nix/container/Pass.nix

60 lines
1.3 KiB
Nix
Raw Normal View History

{
2024-11-04 04:37:29 +03:00
config,
container,
lib,
...
}: let
cfg = config.container.module.pass;
in {
options.container.module.pass = {
enable = lib.mkEnableOption "the password manager.";
address = lib.mkOption {
default = "10.1.0.9";
type = lib.types.str;
};
port = lib.mkOption {
default = 8000;
type = lib.types.int;
};
domain = lib.mkOption {
default = "pass.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/pass";
type = lib.types.str;
};
};
2024-06-25 04:04:39 +03:00
2024-11-04 04:37:29 +03:00
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
2024-06-25 04:04:39 +03:00
2024-11-04 04:37:29 +03:00
containers.pass = container.mkContainer cfg {
bindMounts = {
2024-11-15 08:17:34 +03:00
"/var/lib/vaultwarden" = {
2024-11-04 04:37:29 +03:00
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
2024-06-09 23:35:53 +03:00
2024-11-04 04:37:29 +03:00
config = { ... }: container.mkContainerConfig cfg {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
2024-11-15 08:17:34 +03:00
environmentFile = "/var/lib/vaultwarden/Env";
2024-11-04 04:37:29 +03:00
config = {
2024-11-15 08:17:34 +03:00
DATA_FOLDER = "/var/lib/vaultwarden";
2024-11-04 04:37:29 +03:00
DOMAIN = "http://${cfg.domain}";
ROCKET_ADDRESS = cfg.address;
ROCKET_PORT = cfg.port;
SIGNUPS_ALLOWED = false;
WEB_VAULT_ENABLED = true;
};
};
};
};
};
2024-06-09 23:35:53 +03:00
}