{ config, pkgs, deployment, ... }: { imports = [ ../../common ../../common/lxc.nix ]; networking.hostName = "vaultwarden"; system.stateVersion = "21.11"; # networking.firewall.allowedTCPPorts = [ 8000 ]; # networking.firewall.allowedUDPPorts = [ 8000 ]; networking.firewall.enable = false; deployment.keys."envFile" = { user = "vaultwarden"; group = "vaultwarden"; destDir = "/var/lib/keys"; keyCommand = [ "vault" "kv" "get" "-field=env" "kv/vaultwarden" ]; }; services.vaultwarden = { enable = true; dbBackend = "postgresql"; environmentFile = "/var/lib/keys/envFile"; config = { domain = "https://vaultwarden.asraphiel.dev"; signupsDomainsWhitelist = "voidcorp.nl"; rocketPort = 8000; rocketAddress = "0.0.0.0"; }; }; }