CrazyChaoz/NixOS-Configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Bitwarden host and adjust Vaultwarden config

Browse source 
Add domain, ACME cert and virtual host for bitwarden.kempinger.at with a
proxy to the local Vaultwarden instance. Update Vaultwarden settings:
ROCKET_LOG -> "info", SMTP_HOST -> "192.168.69.69". Comment out stalwart
authentication fallback-admin and set stalwart stateVersion to "25.05".
This commit is contained in:
Stefan Kempinger 2026-04-10 20:22:14 +02:00
parent c0077acfa9
commit db8ae95a85
1 changed files with 41 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

65
heimserver/configuration.nix
View file

@ -1,4 +1,4 @@
# Edit this configuration file to define what should be installed on
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
@ -51,6 +51,7 @@
# Networking
networking = {
hostName = "heimserver";
domain = "kempinger.at";
useDHCP = false;
hostId = "5506a8e7";
interfaces.eth0.ipv4.addresses = [
@ -180,6 +181,9 @@
certs."bilder.kempinger.at" = {
domain = "bilder.kempinger.at";
};
certs."bitwarden.kempinger.at" = {
domain = "bitwarden.kempinger.at";
};
};
#services.resolved.enable = true;
@ -246,6 +250,13 @@
'';
};
};
virtualHosts."bitwarden.kempinger.at" = {
useACMEHost = "bitwarden.kempinger.at";
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
services.forgejo = {
@ -843,6 +854,7 @@
services.stalwart = {
enable = true;
openFirewall = true;
stateVersion = "25.05";
settings = {
server = {
hostname = "mail.kempinger.at";
@ -895,10 +907,10 @@
session.rcpt.directory = "'internal'";
directory."imap".lookup.domains = [ "kempinger.at" ];
authentication.fallback-admin = {
user = "admin";
secret = "$2b$10$f3gV764s.cE9Dqb0OW2SeOIO5eJdrBlTu/lDH7IlvFUYlUZF.CxXW";
};
# authentication.fallback-admin = {
# user = "admin";
# secret = "$2b$10$f3gV764s.cE9Dqb0OW2SeOIO5eJdrBlTu/lDH7IlvFUYlUZF.CxXW";
# };
};
};
@ -908,31 +920,28 @@
};
services.vaultwarden = {
enable = true;
backupDir = "/backup/vaultwarden";
# in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file
# be aware that this file must be created by hand (or via secrets management like sops)
environmentFile = "/root/vaultwarden.env";
config = {
# Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
DOMAIN = "https://bitwarden.kempinger.at";
SIGNUPS_ALLOWED = false;
enable = true;
backupDir = "/backup/vaultwarden";
# in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file
# be aware that this file must be created by hand (or via secrets management like sops)
environmentFile = "/root/vaultwarden.env";
config = {
# Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
DOMAIN = "https://bitwarden.kempinger.at";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8092;
ROCKET_LOG = "critical";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8092;
ROCKET_LOG = "info";
# This example assumes a mailserver running on localhost,
# thus without transport encryption.
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
SMTP_HOST = "127.0.0.1";
SMTP_PORT = 25;
SMTP_SSL = false;
SMTP_FROM = "admin@bitwarden.kempinger.at";
SMTP_FROM_NAME = "kempinger.at Bitwarden server";
};
# This example assumes a mailserver running on localhost,
# thus without transport encryption.
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
SMTP_HOST = "192.168.69.69";
SMTP_PORT = 25;
SMTP_SSL = false;
};
};
nixpkgs.config.allowUnfree = true;