isabelroses.com
my over complex system configurations
dotfiles.isabelroses.com/
nixos
nix
flake
dotfiles
linux
nixos/services/vaultwarden: add borgbackup
+16
-10
+16
-10
modules/nixos/services/vaultwarden.nix
+16
-10
modules/nixos/services/vaultwarden.nix
···
18
18
};
19
19
20
20
config = mkIf cfg.enable {
21
-
sops.secrets.vaultwarden-env = mkSecret {
22
-
file = "vaultwarden";
23
-
key = "env";
24
-
owner = "vaultwarden";
25
-
group = "vaultwarden";
21
+
sops.secrets = {
22
+
vaultwarden-env = mkSecret {
23
+
file = "vaultwarden";
24
+
key = "env";
25
+
owner = "vaultwarden";
26
+
group = "vaultwarden";
27
+
};
28
+
29
+
borg-vaultwarden-pass = mkSecret {
30
+
file = "borg";
31
+
key = "vaultwarden-passphrase";
32
+
};
26
33
};
27
34
28
-
# this forces the system to create backup folder
29
-
systemd.services.backup-vaultwarden.serviceConfig = {
30
-
User = "root";
31
-
Group = "root";
35
+
garden.services.borgbackup.jobs.vaultwarden = {
36
+
paths = [ config.services.vaultwarden.config.DATA_DIR ];
37
+
repo = "vaultwarden";
38
+
passkeyFile = config.sops.secrets.borg-vaultwarden-pass.path;
32
39
};
33
40
34
41
services = {
35
42
vaultwarden = {
36
43
enable = true;
37
44
environmentFile = config.sops.secrets.vaultwarden-env.path;
38
-
backupDir = "/srv/storage/vaultwarden/backup";
39
45
40
46
# https://github.com/dani-garcia/vaultwarden/blob/1.34.1/.env.template
41
47
config = {