chore: Update Vaultwarden

2025-03-28 12:37:27 +01:00 · 2025-03-28 12:37:27 +01:00 · f3090538d8
commit f3090538d8
parent 8c3bb2b3ce
2 changed files with 36 additions and 12 deletions
--- a/modules/apps/vaultwarden/default.nix
+++ b/modules/apps/vaultwarden/default.nix
@ -5,7 +5,24 @@ let

  networkName = "vaultwarden";
 in {
-  options.homelab.apps.vaultwarden.enable = lib.mkEnableOption "Vaultwarden";
+  options.homelab.apps.vaultwarden = {
+    enable = lib.mkEnableOption "Vaultwarden";
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 10102;
+      description = "Vaultwarden WebUI port";
+    };
+    domain = lib.mkOption {
+      type = lib.types.string;
+      example = "https://vault.depeuter.dev";
+      description = "Domain to configure Vaultwarden on";
+    };
+    name = lib.mkOption {
+      type = lib.types.string;
+      example = "Hugo's Vault";
+      description = "Service name to use for invitations and mail";
+    };
+  };

  config = lib.mkIf cfg.enable {
    homelab = {
@ -33,13 +50,16 @@ in {
      '';
    };

-    virtualisation.oci-containers.containers = {
+    virtualisation.oci-containers.containers = let
+      dbHostname = "vaultwarden-db";
+      dbPort = 5432;
+    in {
      vaultwarden-db = {
-        hostname = "vaultwarden-db";
+        hostname = dbHostname;
        image = "postgres:15.8-alpine";
        autoStart = true;
        ports = [
-          "5432:5432/tcp"
+          "${toString dbPort}:5432/tcp"
        ];
        extraOptions = [
          "--network=${networkName}"
@ -57,16 +77,16 @@ in {
        dataDir = "/data";
      in {
        hostname = "vaultwarden";
-        image = "vaultwarden/server:1.32.5-alpine";
+        image = "vaultwarden/server:1.33.2-alpine";
        autoStart = true;
        ports = [
-          "10102:80/tcp"
+          "${toString cfg.port}:80/tcp"
        ];
        extraOptions = [
          "--network=${networkName}"
        ];
        dependsOn = [
-          "vaultwarden-db"
+          dbHostname
        ];
        volumes = [
          "vaultwarden:${dataDir}"
@ -115,7 +135,7 @@ in {
          ## Details:
          ## - https://docs.diesel.rs/2.1.x/diesel/pg/struct.PgConnection.html
          ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
-          DATABASE_URL = "postgresql://vaultwarden:ChangeMe@vaultwarden-db:5432/vaultwarden";
+          DATABASE_URL = "postgresql://vaultwarden:ChangeMe@${dbHostname}:${toString dbPort}/vaultwarden";

          ## Enable WAL for the DB
          ## Set to false to avoid enabling WAL during startup.
@ -244,7 +264,7 @@ in {
          ## For development
          # DOMAIN=http://localhost
          ## For public server
-          DOMAIN = "https://vault.depeuter.dev";
+          DOMAIN = cfg.domain;
          ## For public server (URL with port number)
          # DOMAIN=https://vw.domain.tld:8443
          ## For public server (URL with path)
@ -328,7 +348,7 @@ in {
          ## Invitations org admins to invite users, even when signups are disabled
          # INVITATIONS_ALLOWED=true
          ## Name shown in the invitation emails that don't come from a specific organization
-          INVITATION_ORG_NAME = "Hugo's Vault";
+          INVITATION_ORG_NAME = cfg.name;
          
          ## The number of hours after which an organization invite token, emergency access invite token,
          ## email verification token and deletion request token will expire (must be at least 1)
@ -571,7 +591,7 @@ in {
          ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
          SMTP_HOST = "smtp.gmail.com";
          SMTP_FROM = "vault@depeuter.dev";
-          SMTP_FROM_NAME = "Hugo's Vault";
+          SMTP_FROM_NAME = cfg.name;
          # SMTP_USERNAME=username
          # SMTP_PASSWORD=password
          # SMTP_TIMEOUT=15