From aca2962eec9ea786c028c51c196b5bd68d583907 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Fri, 6 Oct 2023 13:42:11 +0200
Subject: [PATCH] tsuki/vaultwarden: use socket activation

---
 hosts/tsuki/services/nginx/default.nix |  2 +-
 hosts/tsuki/services/vaultwarden.nix   | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/hosts/tsuki/services/nginx/default.nix b/hosts/tsuki/services/nginx/default.nix
index 9778ff9..2d1170d 100644
--- a/hosts/tsuki/services/nginx/default.nix
+++ b/hosts/tsuki/services/nginx/default.nix
@@ -57,7 +57,7 @@
       "pgadmin".servers."unix:${srv.uwsgi.instance.vassals.pgadmin.socket}" = { };
       "plex".servers."localhost:${s ports.plex}" = { };
       "proxmox".servers."${ips.px1}:${s ports.proxmox}" = { };
-      "vaultwarden".servers."localhost:${s srv.vaultwarden.config.ROCKET_PORT}" = { };
+      "vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { };
     };
 
     virtualHosts = let
diff --git a/hosts/tsuki/services/vaultwarden.nix b/hosts/tsuki/services/vaultwarden.nix
index d5bd3c1..6769876 100644
--- a/hosts/tsuki/services/vaultwarden.nix
+++ b/hosts/tsuki/services/vaultwarden.nix
@@ -1,5 +1,6 @@
-{ pkgs, config, ... }:
-{
+{ config, pkgs, ... }: let
+  cfg = config.services.vaultwarden;
+in {
   services.vaultwarden = {
     enable = true;
     dbBackend = "postgresql";
@@ -66,4 +67,11 @@
       })
     ];
   };
+
+  local.socketActivation.vaultwarden = {
+    enable = cfg.enable;
+    originalSocketAddress = "${cfg.config.ROCKET_ADDRESS}:${toString cfg.config.ROCKET_PORT}";
+    newSocketAddress = "/run/vaultwarden.sock";
+    privateNamespace = false;
+  };
 }