diff --git a/hosts/Vaultwarden/default.nix b/hosts/Vaultwarden/default.nix index 9f98d84..d8115bc 100644 --- a/hosts/Vaultwarden/default.nix +++ b/hosts/Vaultwarden/default.nix @@ -3,7 +3,11 @@ { config = { homelab = { - apps.vaultwarden.enable = true; + apps.vaultwarden = { + enable = true; + domain = "https://vault.depeuter.dev"; + name = "Hugo's Vault"; + }; virtualisation.guest.enable = true; }; diff --git a/modules/apps/vaultwarden/default.nix b/modules/apps/vaultwarden/default.nix index 6d06287..a2f8d0a 100644 --- a/modules/apps/vaultwarden/default.nix +++ b/modules/apps/vaultwarden/default.nix @@ -5,7 +5,24 @@ let networkName = "vaultwarden"; in { - options.homelab.apps.vaultwarden.enable = lib.mkEnableOption "Vaultwarden"; + options.homelab.apps.vaultwarden = { + enable = lib.mkEnableOption "Vaultwarden"; + port = lib.mkOption { + type = lib.types.int; + default = 10102; + description = "Vaultwarden WebUI port"; + }; + domain = lib.mkOption { + type = lib.types.string; + example = "https://vault.depeuter.dev"; + description = "Domain to configure Vaultwarden on"; + }; + name = lib.mkOption { + type = lib.types.string; + example = "Hugo's Vault"; + description = "Service name to use for invitations and mail"; + }; + }; config = lib.mkIf cfg.enable { homelab = { @@ -33,13 +50,16 @@ in { ''; }; - virtualisation.oci-containers.containers = { + virtualisation.oci-containers.containers = let + dbHostname = "vaultwarden-db"; + dbPort = 5432; + in { vaultwarden-db = { - hostname = "vaultwarden-db"; + hostname = dbHostname; image = "postgres:15.8-alpine"; autoStart = true; ports = [ - "5432:5432/tcp" + "${toString dbPort}:5432/tcp" ]; extraOptions = [ "--network=${networkName}" @@ -57,16 +77,16 @@ in { dataDir = "/data"; in { hostname = "vaultwarden"; - image = "vaultwarden/server:1.32.5-alpine"; + image = "vaultwarden/server:1.33.2-alpine"; autoStart = true; ports = [ - "10102:80/tcp" + "${toString cfg.port}:80/tcp" ]; extraOptions = [ "--network=${networkName}" ]; dependsOn = [ - "vaultwarden-db" + dbHostname ]; volumes = [ "vaultwarden:${dataDir}" @@ -115,7 +135,7 @@ in { ## Details: ## - https://docs.diesel.rs/2.1.x/diesel/pg/struct.PgConnection.html ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING - DATABASE_URL = "postgresql://vaultwarden:ChangeMe@vaultwarden-db:5432/vaultwarden"; + DATABASE_URL = "postgresql://vaultwarden:ChangeMe@${dbHostname}:${toString dbPort}/vaultwarden"; ## Enable WAL for the DB ## Set to false to avoid enabling WAL during startup. @@ -244,7 +264,7 @@ in { ## For development # DOMAIN=http://localhost ## For public server - DOMAIN = "https://vault.depeuter.dev"; + DOMAIN = cfg.domain; ## For public server (URL with port number) # DOMAIN=https://vw.domain.tld:8443 ## For public server (URL with path) @@ -328,7 +348,7 @@ in { ## Invitations org admins to invite users, even when signups are disabled # INVITATIONS_ALLOWED=true ## Name shown in the invitation emails that don't come from a specific organization - INVITATION_ORG_NAME = "Hugo's Vault"; + INVITATION_ORG_NAME = cfg.name; ## The number of hours after which an organization invite token, emergency access invite token, ## email verification token and deletion request token will expire (must be at least 1) @@ -571,7 +591,7 @@ in { ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory SMTP_HOST = "smtp.gmail.com"; SMTP_FROM = "vault@depeuter.dev"; - SMTP_FROM_NAME = "Hugo's Vault"; + SMTP_FROM_NAME = cfg.name; # SMTP_USERNAME=username # SMTP_PASSWORD=password # SMTP_TIMEOUT=15