60 lines
1.4 KiB
Nix
60 lines
1.4 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}: {
|
|
systemd.tmpfiles.rules = [
|
|
# format: type path mode uid gid age argument
|
|
"d /var/lib/aliasvault 0750 100 102 - -"
|
|
"d /var/lib/aliasvault/database 0700 100 102 - -"
|
|
"d /var/lib/aliasvault/logs 0750 100 102 - -"
|
|
"d /var/lib/aliasvault/secrets 0750 100 102 - -"
|
|
];
|
|
|
|
virtualisation.podman.enable = true;
|
|
virtualisation.oci-containers.backend = "podman";
|
|
|
|
virtualisation.oci-containers.containers.aliasvault = {
|
|
image = "ghcr.io/aliasvault/aliasvault:0.25.0";
|
|
autoStart = true;
|
|
|
|
ports = [
|
|
"127.0.0.1:8086:80"
|
|
"127.0.0.1:8444:443"
|
|
"127.0.0.1:2525:25"
|
|
"127.0.0.1:5877:587"
|
|
];
|
|
|
|
volumes = [
|
|
"/var/lib/aliasvault/database:/database:rw"
|
|
"/var/lib/aliasvault/logs:/logs:rw"
|
|
"/var/lib/aliasvault/secrets:/secrets:rw"
|
|
];
|
|
|
|
environment = {
|
|
HOSTNAME = "pass.kylekrein.com";
|
|
PUBLIC_REGISTRATION_ENABLED = "false";
|
|
IP_LOGGING_ENABLED = "true";
|
|
FORCE_HTTPS_REDIRECT = "false";
|
|
SUPPORT_EMAIL = "";
|
|
PRIVATE_EMAIL_DOMAINS = "notthebees.org";
|
|
};
|
|
};
|
|
|
|
# Nginx
|
|
services.nginx.virtualHosts."pass.kylekrein.com" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations = {
|
|
"/" = {
|
|
proxyPass = "http://localhost:8086/";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Firewall
|
|
networking.firewall.allowedTCPPorts = [80 443 587 25];
|
|
}
|