add vaultwarden email and add 'login with device'

2 files changed, 18 insertions, 1 deletions

diff --git a/modules/mailserver.nix b/modules/mailserver.nix
index 3329d43..71ca506 100644
--- a/modules/mailserver.nix
+++ b/modules/mailserver.nix
@@ -21,6 +21,10 @@
       "wladislaw@krinitsin.com" = {
         hashedPasswordFile = "/secret/wladislaw@krinitsin.com";
       };
+      "vaultwarden@krinitsin.com" = {
+        hashedPasswordFile = "/secret/vaultwarden@krinitsin.com";
+	sendOnly = true;
+      };
     };
   };
 
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
index 4f5aa95..7511296 100644
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@@ -15,7 +15,20 @@
   services.nginx.virtualHosts."vault.krinitsin.com" = {
     forceSSL = true;
     useACMEHost = "krinitsin.com";
-    locations."/".proxyPass = "http://localhost:8222";
+    locations."/" = {
+      extraConfig = ''
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+      '';
+
+      proxyPass = "http://localhost:8222";
+    };
   };
 
   security.acme.certs."krinitsin.com".extraDomainNames = [ "vault.krinitsin.com" ];