masive rewriting and setup of server files

2024-09-28 23:10:03 -06:00
parent f9399c51fa
commit 9151ca5971
39 changed files with 756 additions and 556 deletions
--- a/modules/servers/vaultwarden.nix
+++ b/modules/servers/vaultwarden.nix
@@ -3,23 +3,28 @@
  config,
  pkgs,
  proxyReverse,
+  setup,
  ...
 }:
+let
+  cfg = config.my.servers.vaultwarden;
+in
 {
-  options.my.servers.vaultwarden.enable = lib.mkEnableOption "enable";
-  config = lib.mkIf (config.my.servers.vaultwarden.enable && config.my.servers.postgres.enable) {
-    sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
+  options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222;
+  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
+    networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
+    sops.secrets = lib.mkIf cfg.enable { vaultwarden.sopsFile = ../../secrets/env.yaml; };
    services = {
-      vaultwarden = {
+      vaultwarden = lib.mkIf cfg.enable {
        enable = true;
        dbBackend = "postgresql";
        package = pkgs.vaultwarden;
        environmentFile = config.sops.secrets.vaultwarden.path;
        config = {
          ROCKET_ADDRESS = "${config.my.localhost}";
-          ROCKET_PORT = 8222;
+          ROCKET_PORT = cfg.port;
          WEBSOCKET_PORT = 8333;
-          DATABASE_URL = "postgresql:///vaultwarden?host=${config.my.postgresSocket}";
+          DATABASE_URL = "postgresql:///${cfg.name}?host=${config.my.postgresSocket}";
          ENABLE_DB_WAL = false;
          WEBSOCKET_ENABLED = true;
          SHOW_PASSWORD_HINT = false;
@@ -27,8 +32,9 @@
          LOG_LEVEL = "warn";
        };
      };
-      nginx.virtualHosts."vault.${config.my.domain}" =
-        proxyReverse config.services.vaultwarden.config.ROCKET_PORT // { };
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
+        proxyReverse cfg.hostName cfg.port // { }
+      );
    };
  };
 }