CrazyChaoz/NixOS-Configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Bitwarden host and adjust Vaultwarden config

Browse source 
Add domain, ACME cert and virtual host for bitwarden.kempinger.at with a
proxy to the local Vaultwarden instance. Update Vaultwarden settings:
ROCKET_LOG -> "info", SMTP_HOST -> "192.168.69.69". Comment out stalwart
authentication fallback-admin and set stalwart stateVersion to "25.05".
This commit is contained in:
Stefan Kempinger 2026-04-10 20:22:14 +02:00
parent c0077acfa9
commit db8ae95a85
1 changed files with 41 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

73
heimserver/configuration.nix
View file

@ -1,4 +1,4 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
@ -51,6 +51,7 @@
# Networking # Networking
networking = { networking = {
hostName = "heimserver"; hostName = "heimserver";
domain = "kempinger.at";
useDHCP = false; useDHCP = false;
hostId = "5506a8e7"; hostId = "5506a8e7";
interfaces.eth0.ipv4.addresses = [ interfaces.eth0.ipv4.addresses = [
@ -180,6 +181,9 @@
certs."bilder.kempinger.at" = { certs."bilder.kempinger.at" = {
domain = "bilder.kempinger.at"; domain = "bilder.kempinger.at";
}; };
certs."bitwarden.kempinger.at" = {
domain = "bitwarden.kempinger.at";
};
}; };
#services.resolved.enable = true; #services.resolved.enable = true;
@ -217,7 +221,7 @@
]; ];
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8090"; proxyPass = "http://127.0.0.1:8090";
}; };
locations."/jmap" = { locations."/jmap" = {
proxyPass = "http://127.0.0.1:8091/jmap"; proxyPass = "http://127.0.0.1:8091/jmap";
}; };
@ -246,6 +250,13 @@
''; '';
}; };
}; };
virtualHosts."bitwarden.kempinger.at" = {
useACMEHost = "bitwarden.kempinger.at";
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
}; };
services.forgejo = { services.forgejo = {
@ -843,6 +854,7 @@
services.stalwart = { services.stalwart = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
stateVersion = "25.05";
settings = { settings = {
server = { server = {
hostname = "mail.kempinger.at"; hostname = "mail.kempinger.at";
@ -895,10 +907,10 @@
session.rcpt.directory = "'internal'"; session.rcpt.directory = "'internal'";
directory."imap".lookup.domains = [ "kempinger.at" ]; directory."imap".lookup.domains = [ "kempinger.at" ];
authentication.fallback-admin = { # authentication.fallback-admin = {
user = "admin"; # user = "admin";
secret = "$2b$10$f3gV764s.cE9Dqb0OW2SeOIO5eJdrBlTu/lDH7IlvFUYlUZF.CxXW"; # secret = "$2b$10$f3gV764s.cE9Dqb0OW2SeOIO5eJdrBlTu/lDH7IlvFUYlUZF.CxXW";
}; # };
}; };
}; };
@ -906,33 +918,30 @@
enable = true; enable = true;
capacity = 50; capacity = 50;
}; };
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
backupDir = "/backup/vaultwarden"; backupDir = "/backup/vaultwarden";
# in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file # in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file
# be aware that this file must be created by hand (or via secrets management like sops) # be aware that this file must be created by hand (or via secrets management like sops)
environmentFile = "/root/vaultwarden.env"; environmentFile = "/root/vaultwarden.env";
config = { config = {
# Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template # Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
DOMAIN = "https://bitwarden.kempinger.at"; DOMAIN = "https://bitwarden.kempinger.at";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8092; ROCKET_PORT = 8092;
ROCKET_LOG = "critical"; ROCKET_LOG = "info";
# This example assumes a mailserver running on localhost, # This example assumes a mailserver running on localhost,
# thus without transport encryption. # thus without transport encryption.
# If you use an external mail server, follow: # If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration # https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
SMTP_HOST = "127.0.0.1"; SMTP_HOST = "192.168.69.69";
SMTP_PORT = 25; SMTP_PORT = 25;
SMTP_SSL = false; SMTP_SSL = false;
};
SMTP_FROM = "admin@bitwarden.kempinger.at";
SMTP_FROM_NAME = "kempinger.at Bitwarden server";
};
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;