{ config, lib, ... }:
{
  imports = [ ./nginx ];

  config = lib.mkIf config.services.vaultwarden.enable {
    services.vaultwarden.config = {
      domain = "https://pass.${config.vars.mainDomain}";
      signupsAllowed = false;
      rocketAddress = "127.0.0.1";
      rocketPort = 8222;

      # Smtp email
      smtpHost = "mx.${config.vars.mainDomain}";
      smtpFrom = "noreply@${config.vars.mainDomain}";
      smtpFromName = "Vaultwarden";
      smtpUsername = "noreply@${config.vars.mainDomain}";
      smtpPassword = config.secrets.mailPass.nixfoxNoReply;
      smtpSecurity = "starttls";
      smtpPort = 587;
      smtpTimeout = 15;
    };

    environment.persistence."/persist".directories = [ "/var/lib/vaultwarden" ];
  };
}