adtya/recipes.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

setup vaultwarden
All checks were successful
Build and Push to Cachix / Push to Binary Cache (X86-64) (push) Successful in 5m6s
Details
Build and Push to Cachix / Push to Binary Cache (aarch64) (push) Successful in 14m29s
Details

Browse source
This commit is contained in:
Adithya 2024-12-01 12:31:03 +05:30
parent 7238eee1c2
commit 5c0042d455
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
2 changed files with 21 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
modules/conduwuit.nix
View file

@ -89,8 +89,9 @@ let
Type = "notify"; Type = "notify";
DynamicUser = true; DynamicUser = true;
EnvironmentFile = serviceDefinition.environmentFiles; EnvironmentFile = serviceDefinition.environmentFiles;
AmbientCapabilities = [ ]; AmbientCapabilities = [ "" ];
CapabilityBoundingSet = [ ]; CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
DevicePolicy = "closed"; DevicePolicy = "closed";
LockPersonality = true; LockPersonality = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
@ -134,9 +135,11 @@ let
]; ];
SystemCallErrorNumber = "EPERM"; SystemCallErrorNumber = "EPERM";
StateDirectory = "conduwuit-${name}"; StateDirectory = "conduwuit-${name}";
StateDirectoryMode = "0700";
RuntimeDirectory = "conduwuit-${name}"; RuntimeDirectory = "conduwuit-${name}";
RuntimeDirectoryMode = "0750"; RuntimeDirectoryMode = "0700";
ExecStart = "${serviceDefinition.package}/bin/conduit --config ${configFile}"; UMask = "0077";
ExecStart = "${lib.getExe serviceDefinition.package} --config ${configFile}";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 10; RestartSec = 10;
StartLimitBurst = 5; StartLimitBurst = 5;

18
modules/vaultwarden.nix
View file

@ -7,11 +7,14 @@ in
options.recipes.vaultwarden = { options.recipes.vaultwarden = {
enable = lib.mkEnableOption "vaultwarden"; enable = lib.mkEnableOption "vaultwarden";
environment = lib.mkOption { config = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
description = "Vaultwarden is configured using environment variables"; description = "Vaultwarden is configured using environment variables";
default = { }; default = {
example = { RUST_BACKTRACE = true; }; ROCKET_ADDRESS = "::1"; # default to localhost
ROCKET_PORT = 8222;
};
example = { DOMAIN = "https://example.com"; SIGNUPS_ALLOWED = false; };
}; };
environmentFiles = lib.mkOption { environmentFiles = lib.mkOption {
@ -22,6 +25,13 @@ in
}; };
package = lib.mkPackageOption pkgs "vaultwarden" { }; package = lib.mkPackageOption pkgs "vaultwarden" { };
databaseBackend = lib.mkOption {
type = lib.types.enum [ "sqlite" "mysql" "postgresql" ];
default = "sqlite";
example = "postgresql";
description = "The kind of database backend to use";
};
}; };
config = lib.mkIf (cfg.enable == true) { config = lib.mkIf (cfg.enable == true) {
@ -86,7 +96,7 @@ in
RuntimeDirectory = "vaultwarden"; RuntimeDirectory = "vaultwarden";
RuntimeDirectoryMode = "0700"; RuntimeDirectoryMode = "0700";
UMask = "0077"; UMask = "0077";
ExecStart = lib.getExe cfg.package; ExecStart = lib.getExe (cfg.package.override { dbBackend = cfg.databaseBackend; });
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 10; RestartSec = 10;
StartLimitBurst = 5; StartLimitBurst = 5;