{ config, container, lib, ... }: let cfg = config.container.module.pass; in { options.container.module.pass = { enable = lib.mkEnableOption "the password manager."; address = lib.mkOption { default = "10.1.0.9"; type = lib.types.str; }; port = lib.mkOption { default = 8000; type = lib.types.int; }; domain = lib.mkOption { default = "pass.${config.container.domain}"; type = lib.types.str; }; storage = lib.mkOption { default = "${config.container.storage}/pass"; type = lib.types.str; }; }; config = lib.mkIf cfg.enable { systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; containers.pass = container.mkContainer cfg { bindMounts = { "/var/lib/vaultwarden" = { hostPath = "${cfg.storage}/data"; isReadOnly = false; }; }; config = { ... }: container.mkContainerConfig cfg { services.vaultwarden = { enable = true; dbBackend = "sqlite"; environmentFile = "/var/lib/vaultwarden/Env"; config = { DATA_FOLDER = "/var/lib/vaultwarden"; DOMAIN = "http://${cfg.domain}"; ROCKET_ADDRESS = cfg.address; ROCKET_PORT = cfg.port; SIGNUPS_ALLOWED = false; WEB_VAULT_ENABLED = true; }; }; }; }; }; }