#
# System notifications
#

{ config, lib, pkgs, ... }:

{
  services.vaultwarden = {
    enable = true;
    dbBackend = "postgresql";
    backupDir = "/var/backup/vaultwarden";
    environmentFile = config.age.secrets."services/vaultwarden/environment".path;
    config = {
      DOMAIN = "https://vault.kabtop.de";
      SIGNUPS_ALLOWED = false;
      ROCKET_ADDRESS = "127.0.0.1";
      ROCKET_PORT = 8222;

      ROCKET_LOG = "critical";
    };
  };

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "${config.services.vaultwarden.config.DOMAIN}" = {
        enableACME = true;
        forceSSL = true;
        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
      };
    };
  };
  age.secrets."services/vaultwarden/environment" = {
      file = ../../../secrets/services/vaultwarden/environment.age;
      owner = "vaultwarden";
  };
}