{ config, lib, pkgs, unstable, ... }:

let
  dn = "vault.tfcconnection.org";
in
with lib;
{
  services = {
    vaultwarden = {
      environmentFile = /vaultenv;
      config = {
        DOMAIN = "https://${dn}";
        SIGNUPS_ALLOWED = false;
        ROCKET_ADDRESS = "127.0.0.1";
        ROCKET_PORT = 8222;

        ROCKET_LOG = "critical";

        SMTP_HOST = "127.0.0.1";
        SMTP_PORT = 25;
        SMTP_SSL = false;

        SMTP_FROM = "no-reply@mail.tfcconnection.org";
        SMTP_FROM_NAME = "TFC ADMIN Bitwarden";
      };

    };
    nginx.virtualHosts.${dn} = {
      forceSSL = true;
      enableACME = true;
      locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
    };
  };
}