Setup vaultwarden on monolith

hosts/monolith/default.nix

@@ -6,6 +6,7 @@
     self.nixosModules.server
     self.nixosModules.zerotier
     ./dns.nix
+    ./vault.nix
   ];
 
   networking = {

hosts/monolith/vault.nix

@@ -0,0 +1,20 @@
+{ secrets, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      domain = "https://vault.leaf.ninja";
+      signupsAllowed = false;
+      rocketAddress = "0.0.0.0";
+      rocketPort = 8222;
+      smtpHost = "smtp.migadu.com";
+      smtpFrom = "vaultwarden@leaf.ninja";
+      smtpPort = 587;
+      smtpSecurity = "starttls";
+      smtpUsername = "vaultwarden@leaf.ninja";
+      smtpPassword = secrets.vaultwarden.smtpPassword;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8222 ];
+}