feat(vps): add caddy reverse proxy for vaultwarden at /vaultwarden/

2025-10-04 07:25:40 +00:00 · 2025-10-02 21:41:42 +09:00 · 2025-10-02 21:41:42 +09:00 · 1f28e2853d
commit 1f28e2853d
parent 362e2f99b1
3 changed files with 9 additions and 0 deletions
--- a/hosts/vps/modules/services/caddy.nix
+++ b/hosts/vps/modules/services/caddy.nix
@ -1,3 +1,5 @@
+{ pkgs, ... }:
+
 {
  services.caddy = {
    enable = true;
@ -6,5 +8,10 @@
    virtualHosts."i.toast.name".extraConfig = ''
      reverse_proxy http://127.0.0.1:3000
    '';
+
+    # vaultwarden
+    virtualHosts."vps.curl-pence.ts.net".extraConfig = ''
+      reverse_proxy /vaultwarden/* http://127.0.0.1:8222
+    '';
  };
 }
--- a/hosts/vps/modules/services/tailscale.nix
+++ b/hosts/vps/modules/services/tailscale.nix
@ -7,5 +7,6 @@
    enable = true;
    authKeyFile = config.sops.secrets."tailscale/authkey".path;
    useRoutingFeatures = "both";
+    permitCertUid = "caddy";
  };
 }
--- a/hosts/vps/modules/services/vaultwarden.nix
+++ b/hosts/vps/modules/services/vaultwarden.nix
@ -4,6 +4,7 @@
    config = {
      ROCKET_ADDRESS = "127.0.0.1";
      ROCKET_PORT = 8222;
+      DOMAIN = "https://vps.curl-pence.ts.net/vaultwarden";
    };
  };
 }