.nix

@@ -8,6 +8,8 @@
     ./nebula.nix
     ./prometheus.nix
     ./grafana.nix
+
+    ./shim-vaultwarden.nix
   ];
 
   security.acme = {

nixos/hosts/silver/services/shim-vaultwarden.nix

@@ -0,0 +1,14 @@
+{...}: let
+  httpIntAddr = "10.13.1.1";
+  httpIntPort = 14210;
+  dom = "pw.min.rip";
+in {
+  services.nginx.virtualHosts.${dom} = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}";
+    };
+  };
+}