{ config, host, pkgs, username, ... }: let baseRepo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/${host}"; in { services = { vaultwarden = { enable = true; dbBackend = "sqlite"; config = { SIGNUPS_ALLOWED = false; ENABLE_WEBSOCKET = true; SENDS_ALLOWED = true; INVITATIONS_ENABLED = true; EMERGENCY_ACCESS_ALLOWED = true; EMAIL_ACCESS_ALLOWED = true; DOMAIN = "https://passwords.liv.town"; ROCKET_ADDRESS = "0.0.0.0"; ROCKET_PORT = 8003; }; }; nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "passwords.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; proxyWebsockets = true; }; }; }; }; # borgbackup.jobs."violet-vaultwarden" = { # paths = [ "/var/lib/bitwarden_rs" ]; # repo = "${baseRepo}/var-vaultwarden"; # encryption.mode = "none"; # compression = "auto,zstd"; # startAt = "daily"; # preHook = '' # systemctl stop vaultwarden # ''; # postHook = '' # systemctl start vaultwarden # if [ $exitStatus -eq 2 ]; then # ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) failed with errors" # else # ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) completed succesfully with exit status $exitStatus" # fi # ''; # user = "root"; # extraCreateArgs = [ # "--stats" # ]; # environment = { # BORG_RSH = "ssh -p 9123 -i /home/${username}/.ssh/id_ed25519"; # }; # }; }; }