gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/access/vaultwarden.nix
arcnmx 0947ca0532 feat(bw): vaultwarden
2024-05-26 14:13:33 -07:00

80 lines
2 KiB
Nix
Raw Blame History

{
config,
lib,
...
}: let
inherit (lib.modules) mkIf mkDefault;
cfg = config.services.vaultwarden;
upstreamName = "vaultwarden'access";
upstreamName'websocket = "vaultwarden'websocket'access";
locations = {
"/".proxy.enable = true;
"/notifications/hub" = {
proxy = {
enable = true;
upstream = mkDefault upstreamName'websocket;
websocket.enable = true;
};
};
"/notifications/hub/negotiate" = {
proxy = {
enable = true;
websocket.enable = true;
};
};
};
name.shortServer = mkDefault "bw";
copyFromVhost = mkDefault "vaultwarden";
in {
config.services.nginx = {
upstreams' = {
${upstreamName}.servers = {
local = mkIf cfg.enable {
enable = mkDefault true;
addr = mkDefault "localhost";
port = mkDefault cfg.port;
};
access = {upstream, ...}: {
enable = mkDefault (!upstream.servers.local.enable or false);
accessService = {
name = "vaultwarden";
};
};
};
${upstreamName'websocket}.servers = {
local = mkIf cfg.enable {
enable = mkDefault (cfg.websocketPort != null);
addr = mkDefault "localhost";
port = mkIf (cfg.websocketPort != null) (mkDefault cfg.websocketPort);
};
access = {upstream, ...}: {
enable = mkDefault (!cfg.enable && !upstream.servers.local.enable or false);
accessService = {
name = "vaultwarden";
port = "websocket";
};
};
};
};
virtualHosts = {
vaultwarden = {
inherit name locations;
ssl.force = mkDefault true;
proxy.upstream = mkDefault upstreamName;
};
vaultwarden'local = {
inherit name locations;
ssl = {
force = mkDefault true;
cert = {
inherit copyFromVhost;
};
};
local.enable = true;
proxy = {
inherit copyFromVhost;
};
};
};
};
}
Reference in a new issue View git blame Copy permalink