nixos-config/modules/system/services/server/vaultwarden/default.nix

{ config, lib, ... }:
{
  imports = [ ./nginx ];

  config = lib.mkIf config.system.server.enable {
    services.vaultwarden = {
      enable = true;
      config = {
        DOMAIN = "https://pass.${config.domains.p2}";
        SIGNUPS_ALLOWED = false;
        ROCKET_ADDRESS = "127.0.0.1";
        ROCKET_PORT = 8222;
        ROCKET_LOG = "critical";

        # Smtp email
        SMTP_HOST = "mx.${config.domains.p2}";
        SMTP_FROM = "noreply@${config.domains.p2}";
        SMTP_FROM_NAME = "Vaultwarden";
        SMTP_USERNAME = "noreply@${config.domains.p2}";
        SMTP_PASSWORD = config.secrets.noreplyPassword;
        SMTP_SECURITY = "starttls";
        SMTP_PORT = 587;
        SMTP_TIMEOUT = 15;
      };
    };
    environment.persistence."/persist".directories = [
      "/var/lib/bitwarden_rs"
    ];
  };
}