# # System notifications # { config, lib, pkgs, ... }: { services.vaultwarden = { enable = true; dbBackend = "sqlite"; backupDir = "/var/backup/vaultwarden"; environmentFile = config.age.secrets."services/vaultwarden/environment".path; config = { DOMAIN = "https://vault.home.opel-online.de"; SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; ROCKET_LOG = "critical"; }; }; services.nginx = { virtualHosts = { "vault.home.opel-online.de" = { useACMEHost = "home.opel-online.de"; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; }; }; }; age.secrets."services/vaultwarden/environment" = { file = ../../../secrets/services/vaultwarden/environment.age; owner = "vaultwarden"; }; }