60 lines
1.3 KiB
Nix
60 lines
1.3 KiB
Nix
{
|
|
config,
|
|
container,
|
|
lib,
|
|
...
|
|
}: let
|
|
cfg = config.container.module.pass;
|
|
in {
|
|
options.container.module.pass = {
|
|
enable = lib.mkEnableOption "the password manager.";
|
|
address = lib.mkOption {
|
|
default = "10.1.0.9";
|
|
type = lib.types.str;
|
|
};
|
|
port = lib.mkOption {
|
|
default = 8000;
|
|
type = lib.types.int;
|
|
};
|
|
domain = lib.mkOption {
|
|
default = "pass.${config.container.domain}";
|
|
type = lib.types.str;
|
|
};
|
|
storage = lib.mkOption {
|
|
default = "${config.container.storage}/pass";
|
|
type = lib.types.str;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
|
"data"
|
|
];
|
|
|
|
containers.pass = container.mkContainer cfg {
|
|
bindMounts = {
|
|
"/var/lib/vaultwarden" = {
|
|
hostPath = "${cfg.storage}/data";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = { ... }: container.mkContainerConfig cfg {
|
|
services.vaultwarden = {
|
|
enable = true;
|
|
dbBackend = "sqlite";
|
|
environmentFile = "/var/lib/vaultwarden/Env";
|
|
config = {
|
|
DATA_FOLDER = "/var/lib/vaultwarden";
|
|
DOMAIN = "http://${cfg.domain}";
|
|
ROCKET_ADDRESS = cfg.address;
|
|
ROCKET_PORT = cfg.port;
|
|
SIGNUPS_ALLOWED = false;
|
|
WEB_VAULT_ENABLED = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|