containers: add vaultwarden

Signed-off-by: Myned <dev@bjork.tech>

options/custom/containers/vaultwarden.nix

@@ -0,0 +1,40 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.custom.containers.vaultwarden;
+in {
+  options.custom.containers.vaultwarden = {
+    enable = mkOption {default = false;};
+    menu = mkOption {default = true;};
+  };
+
+  config = mkIf cfg.enable {
+    age.secrets = let
+      secret = filename: {
+        file = "${inputs.self}/secrets/${filename}";
+      };
+    in {
+      "${config.custom.profile}/vaultwarden/.env" = secret "${config.custom.profile}/vaultwarden/.env";
+    };
+
+    #?? arion-vaultwarden pull
+    environment.shellAliases.arion-vaultwarden = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.vaultwarden.settings.out.dockerComposeYaml}";
+
+    virtualisation.arion.projects.vaultwarden.settings.services = {
+      # https://github.com/dani-garcia/vaultwarden
+      # https://github.com/dani-garcia/vaultwarden/wiki
+      vaultwarden.service = {
+        container_name = "vaultwarden";
+        env_file = [config.age.secrets."${config.custom.profile}/vaultwarden/.env".path];
+        image = "vaultwarden/server:1.33.1";
+        ports = ["8008:80"];
+        restart = "unless-stopped";
+        volumes = ["${config.custom.containers.directory}/vaultwarden/data:/data"];
+      };
+    };
+  };
+}

profiles/server/default.nix

@@ -24,6 +24,7 @@
       #// owncast.enable = true;
       #// redlib.enable = true;
       #// searxng.enable = true;
+      vaultwarden.enable = true;
     };
 
     services = {

secrets/secrets.nix

@@ -87,4 +87,5 @@ in {
   "server/searxng/.env".publicKeys = server;
   "server/users/myned.pass".publicKeys = server;
   "server/users/root.pass".publicKeys = server;
+  "server/vaultwarden/.env".publicKeys = server;
 }