nix-config/hosts/nixedo/services/vaultwarden.nix

{
  config,
  inputs,
  lib,
  ...
}:

with lib;

let
  cfg = homelab.services.${service};
  homelab = config.homelab;
  service = "vaultwarden";
in
{
  options.homelab.services.${service} = {
    enable = mkEnableOption "Enable ${service}";

    url = mkOption {
      default = "${service}.${homelab.domain}";
      type = types.str;
    };
  };

  config = mkIf cfg.enable {
    services = {
      ${service} = {
        enable = true;

        environmentFile = config.age.secrets.vaultwarden-env.path;

        config = {
          DOMAIN = "https://${cfg.url}";
          ROCKET_ADDRESS = "127.0.0.1";
          ROCKET_PORT = homelab.ports.${service};
          SIGNUPS_ALLOWED = false;
        };
      };

      nginx.virtualHosts.${cfg.url} = {
        forceSSL = true;
        useACMEHost = homelab.domain;

        locations."/" = {
          proxyPass = "http://localhost:${toString config.services.${service}.config.ROCKET_PORT}";
          recommendedProxySettings = true;
        };
      };
    };

    age.secrets.vaultwarden-env.file = "${inputs.self}/secrets/vaultwarden-env.age";
  };
}
Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`{`
			`config,`
Re-configure vaultwarden 2025-08-14 16:35:40 +01:00			`inputs,`
Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`lib,`
			`...`
			`}:`

			`with lib;`

			`let`
			`cfg = homelab.services.${service};`
Remove `features` 2025-05-03 16:50:27 +01:00			`homelab = config.homelab;`
Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`service = "vaultwarden";`
			`in`
			`{`
Remove `features` 2025-05-03 16:50:27 +01:00			`options.homelab.services.${service} = {`
Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`enable = mkEnableOption "Enable ${service}";`

			`url = mkOption {`
Rename `baseDomain` to `domain` 2025-05-03 01:13:51 +01:00			`default = "${service}.${homelab.domain}";`
Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`type = types.str;`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`services = {`
			`${service} = {`
			`enable = true;`

Re-configure vaultwarden 2025-08-14 16:35:40 +01:00			`environmentFile = config.age.secrets.vaultwarden-env.path;`

Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`config = {`
			`DOMAIN = "https://${cfg.url}";`
Automated dev commit 2025-04-30 20:15:57 +01:00			`ROCKET_ADDRESS = "127.0.0.1";`
Refactor homelab ports 2025-05-03 22:30:39 +01:00			`ROCKET_PORT = homelab.ports.${service};`
Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`SIGNUPS_ALLOWED = false;`
			`};`
			`};`

Re-configure vaultwarden 2025-08-14 16:35:40 +01:00			`nginx.virtualHosts.${cfg.url} = {`
			`forceSSL = true;`
			`useACMEHost = homelab.domain;`

			`locations."/" = {`
			`proxyPass = "http://localhost:${toString config.services.${service}.config.ROCKET_PORT}";`
			`recommendedProxySettings = true;`
			`};`
Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`};`
			`};`
Re-configure vaultwarden 2025-08-14 16:35:40 +01:00
			`age.secrets.vaultwarden-env.file = "${inputs.self}/secrets/vaultwarden-env.age";`
Re-add Vaultwarden 2025-04-30 14:21:52 +01:00			`};`
			`}`