crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

vaultwarden: add nullmailer to systemd service

merge-requests/19/head
RatCornu 2025-05-29 19:31:47 +02:00
parent a35a537c29
commit a8061ccb37
No known key found for this signature in database
GPG Key ID: B3BE02E379E6E8E2
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/crans/nullmailer.nix
View File

@ -4,6 +4,7 @@
services.nullmailer = { services.nullmailer = {
enable = true; enable = true;
setSendmail = true;
config = { config = {
remotes = '' remotes = ''
smtp.adm.crans.org smtp smtp.adm.crans.org smtp

21
modules/services/vaultwarden.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, lib, ... }:
{ {
imports = [ imports = [
@ -14,7 +14,26 @@
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
dbBackend = "postgresql"; dbBackend = "postgresql";
environmentFile = config.age.secrets.env.path; environmentFile = config.age.secrets.env.path;
config = {
SENDMAIL_COMMAND = "${config.security.wrapperDir}/sendmail";
};
};
users.users.vaultwarden.extraGroups = [ "nullmailer" ];
systemd.services.vaultwarden = {
path = [ "/run/wrappers" ];
serviceConfig = {
NoNewPrivileges = lib.mkForce false;
PrivateUsers = lib.mkForce false;
SystemCallFilter = lib.mkForce [ "@system-service" ];
RestrictAddressFamilies = [
"AF_LOCAL"
"AF_NETLINK"
];
ReadWritePaths = [ "/var/spool/nullmailer/" ];
};
}; };
services.nginx.virtualHosts."vaultwarden.crans.org" = { services.nginx.virtualHosts."vaultwarden.crans.org" = {