#
# System notifications
#

{ config, lib, pkgs, ... }:

{
  services.vaultwarden = {
    enable = true;
    dbBackend = "sqlite";
    backupDir = "/var/backup/vaultwarden";
    environmentFile = config.age.secrets."services/vaultwarden/environment".path;
    config = {
      DOMAIN = "https://vault.home.opel-online.de";
      SIGNUPS_ALLOWED = false;
      ROCKET_ADDRESS = "127.0.0.1";
      ROCKET_PORT = 8222;

      ROCKET_LOG = "critical";
    };
  };

  services.nginx = {
    virtualHosts = {
      "vault.home.opel-online.de" = {
        useACMEHost = "home.opel-online.de";
        forceSSL = true;
        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
      };
    };
  };

  age.secrets."services/vaultwarden/environment" = {
      file = ../../../secrets/services/vaultwarden/environment.age;
      owner = "vaultwarden";
  };

}