{ config, ... }: let host = "pass.dgnum.eu"; in { services.vaultwarden = { enable = true; config = { DOMAIN = "https://${host}"; WEBSOCKET_ENABLED = true; WEBSOCKET_PORT = 10500; SIGNUPS_DOMAINS_WHITELIST = "dgnum.eu,ens.fr,ens.psl.eu"; ROCKET_PORT = 10501; ROCKET_ADDRESS = "127.0.0.1"; SIGNUPS_VERIFY = true; USE_SYSLOG = true; DATABASE_URL = "postgresql://vaultwarden?host=/run/postgresql"; SMTP_USERNAME = "web-services@infra.dgnum.eu"; SMTP_FROM = "noreply@infra.dgnum.eu"; SMTP_FROM_NAME = "DGNum Vault"; SMTP_PORT = 465; SMTP_HOST = "kurisu.lahfa.xyz"; SMTP_SECURITY = "force_tls"; }; dbBackend = "postgresql"; environmentFile = config.age.secrets."vaultwarden-environment_file".path; }; services = { nginx = { enable = true; virtualHosts.${host} = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:10501"; proxyWebsockets = true; }; "/notifications/hub" = { proxyPass = "http://127.0.0.1:10500"; proxyWebsockets = true; }; "/notifications/hub/negotiate" = { proxyPass = "http://127.0.0.1:10501"; proxyWebsockets = true; }; }; }; }; postgresql = { enable = true; ensureDatabases = [ "vaultwarden" ]; ensureUsers = [{ name = "vaultwarden"; ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; }; }]; }; }; }