nixos-selfhost/vaultwarden.nix

{...}: let
  domain = "pw.sondell.org";
  port = "8222";
in {
  #
  services.vaultwarden = {
    enable = true;
    config = {
      ROCKET_ADDRESS = "::1";
      ROCKET_PORT = 8222;
      SIGNUPS_ALLOWED = false;
    };
  };

  services.restic.backups = {
    "vaultwarden" = {
      passwordFile = "/etc/nixos/.secrets/restic_pw";
      repository = "sftp:Glenn@nas:/home/back/vaultwarden/restic";
      initialize = true;
      paths = [
        "/var/lib/bitwarden_rs"
      ];
      user = "root";
      timerConfig.OnCalendar = "02:05";
      pruneOpts = [
        "--keep-daily 10"
        "--keep-weekly 5"
        "--keep-monthly 12"
        "--keep-yearly 75"
      ];
    };
  };
  services.nginx.virtualHosts.${domain} = {
    locations."/" = {
      proxyPass = "http://localhost:${port}/";
    };
  };
}