mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-09-27 12:58:58 +02:00
Added services.vaultwarden.environmentFile mention, to not store secure vars inside /nix/store
parent
00c8047a1d
commit
4f637f278b
1 changed files with 7 additions and 6 deletions
|
@ -35,7 +35,7 @@ This page is an index of standalone deployment examples. If adding a new example
|
|||
|
||||
|
||||
## NixOS (by tklitschi)
|
||||
There's a example bitwarden config for NixOS. It's not very complex, you have the backend option, for the type of Database you wanna use, the Backupdir for a dedicated Backup systemdserive, the option to enable it and the config Option. For the Config Option you simply pass the .env Variables [from the .env template](https://github.com/dani-garcia/vaultwarden/blob/1.13.1/.env.template) in nix syntax.
|
||||
There's a example bitwarden config for NixOS. It's not very complex, you have the backend option, for the type of Database you wanna use, the Backupdir for a dedicated Backup systemdserive, the option to enable it and the config Option. For the Config Option you simply pass the .env Variables [from the .env template](https://github.com/dani-garcia/vaultwarden/blob/1.13.1/.env.template) in nix syntax. Secrets ( SMTP_PASSWORD,... ) store inside another .env file outside /nix/store and include by [services.vaultwarden.environmentFile](https://search.nixos.org/options?channel=21.11&show=services.vaultwarden.environmentFile&from=0&size=50&sort=relevance&type=packages&query=vaultw)
|
||||
See [Proxy Examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples) for a nixos-nginx example config.
|
||||
<details>
|
||||
<summary>Example Config</summary><br/>
|
||||
|
@ -54,21 +54,22 @@ See [Proxy Examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examp
|
|||
WEBSOCKET_ADDRESS = "0.0.0.0";
|
||||
WEBSOCKET_PORT = 3012;
|
||||
SIGNUPS_VERIFY = true;
|
||||
ADMIN_TOKEN = (import /etc/nixos/secret/bitwarden.nix).ADMIN_TOKEN;
|
||||
# ADMIN_TOKEN = (import /etc/nixos/secret/bitwarden.nix).ADMIN_TOKEN;
|
||||
DOMAIN = "https://exmaple.com";
|
||||
YUBICO_CLIENT_ID = (import /etc/nixos/secret/bitwarden.nix).YUBICO_CLIENT_ID;
|
||||
YUBICO_SECRET_KEY = (import /etc/nixos/secret/bitwarden.nix).YUBICO_SECRET_KEY;
|
||||
# YUBICO_CLIENT_ID = (import /etc/nixos/secret/bitwarden.nix).YUBICO_CLIENT_ID;
|
||||
# YUBICO_SECRET_KEY = (import /etc/nixos/secret/bitwarden.nix).YUBICO_SECRET_KEY;
|
||||
YUBICO_SERVER = "https://api.yubico.com/wsapi/2.0/verify";
|
||||
SMTP_HOST = "mx.example.com";
|
||||
SMTP_FROM = "bitwarden@example.com";
|
||||
SMTP_FROM_NAME = "Bitwarden_RS";
|
||||
SMTP_PORT = 587;
|
||||
SMTP_SSL = true;
|
||||
SMTP_USERNAME = (import /etc/nixos/secret/bitwarden.nix).SMTP_USERNAME;
|
||||
SMTP_PASSWORD = (import /etc/nixos/secret/bitwarden.nix).SMTP_PASSWORD;
|
||||
# SMTP_USERNAME = (import /etc/nixos/secret/bitwarden.nix).SMTP_USERNAME;
|
||||
# SMTP_PASSWORD = (import /etc/nixos/secret/bitwarden.nix).SMTP_PASSWORD;
|
||||
SMTP_TIMEOUT = 15;
|
||||
ROCKET_PORT = 8812;
|
||||
};
|
||||
environmentFile = "/etc/nixos/secret/bitwarden.env";
|
||||
};
|
||||
}
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue