diff options
| author | schererleander <leander@schererleander.de> | 2025-11-10 22:15:55 +0100 |
|---|---|---|
| committer | schererleander <leander@schererleander.de> | 2025-11-10 22:15:55 +0100 |
| commit | 2b38b56e4c7ec6dafc2f0e51d4f10c2576665830 (patch) | |
| tree | d7aff8576bced4151cf5d65d1106a3541b922b25 | |
| parent | fe317036e9147d7aef1f59fcffa6b8726522f408 (diff) | |
setup vaultwarden with borg backup
| -rw-r--r-- | hosts/sachiel/configuration.nix | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/hosts/sachiel/configuration.nix b/hosts/sachiel/configuration.nix index 0aa0675..648158e 100644 --- a/hosts/sachiel/configuration.nix +++ b/hosts/sachiel/configuration.nix @@ -100,7 +100,7 @@ [Definition] _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed: - ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. + ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" '' ); @@ -139,6 +139,15 @@ add_header X-Content-Type-Options nosniff; ''; + #virtualHosts."bitwarden.schererleander.de" = { + # forceSSL = true; + # sslCertificate = "/etc/ssl/schererleander.de/fullchain.pem"; + # sslCertificateKey = "/etc/ssl/schererleander.de/privkey.key"; + # locations."/" = { + # proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; + # }; + #}; + virtualHosts."cloud.schererleander.de" = { forceSSL = true; sslCertificate = "/etc/ssl/schererleander.de/fullchain.pem"; @@ -153,6 +162,30 @@ sslCertificateKey = "/etc/ssl/schererleander.de/privkey.key"; }; + # services.vaultwarden = { + # enable = true; + # environmentFile = "/var/lib/vaultwarden.env"; + # backupDir = "/var/backup/vaultwarden"; + # config = { + # DOMAIN = "https://bitwarden.schererleander.de"; + # SIGNUPS_ALLOWED = true; + # ROCKET_ADDRESS = "127.0.0.1"; + # ROCKET_PORT = 8222; + # ROCKET_LOG = "critical"; + # KDF = "PBKDF2"; + # KDFIterations = 600000; + # }; + # }; + # + # services.borgbackup.jobs.vaultwarden = { + # paths = [ "/var/backup/vaultwarden" ]; + # repo = "t7e4d4f9@t7e4d4f9.repo.borgbase.com:repo"; + # encryption.mode = "none"; + # environment.BORG_RSH = "ssh -i /home/${username}/.ssh/borgbase-vaultwarden -o StrictHostKeyChecking=accept-new"; + # compression = "auto,lzma"; + # startAt = "daily"; + # }; + services.nextcloud = { enable = true; package = pkgs.nextcloud32; |