Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / d23784c80cd04acc8e0a966e1bb32ea312cb64f6 / . / modules / vaultwarden.nix
blob: ca7893e9377361ebc6b2e50e09b045c53d6378b2 [file] [log] [blame]
TheCodedProfd23784c2023-06-13 14:28:23 -0400[diff] [blame^]1{ pkgs, drive_paths, ... }: {
TheCodedProfaec8c452023-06-12 18:26:46 -0400[diff] [blame]2 environment.systemPackages = with pkgs; [ vaultwarden ];
3
4 services.vaultwarden.enable = true;
5 services.vaultwarden.dbBackend = "postgresql";
6
7 services.vaultwarden.config = {
8 # Server Settings
9 DOMAIN = "https://passwords.clicks.codes";
10 ROCKET_ADDRESS = "127.0.0.1";
11 ROCKET_PORT = 8452;
12
13
14 # General Settings
15 SIGNUPS_ALLOWED=false;
16 INVITATIONS_ALLOWED=true;
17 SIGNUPS_DOMAINS_WHITELIST="clicks.codes,coded.codes,thecoded.prof,starrysky.fyi,hopescaramels.com,pinea.dev";
18
19 # TODO: Set folder locations for storing data.
TheCodedProfd23784c2023-06-13 14:28:23 -0400[diff] [blame^]20 RSA_KEY_FILENAME="${drive_paths.root}/bitwarden/rsa_key";
21 ICON_CACHE_FOLDER="${drive_paths.root}/bitwarden/icon_cache";
22 ATTACHMENTS_FOLDER="${drive_paths.External4000HDD}/bitwarden/attachments";
23 SENDS_FOLDER="${drive_paths.External4000HDD}/bitwarden/sends";
24 TMP_FOLDER="${drive_paths.External4000HDD}/bitwarden/tmp";
TheCodedProfaec8c452023-06-12 18:26:46 -0400[diff] [blame]25
26 DISABLE_2FA_REMEMBER=true;
27
28 # Admin Account
TheCodedProfd23784c2023-06-13 14:28:23 -0400[diff] [blame^]29 ADMIN_TOKEN="!!ADMIN_TOKEN!!";
TheCodedProfaec8c452023-06-12 18:26:46 -0400[diff] [blame]30
31
32 # Database Settings
TheCodedProfd23784c2023-06-13 14:28:23 -0400[diff] [blame^]33 DATABASE_URL="postgresql://bitwarden:!!clicks_bitwarden_db_secret!!@127.0.0.1:${}/bitwarden";
TheCodedProfaec8c452023-06-12 18:26:46 -0400[diff] [blame]34
35
36 # Mail Settings
37 SMTP_HOST = "127.0.0.1";
38 SMTP_FROM = "bitwarden@clicks.codes";
39 SMTP_FROM_NAME = "Clicks Bitwarden";
40 SMTP_SECURITY = "starttls";
41 SMTP_PORT = 587;
42
43 SMTP_USERNAME="FILL_ME_IN";
TheCodedProfd23784c2023-06-13 14:28:23 -0400[diff] [blame^]44 SMTP_PASSWORD="!!SMTP_PASSWORD!!";
TheCodedProfaec8c452023-06-12 18:26:46 -0400[diff] [blame]45
46 REQUIRE_DEVICE_EMAIL=true;
47
48
49 # YubiKey Settings
TheCodedProf85256bc2023-06-13 13:02:53 -0400[diff] [blame]50 YUBICO_CLIENT_ID="89788";
TheCodedProfd23784c2023-06-13 14:28:23 -0400[diff] [blame^]51 YUBICO_SECRET_KEY="!!YUBICO_SECRET_KEY!!";
TheCodedProfaec8c452023-06-12 18:26:46 -0400[diff] [blame]52
53
54 # TODO: Buy a license
55 # HIBP Settings
TheCodedProfd23784c2023-06-13 14:28:23 -0400[diff] [blame^]56 # HIBP_API_KEY="!!HIBP_API_KEY!!";
TheCodedProfaec8c452023-06-12 18:26:46 -0400[diff] [blame]57 };
58}