From 2bec46813c38515d3616a5a09912603e300cd54e Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Mon, 10 Mar 2025 15:59:58 -0500
Subject: [PATCH] wip vault

---
 hosts/oracle/o001/vaultwarden.nix | 58 ++++++++++++++++++++++++++-----
 1 file changed, 50 insertions(+), 8 deletions(-)

diff --git a/hosts/oracle/o001/vaultwarden.nix b/hosts/oracle/o001/vaultwarden.nix
index 5a7d489..794571c 100644
--- a/hosts/oracle/o001/vaultwarden.nix
+++ b/hosts/oracle/o001/vaultwarden.nix
@@ -1,19 +1,52 @@
 {
+  lib,
+  config,
   ...
 }:
+let
+  name = "vaultwarden";
+  hostDataDir = "/var/lib/${name}";
+  localAddress = "192.168.100.111";
+
+  binds = [
+    {
+      host = "${hostDataDir}/data";
+      container = "/data?";
+      user = config.users.users.vaultwarden.name;
+    }
+  ];
+in
 {
-  containers.vaultwarden = {
+  users = lib.foldl (
+    acc: bind:
+    {
+      users.${bind.user} = {
+        isSystemUser = true;
+        home = bind.host;
+        createHome = true;
+        group = bind.user;
+      };
+      groups.${bind.user} = { };
+    }
+    // acc
+  ) { } binds;
+
+  containers.${name} = {
     ephemeral = true;
     autoStart = true;
     privateNetwork = true;
     hostAddress = "192.168.100.2";
-    localAddress = "192.168.100.12";
-    bindMounts = {
-      "/incontainer" = {
-        hostPath = "/asd";
-        isReadOnly = false;
-      };
-    };
+    localAddress = localAddress;
+    bindMounts = lib.foldl (
+      acc: bind:
+      {
+        "${bind.container}" = {
+          hostPath = bind.host;
+          isReadOnly = false;
+        };
+      }
+      // acc
+    ) { } binds;
     config =
       { ... }:
       {
@@ -28,4 +61,13 @@
         };
       };
   };
+
+  services.nginx.virtualHosts."vault.joshuabell.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+    locations = {
+      "/" = {
+      };
+    };
+  };
 }