Vaultwarden: Difference between revisions

(5 intermediate revisions by 5 users not shown)

Line 2:

== Example Configuration ==

<~~syntaxHighlight~~ lang=nix>

services.vaultwarden = {

enable = true;

backupDir = "/var/lib/vaultwarden/~~backup~~";

backupDir = "/var/local/vaultwarden/backup";

# in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file

# be aware that this file must be created by hand (or via secrets management like sops)

environmentFile = "/var/lib/vaultwarden/vaultwarden.env";

config = {

# Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template

DOMAIN = "https://bitwarden.example.com";

SIGNUPS_ALLOWED = false;

ROCKET_ADDRESS = "127.0.0.1";

ROCKET_PORT = 8222;

Line 27:

Line 30:

};

</~~syntaxHighlight~~>

</syntaxhighlight>

== Reverse Proxy Setup (recommended) ==

=== Caddy ===

<~~syntaxHighlight~~ lang=nix>

<syntaxhighlight lang="nix">services.caddy.virtualHosts."bitwarden.example.com".extraConfig = ''

services.caddy.virtualHosts."bitwarden.example.com".extraConfig = ''

encode zstd gzip

reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}

reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} {

header_up X-Real-IP {remote_host}

}

'';

'';</syntaxhighlight>

</~~syntaxHighlight~~>

=== Nginx ===

Line 55:

Line 56:

[[Category:Server]]

[[Category:Security]]

[[Category:Rust]]

@@ Line 2: / Line 2: @@
 == Example Configuration ==
-<syntaxHighlight lang=nix>
+<syntaxhighlight lang="nix">
 services.vaultwarden = {
      enable = true;
-     backupDir = "/var/lib/vaultwarden/backup";
+     backupDir = "/var/local/vaultwarden/backup";
+    # in order to avoid having  ADMIN_TOKEN in the nix store it can be also set with the help of an environment file
+    # be aware that this file must be created by hand (or via secrets management like sops)
+    environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
      config = {
          # Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
          DOMAIN = "https://bitwarden.example.com";
          SIGNUPS_ALLOWED = false;
          ROCKET_ADDRESS = "127.0.0.1";
          ROCKET_PORT = 8222;
@@ Line 27: / Line 30: @@
      };
 };
-</syntaxHighlight>
+</syntaxhighlight>
 == Reverse Proxy Setup (recommended) ==
 === Caddy ===
-<syntaxHighlight lang=nix>
+<syntaxhighlight lang="nix">services.caddy.virtualHosts."bitwarden.example.com".extraConfig = ''
-services.caddy.virtualHosts."bitwarden.example.com".extraConfig = ''
      encode zstd gzip
-     reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
+     reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} {
+        header_up X-Real-IP {remote_host}
-    header_up X-Real-IP {remote_host}
+    }
-'';
+'';</syntaxhighlight>
-</syntaxHighlight>
 === Nginx ===
 <syntaxHighlight lang=nix>
@@ Line 55: / Line 56: @@
 [[Category:Server]]
 [[Category:Security]]
+[[Category:Rust]]