{ config, pkgs, lib, inputs, ... }: with lib; let name = "vaultwarden"; cfg = config.services.skynet."${name}"; domain_sub = "pw"; domain = "${domain_sub}.skynet.ie"; in { imports = [ ]; options.services.skynet."${name}" = { enable = mkEnableOption "Skynet VaultWarden server"; }; config = mkIf cfg.enable { #backups = [ "/etc/silver_ul_ical/database.db" ]; # Website config services.skynet.acme.domains = [ domain ]; services.skynet.dns.records = [ { record = domain_sub; r_type = "CNAME"; value = config.services.skynet.host.name; } ]; services.nginx.virtualHosts = { "${domain}" = { forceSSL = true; useACMEHost = "skynet"; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; }; }; }; # has ADMIN_TOKEN and SMTP_PASSWORD age.secrets.bitwarden_details.file = ../../secrets/bitwarden/details.age; services.vaultwarden = { enable = true; environmentFile = config.age.secrets.bitwarden_details.path; config = { DOMAIN = "https://${domain}"; SENDS_ALLOWED = true; SIGNUPS_ALLOWED = false; INVITATION_ORG_NAME = "Skyhold"; ORG_GROUPS_ENABLED = true; USE_SENDMAIL = false; SMTP_HOST = "mail.skynet.ie"; SMTP_FROM = "vaultwarden@skynet.ie"; SMTP_FROM_NAME = "Skynet Bitwarden server"; SMTP_SECURITY = "starttls"; SMTP_PORT = 587; SMTP_USERNAME = "vaultwarden@skynet.ie"; SMTP_AUTH_MECHANISM = "Login"; SMTP_EMBED_IMAGES = true; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; ROCKET_LOG = "critical"; }; }; }; }