main
1{lib, ...}: {
2 flake.modules.nixos."services/vaultwarden" = {config, ...}: {
3 services.vaultwarden = {
4 enable = true;
5 dbBackend = "sqlite";
6 config = {
7 domain = "https://bitwarden.hpcesia.com";
8 signupsAllowed = false;
9 rocketAddress = "127.0.0.1";
10 rocketPort = 40031;
11 webVaultEnabled = true;
12 };
13 };
14
15 services.caddy.virtualHosts."bitwarden.hpcesia.com".extraConfig =
16 lib.mkIf config.services.caddy.enable
17 (let
18 localAddress = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
19 in ''
20 encode zstd gzip
21 reverse_proxy ${localAddress}
22 '');
23
24 services.restic.backups."${config.networking.hostName}-backup".paths =
25 lib.mkIf
26 (builtins.hasAttr "${config.networking.hostName}-backup" config.services.restic.backups)
27 ["/var/lib/vaultwarden"];
28 };
29}