nixos-hypervisor/services/vaultwarden/default.nix

{
  lib,
  config,
  ...
}: let
  cfg = config.services.vm_vaultwarden;
in {
  options.services.vm_vaultwarden = {
    enable = lib.mkEnableOption "Enable minimal config";
  };
  config = lib.mkIf cfg.enable {
    age.secrets.env-file = {
      file = ./secrets/env-file.age;
    };
    services = {
      vaultwarden = {
        enable = true;
        dbBackend = "postgresql";
        environmentFile = config.age.secrets.env-file.path;
        config = {
          DOMAIN = "https://vault.le43.eu";
          SIGNUPS_ALLOWED = false;
          IP_HEADER = "X-Forwarded-For";
        };
      };
    };
  };
}