From 1c6b3267d8c1240ae27ffe5a574b68e1adc2dda6 Mon Sep 17 00:00:00 2001
From: 514fpv <koishi@514fpv.one>
Date: Tue, 19 Mar 2024 09:50:08 +0800
Subject: [PATCH] feat(eientei): enable vaultwarden

---
 spec/eientei/vaultwarden.nix | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 spec/eientei/vaultwarden.nix

diff --git a/spec/eientei/vaultwarden.nix b/spec/eientei/vaultwarden.nix
new file mode 100644
index 00000000..8e6d6d30
--- /dev/null
+++ b/spec/eientei/vaultwarden.nix
@@ -0,0 +1,27 @@
+{
+  services.vaultwarden = {
+    enable = true;
+    environmentFile = "/nix/persist/service/vaultwarden/secret.env";
+    config = {
+      domain = "https://vault.514fpv.io:2096";
+      signupsAllowed = true;
+      rocketAddress = "127.0.0.1";
+      rocketPort = 8222;
+      rocketLog = "critical";
+      databaseUrl = "postgresql:///vaultwarden";
+    };
+    dbBackend = "postgresql";
+  };
+
+  services.nginx.virtualHosts."vault.514fpv.io" = {
+    useACMEHost = ".514fpv.io";
+    addSSL = true;
+    locations."/".proxyPass = "http://127.0.0.1:8222";
+  };
+
+  environment.persistence."/nix/persist/fhs".directories = [
+    "/var/lib/bitwarden_rs"
+  ];
+
+  global.fs.zfs.mountpoints."/nix/persist/service/vaultwarden" = "service/vaultwarden";
+}