chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

整理 vaultwarden

Browse Source
This commit is contained in:
陈浩南
2023-11-09 21:02:08 +08:00
parent 7122474023
commit 69cb43e6f5
4 changed files with 41 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
flake.nix
View File

@@ -297,11 +297,10 @@
value =
{ upstream.address = "internal.vps7.chn.moe"; proxyProtocol = true; rewriteHttps = true; };
})
[ "xn--s8w913fdga" "misskey" "nextcloud" "photoprism" "synapse" ]));
[ "xn--s8w913fdga" "misskey" "nextcloud" "photoprism" "synapse" "vaultwarden" ]));
};
applications =
{
vaultwarden = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
element.instances."element.chn.moe" = {};
synapse-admin.instances."synapse-admin.chn.moe" = {};
};
@@ -362,10 +361,6 @@
nginx =
{
transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ];
applications =
{
vaultwarden.enable = true;
};
};
wallabag.enable = true;
misskey.instances =

1
modules/services/nginx/applications/default.nix
View File

@@ -2,7 +2,6 @@ inputs:
{
imports = inputs.localLib.mkModules
[
./vaultwarden.nix
./element.nix
./synapse-admin.nix
];

44
modules/services/nginx/applications/vaultwarden.nix
View File

@@ -1,44 +0,0 @@
inputs:
{
options.nixos.services.nginx.applications.vaultwarden = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
};})];
default = {};
};
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications) vaultwarden;
inherit (builtins) listToAttrs;
inherit (inputs.lib) mkIf;
in mkIf vaultwarden.enable
{
nixos.services.nginx.http."${vaultwarden.hostname}" =
{
rewriteHttps = true;
locations = let upstream = vaultwarden.upstream; in (listToAttrs (map
(location: { name = location; value.proxy =
{
upstream = "http://${upstream.address or upstream}:${builtins.toString upstream.port or 8000}";
setHeaders = { Host = vaultwarden.hostname; Connection = ""; };
};})
[ "/" "/notifications/hub/negotiate" ]))
// { "/notifications/hub".proxy =
{
upstream =
"http://${upstream.address or upstream}:${builtins.toString upstream.websocketPort or 3012}";
websocket = true;
setHeaders.Host = vaultwarden.hostname;
};};
};
};
}

42
modules/services/vaultwarden.nix
View File

@@ -11,7 +11,7 @@ inputs:
config =
let
inherit (inputs.config.nixos.services) vaultwarden;
inherit (builtins) listToAttrs;
inherit (builtins) listToAttrs toString;
inherit (inputs.lib) mkIf;
in mkIf vaultwarden.enable
{
@@ -62,6 +62,44 @@ inputs:
enable = vaultwarden.autoStart;
after = [ "postgresql.service" ];
};
nixos.services.postgresql = { enable = true; instances.vaultwarden = {}; };
nixos.services =
{
postgresql = { enable = true; instances.vaultwarden = {}; };
nginx =
{
enable = true;
https.${vaultwarden.hostname} =
{
global.rewriteHttps = true;
listen.main.proxyProtocol = true;
location = listToAttrs
(
(map
(location:
{
name = location;
value.proxy =
{
upstream = "http://127.0.0.1:${toString vaultwarden.port}";
setHeaders = { Host = vaultwarden.hostname; Connection = ""; };
};
})
[ "/" "/notifications/hub/negotiate" ])
++ (map
(location:
{
name = location;
value.proxy =
{
upstream = "http://127.0.0.1:${toString vaultwarden.websocketPort}";
websocket = true;
setHeaders.Host = vaultwarden.hostname;
};
})
[ "/notifications/hub" ])
);
};
};
};
};
}