lux/modules/features/services/vaultwarden.nix

{ den, ... }:
{
  lux.services._.vaultwarden = den.lib.perHost ({ host }: {
    nixos = { config, ... }: {
      services.vaultwarden = {
        enable = true;
        backupDir = "/var/backup/vaultwarden";
        config = {
          DOMAIN = "https://vault.${host.serviceDomain}";
          SIGNUPS_ALLOWED = false;
          ROCKET_PORT = 8100;
          ROCKET_LOG = "critical";
        };
      };

      services.caddy.virtualHosts."vault.${host.serviceDomain}".extraConfig =
        "reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}";
    };
  });
}