feat: add vaultwarden

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-10-14 15:27:05 +02:00 · 2025-10-14 15:27:05 +02:00 · 31e2da0570
commit 31e2da0570
parent 47be484c15
2 changed files with 25 additions and 2 deletions
--- a/hosts/hosting-01/default.nix
+++ b/hosts/hosting-01/default.nix
@ -156,6 +156,28 @@ in
    };
  };

+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "postgresql";
+    config = {
+      DOMAIN = "bitwarden.kinkystar.com";
+    };
+    environmentFile = config.sops.secrets.vaultwarden.path;
+  };
+
+  sops.secrets.vaultwarden = {
+    owner = "root";
+    sopsFile = ./secrets.yaml;
+  };
+
+  services.nginx.virtualHosts."bitwarden.kinkystar.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+    };
+  };
+
  security.acme.defaults.email = "landervandenbulcke@gmail.com";
  security.acme.acceptTerms = true;