From 60c4022ef306d13ae4bb410b50e63ff6bbd0565a Mon Sep 17 00:00:00 2001
From: Lukas Wurzinger <lukas@wrz.one>
Date: Wed, 14 Feb 2024 23:14:00 +0100
Subject: [PATCH] Vaultwarden secrets

---
 hosts/abacus/vaultwarden.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hosts/abacus/vaultwarden.nix b/hosts/abacus/vaultwarden.nix
index 023552c..d81cb50 100644
--- a/hosts/abacus/vaultwarden.nix
+++ b/hosts/abacus/vaultwarden.nix
@@ -2,6 +2,12 @@
   inherit (config.networking) domain;
   virtualHostName = "vault.${domain}";
 in {
+  age.secrets.vaultwarden = {
+    file = ../../secrets/vaultwarden.age;
+    owner = config.systemd.services.vaultwarden.serviceConfig.User;
+    group = config.systemd.services.vaultwarden.serviceConfig.Group;
+  };
+
   services.vaultwarden = {
     enable = true;
 
@@ -23,6 +29,8 @@ in {
       ROCKET_ADDRESS = "127.0.0.1";
       ROCKET_PORT = 8000;
     };
+
+    environmentFile = config.age.secrets.vaultwarden.path;
   };
 
   services.nginx.virtualHosts.${virtualHostName} = {