{ container, lib, config, ... }: with lib; let cfg = config.container.module.pass; in { options = { container.module.pass = { enable = mkEnableOption "Password manager"; address = mkOption { default = "10.1.0.9"; type = types.str; }; port = mkOption { default = 8000; type = types.int; }; domain = mkOption { default = "pass.${config.container.domain}"; type = types.str; }; storage = mkOption { default = "${config.container.storage}/pass"; type = types.str; }; }; }; config = mkIf cfg.enable { systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; containers.pass = container.mkContainer cfg { bindMounts = { "/var/lib/bitwarden_rs" = { hostPath = "${cfg.storage}/data"; isReadOnly = false; }; }; config = { ... }: container.mkContainerConfig cfg { services.vaultwarden = { enable = true; dbBackend = "sqlite"; environmentFile = "/var/lib/bitwarden_rs/Env"; config = { # DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden"; DATA_FOLDER = "/var/lib/bitwarden_rs"; DOMAIN = "http://${cfg.domain}"; SIGNUPS_ALLOWED = false; WEB_VAULT_ENABLED = true; ROCKET_ADDRESS = cfg.address; ROCKET_PORT = cfg.port; }; }; }; }; }; }