nixdots/modules/servers/per-host/kittykat/vaultwarden.nix

{...}: {
  services.vaultwarden = {
    enable = true;

    config = {
      DOMAIN = "https://vault.kittykat.poggerer.xyz";
      SIGNUPS_ALLOWED = false;
      ROCKET_PORT = 8222;
    };
  };
  services.traefik.dynamicConfigOptions.http = {
    routers.vaultwarden = {
      rule = "Host(`vault.kittykat.poggerer.xyz`)";
      entryPoints = ["websecure"];
      service = "vaultwarden";
      tls.certResolver = "letsencrypt";
    };

    services.vaultwarden = {
      loadBalancer = {
        servers = [
          {url = "http://127.0.0.1:8222";}
        ];
      };
    };
  };
}