nix-config/hosts/franz/arion/passwords/arion-compose.nix

50 lines
1.7 KiB
Nix
Raw Normal View History

2024-03-07 16:47:24 +01:00
{pkgs, ...}: {
project.name = "passwords";
networks.dmz = {
name = "dmz";
external = true;
};
services = {
vaultwarden.service = {
2024-03-31 22:05:29 +02:00
image = "vaultwarden/server:1.30.5";
2024-03-07 16:47:24 +01:00
container_name = "vaultwarden";
labels = {
"traefik.enable" = "true";
2024-07-05 15:41:20 +02:00
"traefik.docker.network" = "dmz";
"traefik.http.services.vaultwarden.loadbalancer.server.port" = "80";
"traefik.http.routers.vaultwarden.service" = "vaultwarden";
2024-03-07 16:47:24 +01:00
"traefik.http.routers.vaultwarden.entrypoints" = "websecure";
"traefik.http.routers.vaultwarden.rule" = "Host(`vaultwarden.ghoscht.com`)";
"traefik.http.routers.vaultwarden.tls" = "true";
"traefik.http.routers.vaultwarden.tls.certresolver" = "letsencrypt";
2024-07-05 15:41:20 +02:00
"traefik.http.services.vaultwarden-external.loadbalancer.server.port" = "80";
"traefik.http.routers.vaultwarden-external.service" = "vaultwarden-external";
"traefik.http.routers.vaultwarden-external.rule" = "Host(`vaultwarden.ghoscht.com`)";
"traefik.http.routers.vaultwarden-external.entrypoints" = "websecure-external";
"traefik.http.routers.vaultwarden-external.tls" = "true";
"traefik.http.routers.vaultwarden-external.tls.certresolver" = "letsencrypt";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
"diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$";
"diun.exclude_tags" = "\\b\\d{4,}\\b";
2024-03-07 16:47:24 +01:00
};
volumes = [
2024-03-31 22:05:29 +02:00
"/storage/dataset/docker/passwords/vaultwarden_data/:/data"
2024-03-07 16:47:24 +01:00
];
environment = {
DOMAIN = "http://vaultwarden.ghoscht.com";
};
restart = "always";
networks = [
"dmz"
];
};
};
}