setup vaultwarden
All checks were successful
Build and Push to Cachix / Push to Binary Cache (X86-64) (push) Successful in 5m6s
Build and Push to Cachix / Push to Binary Cache (aarch64) (push) Successful in 14m29s

This commit is contained in:
Adithya 2024-12-01 12:31:03 +05:30
parent 7238eee1c2
commit 5c0042d455
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
2 changed files with 21 additions and 8 deletions

View file

@ -89,8 +89,9 @@ let
Type = "notify";
DynamicUser = true;
EnvironmentFile = serviceDefinition.environmentFiles;
AmbientCapabilities = [ ];
CapabilityBoundingSet = [ ];
AmbientCapabilities = [ "" ];
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
@ -134,9 +135,11 @@ let
];
SystemCallErrorNumber = "EPERM";
StateDirectory = "conduwuit-${name}";
StateDirectoryMode = "0700";
RuntimeDirectory = "conduwuit-${name}";
RuntimeDirectoryMode = "0750";
ExecStart = "${serviceDefinition.package}/bin/conduit --config ${configFile}";
RuntimeDirectoryMode = "0700";
UMask = "0077";
ExecStart = "${lib.getExe serviceDefinition.package} --config ${configFile}";
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;

View file

@ -7,11 +7,14 @@ in
options.recipes.vaultwarden = {
enable = lib.mkEnableOption "vaultwarden";
environment = lib.mkOption {
config = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Vaultwarden is configured using environment variables";
default = { };
example = { RUST_BACKTRACE = true; };
default = {
ROCKET_ADDRESS = "::1"; # default to localhost
ROCKET_PORT = 8222;
};
example = { DOMAIN = "https://example.com"; SIGNUPS_ALLOWED = false; };
};
environmentFiles = lib.mkOption {
@ -22,6 +25,13 @@ in
};
package = lib.mkPackageOption pkgs "vaultwarden" { };
databaseBackend = lib.mkOption {
type = lib.types.enum [ "sqlite" "mysql" "postgresql" ];
default = "sqlite";
example = "postgresql";
description = "The kind of database backend to use";
};
};
config = lib.mkIf (cfg.enable == true) {
@ -86,7 +96,7 @@ in
RuntimeDirectory = "vaultwarden";
RuntimeDirectoryMode = "0700";
UMask = "0077";
ExecStart = lib.getExe cfg.package;
ExecStart = lib.getExe (cfg.package.override { dbBackend = cfg.databaseBackend; });
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;