self-host vault-warden

2026-04-15 07:04:47 +00:00 · 2026-03-31 15:15:59 -04:00 · 2026-03-31 15:15:59 -04:00 · 000355c318
commit 000355c318
parent 42b10c5824
1 changed files with 20 additions and 0 deletions
--- a/hosts/netty/configuration.nix
+++ b/hosts/netty/configuration.nix
@ -11,6 +11,7 @@ let
  packageSets = import ../../lib/package-sets.nix { inherit inputs lib pkgs; };
  sandboxDomain = "netty.harivan.sh";
  forgejoDomain = "git.harivan.sh";
+  vaultDomain = "vault.harivan.sh";
  forgejoApiUrl = "http://127.0.0.1:3000";
  sandboxAgentPackage = pkgs.callPackage ../../pkgs/sandbox-agent { };
  sandboxAgentDir = "/home/${username}/.config/sandbox-agent";
@ -216,6 +217,25 @@ in
      forceSSL = true;
      locations."/".proxyPass = "http://127.0.0.1:3000";
    };
+
+    virtualHosts.${vaultDomain} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/".proxyPass = "http://127.0.0.1:8222";
+    };
+  };
+
+  # --- Vaultwarden ---
+  services.vaultwarden = {
+    enable = true;
+    backupDir = "/var/backup/vaultwarden";
+    environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
+    config = {
+      DOMAIN = "https://${vaultDomain}";
+      SIGNUPS_ALLOWED = false;
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+    };
  };

  # --- Forgejo ---