main
 1{lib, ...}: {
 2  flake.modules.nixos."services/vaultwarden" = {config, ...}: {
 3    services.vaultwarden = {
 4      enable = true;
 5      dbBackend = "sqlite";
 6      config = {
 7        domain = "https://bitwarden.hpcesia.com";
 8        signupsAllowed = false;
 9        rocketAddress = "127.0.0.1";
10        rocketPort = 40031;
11        webVaultEnabled = true;
12      };
13    };
14
15    services.caddy.virtualHosts."bitwarden.hpcesia.com".extraConfig =
16      lib.mkIf config.services.caddy.enable
17      (let
18        localAddress = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
19      in ''
20        encode zstd gzip
21        reverse_proxy ${localAddress}
22      '');
23
24    services.restic.backups."${config.networking.hostName}-backup".paths =
25      lib.mkIf
26      (builtins.hasAttr "${config.networking.hostName}-backup" config.services.restic.backups)
27      ["/var/lib/vaultwarden"];
28  };
29}