vaultwarden: smtp and secrets

2023-09-07 13:04:38 +03:00
parent 83a20aa69a
commit 633e093969
4 changed files with 14 additions and 6 deletions
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -419,6 +419,7 @@
        ROCKET_LOG = "critical";
        DOMAIN = "https://bitwarden.jakstys.lt";
        SIGNUPS_ALLOWED = true;
+        INVITATION_ORG_NAME = "jakstys";

        # TODO remove after 1.29.0
        WEBSOCKET_ENABLED = true;
@@ -428,12 +429,17 @@
        SMTP_HOST = "127.0.0.1";
        SMTP_PORT = 25;
        SMTP_SECURITY = "off";
-        SMTP_FROM = "admin@jakstys.lt";
-        SMTP_FROM_NAME = "jakstys.lt Bitwarden server";
+
+        #USE_SENDMAIL = true;
+        #SENDMAIL_COMMAND = "${pkgs.postfix}/bin/sendmail";
+        #SMTP_FROM = "admin@jakstys.lt";
+        #SMTP_FROM_NAME = "jakstys.lt Bitwarden server";
      };
    };
  };

+  users.users.vaultwarden.extraGroups = ["postdrop"];
+
  systemd.services = {
    caddy = let
      grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt";
@@ -474,10 +480,12 @@
    };

    vaultwarden = {
+      preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/vaultwarden/secrets.env";
      serviceConfig = {
-        EnvironmentFile = ["$CREDENTIALS_DIRECTORY/admin.env"];
+        EnvironmentFile = ["-/run/vaultwarden/secrets.env"];
+        RuntimeDirectory = "vaultwarden";
        LoadCredential = [
-          "admin.env:${config.age.secrets.vaultwarden-admin-env.path}"
+          "secrets.env:${config.age.secrets.vaultwarden-secrets-env.path}"
        ];
      };
    };