stockholm/makefu/2configs/bitwarden.nix

{ pkgs, ... }:
let
  port = 8812;
in {
  services.vaultwarden = {
    enable = true;
    dbBackend = "postgresql";
    config.signups_allowed = false;
    config.rocketPort = port;
    config.domain = "https://bw.euer.krebsco.de";
    #config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden";
    config.databaseUrl = "postgresql:///bitwarden";
    config.websocket_enabled = true;
  };

  systemd.services.vaultwarden.after = [ "postgresql.service" ];

  services.postgresql = {
    enable = true;
    ensureDatabases = [ "bitwarden" ];
    ensureUsers = [
      { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } 
      { name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } 
    ];
  };
  services.postgresqlBackup = {
    enable = true;
    databases = [ "bitwarden" ];
  };
  systemd.services.postgresqlBackup-bitwarden.serviceConfig.SupplementaryGroups = [ "download" ];


  services.nginx.virtualHosts."bw.euer.krebsco.de" ={
    forceSSL = true;
    enableACME = true;

    locations."/" = {
      proxyPass = "http://localhost:8812";
      proxyWebsockets = true;
    };
    locations."/notifications/hub" = {
      proxyPass = "http://localhost:3012";
      proxyWebsockets = true;
    };
    locations."/notifications/hub/negotiate" = {
      proxyPass = "http://localhost:8812";
      proxyWebsockets = true;
    };
  };
}
ma bitwarden: init for gum.r 2021-04-04 06:43:55 +00:00			`{ pkgs, ... }:`
			`let`
			`port = 8812;`
			`in {`
ma bitwarden: finish migration 2021-12-17 20:11:21 +00:00			`services.vaultwarden = {`
ma bitwarden: init for gum.r 2021-04-04 06:43:55 +00:00			`enable = true;`
			`dbBackend = "postgresql";`
			`config.signups_allowed = false;`
			`config.rocketPort = port;`
			`config.domain = "https://bw.euer.krebsco.de";`
			`#config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden";`
			`config.databaseUrl = "postgresql:///bitwarden";`
			`config.websocket_enabled = true;`
			`};`

ma bitwarden: finish migration 2021-12-17 20:11:21 +00:00			`systemd.services.vaultwarden.after = [ "postgresql.service" ];`
ma bitwarden: init for gum.r 2021-04-04 06:43:55 +00:00
			`services.postgresql = {`
			`enable = true;`
			`ensureDatabases = [ "bitwarden" ];`
ma bitwarden: finish migration 2021-12-17 20:11:21 +00:00			`ensureUsers = [`
			`{ name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; }`
			`{ name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; }`
			`];`
ma bitwarden: init for gum.r 2021-04-04 06:43:55 +00:00			`};`
ma services: ensure state is backed up 2022-06-06 19:15:49 +00:00			`services.postgresqlBackup = {`
			`enable = true;`
ma dcpp: fix service startup, update backup strategy ensure backup services is able to write to /media/cloud 2022-06-06 19:17:35 +00:00			`databases = [ "bitwarden" ];`
ma services: ensure state is backed up 2022-06-06 19:15:49 +00:00			`};`
ma dcpp: fix service startup, update backup strategy ensure backup services is able to write to /media/cloud 2022-06-06 19:17:35 +00:00			`systemd.services.postgresqlBackup-bitwarden.serviceConfig.SupplementaryGroups = [ "download" ];`
ma services: ensure state is backed up 2022-06-06 19:15:49 +00:00
ma bitwarden: init for gum.r 2021-04-04 06:43:55 +00:00
			`services.nginx.virtualHosts."bw.euer.krebsco.de" ={`
			`forceSSL = true;`
			`enableACME = true;`

			`locations."/" = {`
			`proxyPass = "http://localhost:8812";`
			`proxyWebsockets = true;`
			`};`
			`locations."/notifications/hub" = {`
			`proxyPass = "http://localhost:3012";`
			`proxyWebsockets = true;`
			`};`
			`locations."/notifications/hub/negotiate" = {`
			`proxyPass = "http://localhost:8812";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`}`