rhino/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-25 03:09:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Added services.vaultwarden.environmentFile mention, to not store secure vars inside /nix/store

novmar
2022-01-14 00:05:37 +01:00
parent 00c8047a1d
commit 4f637f278b
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Deployment-examples.md

@@ -35,7 +35,7 @@ This page is an index of standalone deployment examples. If adding a new example
## NixOS (by tklitschi) ## NixOS (by tklitschi)
There's a example bitwarden config for NixOS. It's not very complex, you have the backend option, for the type of Database you wanna use, the Backupdir for a dedicated Backup systemdserive, the option to enable it and the config Option. For the Config Option you simply pass the .env Variables [from the .env template](https://github.com/dani-garcia/vaultwarden/blob/1.13.1/.env.template) in nix syntax. There's a example bitwarden config for NixOS. It's not very complex, you have the backend option, for the type of Database you wanna use, the Backupdir for a dedicated Backup systemdserive, the option to enable it and the config Option. For the Config Option you simply pass the .env Variables [from the .env template](https://github.com/dani-garcia/vaultwarden/blob/1.13.1/.env.template) in nix syntax. Secrets ( SMTP_PASSWORD,... ) store inside another .env file outside /nix/store and include by [services.vaultwarden.environmentFile](https://search.nixos.org/options?channel=21.11&show=services.vaultwarden.environmentFile&from=0&size=50&sort=relevance&type=packages&query=vaultw)
See [Proxy Examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples) for a nixos-nginx example config. See [Proxy Examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples) for a nixos-nginx example config.
<details> <details>
<summary>Example Config</summary><br/> <summary>Example Config</summary><br/>
@@ -54,21 +54,22 @@ See [Proxy Examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examp
WEBSOCKET_ADDRESS = "0.0.0.0"; WEBSOCKET_ADDRESS = "0.0.0.0";
WEBSOCKET_PORT = 3012; WEBSOCKET_PORT = 3012;
SIGNUPS_VERIFY = true; SIGNUPS_VERIFY = true;
ADMIN_TOKEN = (import /etc/nixos/secret/bitwarden.nix).ADMIN_TOKEN; # ADMIN_TOKEN = (import /etc/nixos/secret/bitwarden.nix).ADMIN_TOKEN;
DOMAIN = "https://exmaple.com"; DOMAIN = "https://exmaple.com";
YUBICO_CLIENT_ID = (import /etc/nixos/secret/bitwarden.nix).YUBICO_CLIENT_ID; # YUBICO_CLIENT_ID = (import /etc/nixos/secret/bitwarden.nix).YUBICO_CLIENT_ID;
YUBICO_SECRET_KEY = (import /etc/nixos/secret/bitwarden.nix).YUBICO_SECRET_KEY; # YUBICO_SECRET_KEY = (import /etc/nixos/secret/bitwarden.nix).YUBICO_SECRET_KEY;
YUBICO_SERVER = "https://api.yubico.com/wsapi/2.0/verify"; YUBICO_SERVER = "https://api.yubico.com/wsapi/2.0/verify";
SMTP_HOST = "mx.example.com"; SMTP_HOST = "mx.example.com";
SMTP_FROM = "bitwarden@example.com"; SMTP_FROM = "bitwarden@example.com";
SMTP_FROM_NAME = "Bitwarden_RS"; SMTP_FROM_NAME = "Bitwarden_RS";
SMTP_PORT = 587; SMTP_PORT = 587;
SMTP_SSL = true; SMTP_SSL = true;
SMTP_USERNAME = (import /etc/nixos/secret/bitwarden.nix).SMTP_USERNAME; # SMTP_USERNAME = (import /etc/nixos/secret/bitwarden.nix).SMTP_USERNAME;
SMTP_PASSWORD = (import /etc/nixos/secret/bitwarden.nix).SMTP_PASSWORD; # SMTP_PASSWORD = (import /etc/nixos/secret/bitwarden.nix).SMTP_PASSWORD;
SMTP_TIMEOUT = 15; SMTP_TIMEOUT = 15;
ROCKET_PORT = 8812; ROCKET_PORT = 8812;
}; };
environmentFile = "/etc/nixos/secret/bitwarden.env";
}; };
} }
``` ```