vaultwarden: add admin secret

2023-09-07 10:51:27 +03:00
parent 9163143204
commit 721a9b2c5c
4 changed files with 14 additions and 2 deletions
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -412,12 +412,13 @@

    vaultwarden = {
      enable = true;
+
      config = {
        ROCKET_ADDRESS = "127.0.0.1";
        ROCKET_PORT = myData.ports.vaultwarden;
-        DOMAIN = "https://bitwarden.jakstys.lt";
-        SIGNUPS_ALLOWED = false;
        ROCKET_LOG = "critical";
+        DOMAIN = "https://bitwarden.jakstys.lt";
+        SIGNUPS_ALLOWED = true;

        # TODO remove after 1.29.0
        WEBSOCKET_ENABLED = true;
@@ -472,6 +473,15 @@
      requires = ["nsd-acme-irc.jakstys.lt.service"];
    };

+    vaultwarden = {
+      serviceConfig = {
+        environmentFile = ["$CREDENTIALS_DIRECTORY/admin.env"];
+        LoadCredential = [
+          "admin.env:${config.age.secrets.vaultwarden-admin-env.path}"
+        ];
+      };
+    };
+
    grafana = {
      preStart = "ln -sf $CREDENTIALS_DIRECTORY/oidc /run/grafana/oidc-secret";
      serviceConfig = {