{ config, ... }: let host = "pass.dgnum.eu"; in { services.vaultwarden = { enable = true; config = { DOMAIN = "https://${host}"; WEBSOCKET_ENABLED = true; WEBSOCKET_PORT = 10500; SIGNUPS_DOMAINS_WHITELIST = "dgnum.eu,ens.fr,ens.psl.eu"; ROCKET_PORT = 10501; ROCKET_ADDRESS = "127.0.0.1"; SIGNUPS_VERIFY = true; USE_SYSLOG = true; DATABASE_URL = "postgresql://vaultwarden?host=/run/postgresql"; SMTP_USERNAME = "web-services@infra.dgnum.eu"; SMTP_FROM = "noreply@infra.dgnum.eu"; SMTP_FROM_NAME = "DGNum Vault"; SMTP_PORT = 465; SMTP_HOST = "kurisu.lahfa.xyz"; SMTP_SECURITY = "force_tls"; }; dbBackend = "postgresql"; environmentFile = config.age.secrets."vaultwarden-environment_file".path; }; services = { nginx = { enable = true; virtualHosts.${host} = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:10501"; proxyWebsockets = true; }; "/notifications/hub" = { proxyPass = "http://127.0.0.1:10500"; proxyWebsockets = true; }; "/notifications/hub/negotiate" = { proxyPass = "http://127.0.0.1:10501"; proxyWebsockets = true; }; }; }; }; postgresql = { enable = true; ensureDatabases = [ "vaultwarden" ]; ensureUsers = [ { name = "vaultwarden"; ensureDBOwnership = true; } ]; }; }; dgn-backups.jobs.vaultwarden.settings.paths = [ "/var/lib/bitwarden_rs" ]; dgn-backups.postgresDatabases = [ "vaultwarden" ]; }