wip vault

hosts/oracle/o001/vaultwarden.nix

@@ -1,19 +1,52 @@
 {
+  lib,
+  config,
   ...
 }:
+let
+  name = "vaultwarden";
+  hostDataDir = "/var/lib/${name}";
+  localAddress = "192.168.100.111";
+
+  binds = [
+    {
+      host = "${hostDataDir}/data";
+      container = "/data?";
+      user = config.users.users.vaultwarden.name;
+    }
+  ];
+in
 {
-  containers.vaultwarden = {
+  users = lib.foldl (
+    acc: bind:
+    {
+      users.${bind.user} = {
+        isSystemUser = true;
+        home = bind.host;
+        createHome = true;
+        group = bind.user;
+      };
+      groups.${bind.user} = { };
+    }
+    // acc
+  ) { } binds;
+
+  containers.${name} = {
     ephemeral = true;
     autoStart = true;
     privateNetwork = true;
     hostAddress = "192.168.100.2";
-    localAddress = "192.168.100.12";
+    localAddress = localAddress;
-    bindMounts = {
+    bindMounts = lib.foldl (
-      "/incontainer" = {
+      acc: bind:
-        hostPath = "/asd";
+      {
-        isReadOnly = false;
+        "${bind.container}" = {
-      };
+          hostPath = bind.host;
-    };
+          isReadOnly = false;
+        };
+      }
+      // acc
+    ) { } binds;
     config =
       { ... }:
       {
@@ -28,4 +61,13 @@
         };
       };
   };
+
+  services.nginx.virtualHosts."vault.joshuabell.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+    locations = {
+      "/" = {
+      };
+    };
+  };
 }