{ config, pkgs, lib, mkDomain, ... }: { # vaultwarden # Unofficial Bitwarden compatible server written in Rust services.vaultwarden = { enable = true; config = { # https://github.com/dani-garcia/vaultwarden/blob/1.24.0/.env.template # camelCase is converted to UPPER_SNAKE_CASE domain = "https://${mkDomain "vaultwarden"}"; # port is supported signupsAllowed = false; # rocket is the http library rocketAddress = "127.0.0.1"; rocketPort = 8222; #rocketWorkers = 10; rocketLog = "critical"; }; #dbBackend = "sqlite"; # backupDir = ""; # TODO }; services.nginx.virtualHosts.${mkDomain "vaultwarden"} = lib.mkIf config.services.vaultwarden.enable { forceSSL = true; # addSSL = true; enableACME = true; #useACMEHost = acmeDomain; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}"; proxyWebsockets = true; }; }; }