puzzlevision/modules/nixos/services/vaultwarden/default.nix

{
  lib,
  namespace,
  config,
  host,
  ...
}: with lib; with lib.${namespace};
let
  cfg = config.${namespace}.services.vaultwarden;
in {
  options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden, a self-hostable password manager."; };

  config = mkIf cfg.enable {
    sops.secrets.vaultwarden = {
      sopsFile = lib.snowfall.fs.get-file "secrets/vaultwarden.service.env";
      format = "dotenv";
    };

    # Ensure directories exists before OCI container is launched.
    systemd.tmpfiles.rules = [
      "d /var/lib/containers/vaultwarden/data 0700 root root -"
    ];

    # "Inspired" by BreakingTV @ github.com
    virtualisation.oci-containers.containers.vaultwarden = {
      image = "vaultwarden/server";
      autoStart = true;
      hostname = host;
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.vaultwarden.entrypoints" = "websecure";
        "traefik.http.routers.vaultwarden.rule" = "Host(`vault.thevoid.cafe`)";
      };
      volumes = [
        "/var/lib/containers/vaultwarden/data:/data:rw"
      ];
      environmentFiles = [
        config.sops.secrets.vaultwarden.path
      ];
      extraOptions = ["--network=proxy"];
    };
  };
}
feat(modules): add server archetype feat: WIP add "absolutesolver" system and "cyn" user wink wink refactor: clean up some comments and remove empty lines 2024-09-18 21:21:48 +02:00			`{`
feat(modules): add new GTK styles to Catppuccin config fix(modules): update vaultwarden service hostname usage feat(flake): add sops-nix to flake feat: add .sops.yaml base, not quite ready just yet 2024-09-22 03:11:14 +02:00			`lib,`
feat(services): WIP setup base for Vaultwarden service 2024-09-20 23:08:38 +02:00			`namespace,`
			`config,`
feat(modules): add new GTK styles to Catppuccin config fix(modules): update vaultwarden service hostname usage feat(flake): add sops-nix to flake feat: add .sops.yaml base, not quite ready just yet 2024-09-22 03:11:14 +02:00			`host,`
feat(modules): add server archetype feat: WIP add "absolutesolver" system and "cyn" user wink wink refactor: clean up some comments and remove empty lines 2024-09-18 21:21:48 +02:00			`...`
feat(services): WIP setup base for Vaultwarden service 2024-09-20 23:08:38 +02:00			`}: with lib; with lib.${namespace};`
			`let`
			`cfg = config.${namespace}.services.vaultwarden;`
			`in {`
feat(modules): finish Vaultwarden service configuration 2024-09-24 00:44:19 +02:00			`options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden, a self-hostable password manager."; };`
feat(services): WIP setup base for Vaultwarden service 2024-09-20 23:08:38 +02:00
			`config = mkIf cfg.enable {`
feat(modules): finish Vaultwarden service configuration 2024-09-24 00:44:19 +02:00			`sops.secrets.vaultwarden = {`
			`sopsFile = lib.snowfall.fs.get-file "secrets/vaultwarden.service.env";`
fix(modules): change env to dotenv in sops secret format for service vaultwarden 2024-09-24 00:55:09 +02:00			`format = "dotenv";`
feat(modules): finish Vaultwarden service configuration 2024-09-24 00:44:19 +02:00			`};`

			`# Ensure directories exists before OCI container is launched.`
			`systemd.tmpfiles.rules = [`
			`"d /var/lib/containers/vaultwarden/data 0700 root root -"`
			`];`

			`# "Inspired" by BreakingTV @ github.com`
feat(services): WIP setup base for Vaultwarden service 2024-09-20 23:08:38 +02:00			`virtualisation.oci-containers.containers.vaultwarden = {`
			`image = "vaultwarden/server";`
			`autoStart = true;`
feat(modules): add new GTK styles to Catppuccin config fix(modules): update vaultwarden service hostname usage feat(flake): add sops-nix to flake feat: add .sops.yaml base, not quite ready just yet 2024-09-22 03:11:14 +02:00			`hostname = host;`
feat(modules): finish Vaultwarden service configuration 2024-09-24 00:44:19 +02:00			`labels = {`
fix(modules): resolve type mismatch in vaultwarden service config 2024-09-24 00:50:19 +02:00			`"traefik.enable" = "true";`
feat(modules): finish Vaultwarden service configuration 2024-09-24 00:44:19 +02:00			`"traefik.http.routers.vaultwarden.entrypoints" = "websecure";`
			"traefik.http.routers.vaultwarden.rule" = "Host(`vault.thevoid.cafe`)";
			`};`
			`volumes = [`
			`"/var/lib/containers/vaultwarden/data:/data:rw"`
			`];`
			`environmentFiles = [`
			`config.sops.secrets.vaultwarden.path`
			`];`
			`extraOptions = ["--network=proxy"];`
feat(services): WIP setup base for Vaultwarden service 2024-09-20 23:08:38 +02:00			`};`
			`};`
feat(modules): add new GTK styles to Catppuccin config fix(modules): update vaultwarden service hostname usage feat(flake): add sops-nix to flake feat: add .sops.yaml base, not quite ready just yet 2024-09-22 03:11:14 +02:00			`}`