{ inputs, outputs, lib, config, pkgs, ... }: let inherit (lib) types mkOption mkEnableOption mkIf; cfg = config.horseman.containers.vaultwarden; username = config.horseman.username; BACKUP_DIR = config.horseman.containers.backupDir; DATA_DIR = "/home/${username}/backups/volumes/vaultwarden"; in { options = { horseman.containers.vaultwarden = { enable = mkEnableOption "Password manager"; port = mkOption { default = 3000; type = types.int; }; url = mkOption { default = "https://vault.koendev.nl"; type = types.str; }; }; }; config = mkIf cfg.enable { systemd.timers."backup-vaultwarden" = { wantedBy = ["timers.target"]; timerConfig = { OnCalendar = "daily"; Persistent = true; }; }; environment.systemPackages = [pkgs.gnutar]; systemd.services."backup-vaultwarden" = { script = '' cd ${BACKUP_DIR} ${pkgs.gnutar}/bin/tar -cf vaultwarden-$(date +'%Y-%m-%d').tar ${DATA_DIR} ''; serviceConfig = { User = "root"; }; }; containers.vaultwarden = { autoStart = true; privateNetwork = true; hostAddress = "172.16.0.4"; localAddress = "192.168.100.4"; bindMounts = { "/var/lib/vaultwarden" = { hostPath = DATA_DIR; isReadOnly = false; }; # TODO set correct }; config = { config, pkgs, ... }: { environment.systemPackages = with pkgs; [ vaultwarden.webvault ]; services.vaultwarden = { enable = true; config = { ROCKET_PORT = cfg.port; ROCKET_ADDRESS = "0.0.0.0"; WEB_VAULT_FOLDER = "${pkgs.vaultwarden.webvault}/share/vaultwarden/vault"; }; }; networking = { firewall = { enable = true; allowedTCPPorts = [cfg.port]; }; useHostResolvConf = lib.mkForce false; }; system.stateVersion = "23.11"; }; }; }; }