{ config, pkgs, lib, ... }: let cfg = config.services.vaultwarden; domain = "pw.feal.no"; address = "127.0.1.2"; port = 3011; wsPort = 3012; in { sops.secrets."vaultwarden/admintoken" = { owner = "vaultwarden"; group = "vaultwarden"; }; services.vaultwarden = { enable = true; dbBackend = "postgresql"; environmentFile = config.sops.secrets."vaultwarden/admintoken".path; config = { domain = "https://${domain}"; rocketAddress = address; rocketPort = port; websocketEnabled = true; websocketAddress = address; websocketPort = wsPort; signupsAllowed = true; signupsVerify = true; signupsDomainsWhitelist = "albrigtsen.it"; databaseUrl = "postgresql://vaultwarden@/vaultwarden"; }; }; services.postgresql = { ensureDatabases = [ "vaultwarden" ]; ensureUsers = [{ name = "vaultwarden"; ensureDBOwnership = true; }]; }; services.postgresqlBackup.databases = [ "vaultwarden" ]; services.nginx.virtualHosts."${domain}" = { forceSSL = true; enableACME = true; listen = [ { addr = "192.168.10.175"; port = 43443; ssl = true; } { addr = "192.168.10.175"; port = 43080; ssl = false; } ]; extraConfig = '' client_max_body_size 128M; ''; locations."/" = { proxyPass = "http://${address}:${toString port}"; proxyWebsockets = true; }; locations."/notifications/hub" = { proxyPass = "http://${address}:${toString wsPort}"; proxyWebsockets = true; }; locations."/notifications/hub/negotiate" = { proxyPass = "http://${address}:${toString port}"; proxyWebsockets = true; }; }; }