Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

many changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-09-03 14:47:06 +02:00
parent fb32b88798
commit 92099bd1e9
44 changed files with 900 additions and 658 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
hosts/web-arm/modules/bitwarden/default.nix
View File

@@ -50,7 +50,7 @@ in {
};
systemd.services.vaultwarden.serviceConfig = {
EnvironmentFile = [config.sops.secrets.bitwarden-smtp-password.path];
EnvironmentFile = [config.sops.secrets.vaultwarden-env.path];
};
systemd.services.vaultwarden_ldap = {
@@ -58,8 +58,8 @@ in {
preStart = ''
sed \
-e "s=@LDAP_PASSWORD@=$(<${config.sops.secrets.bitwarden-ldap-password.path})=" \
-e "s=@ADMIN_TOKEN@=$(<${config.sops.secrets.bitwarden-admin-token.path})=" \
-e "s=@LDAP_PASSWORD@=$(<${config.sops.secrets.vaultwarden-ldap-password.path})=" \
-e "s=@ADMIN_TOKEN@=$(<${config.sops.secrets.vaultwarden-admin-token.path})=" \
${ldapConfigFile} \
> /run/vaultwarden_ldap/config.toml
'';
@@ -97,10 +97,9 @@ in {
};
sops.secrets = {
bitwarden-admin-token.owner = "vaultwarden_ldap";
bitwarden-ldap-password.owner = "vaultwarden_ldap";
bitwarden-db-password.owner = "vaultwarden";
bitwarden-smtp-password.owner = "vaultwarden";
vaultwarden-admin-token.owner = "vaultwarden_ldap";
vaultwarden-ldap-password.owner = "vaultwarden_ldap";
vaultwarden-env.owner = "vaultwarden";
};
users.users.vaultwarden_ldap = {
@@ -110,5 +109,16 @@ in {
users.groups.vaultwarden_ldap = {};
services.mysqlBackup.databases = [ "bitwarden" ];
services.mysql = {
ensureUsers = [
{
name = "vaultwarden";
ensurePermissions = {
"vaultwarden.*" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "vaultwarden" ];
};
services.mysqlBackup.databases = [ "vaultwarden" ];
}