Implement initial containers module

2022-03-26 14:20:30 +00:00
parent 5ef6684df4
commit 67114c1336
16 changed files with 372 additions and 73 deletions
--- a/nixos/containers/vaultwarden.nix
+++ b/nixos/containers/vaultwarden.nix
@@ -0,0 +1,61 @@
+{
+  nixos.systems.vaultwarden = {
+    system = "x86_64-linux";
+    nixpkgs = "unstable";
+
+    configuration = { lib, config, ... }:
+    let
+      inherit (lib) mkMerge mkIf mkForce;
+
+      vwData = "/var/lib/vaultwarden";
+      vwSecrets = "vaultwarden.env";
+    in
+    {
+      config = mkMerge [
+        {
+          my = {
+            server.enable = true;
+
+            secrets = {
+              files."${vwSecrets}" = {};
+            };
+
+            firewall = {
+              tcp.allowed = [ 80 3012 ];
+            };
+          };
+
+          systemd.services.vaultwarden.serviceConfig.StateDirectory = mkForce "vaultwarden";
+          services = {
+            vaultwarden = {
+              enable = true;
+              config = {
+                dataFolder = vwData;
+                webVaultEnabled = true;
+
+                rocketPort = 80;
+                websocketEnabled = true;
+                websocketPort = 3012;
+              };
+              environmentFile = config.age.secrets."${vwSecrets}".path;
+            };
+          };
+        }
+        (mkIf config.my.build.isDevVM {
+          my.tmproot.persistence.config.directories = [
+            {
+              directory = vwData;
+              user = config.users.users.vaultwarden.name;
+              group = config.users.groups.vaultwarden.name;
+            }
+          ];
+          virtualisation = {
+            forwardPorts = [
+              { from = "host"; host.port = 8080; guest.port = 80; }
+            ];
+          };
+        })
+      ];
+    };
+  };
+}