{ config, ... }:
let
  PORT = config.svports.vaultwarden;
in
{
  services.vaultwarden = {
    enable = true;
    backupDir = "/var/backups/vaultwarden";
    environmentFile = "/var/secrets/vaultwarden";
    config = {
      DOMAIN = "https://vaultwarden.vt3e.cat";
      SIGNUPS_ALLOWED = false;

      ROCKET_ADDRESS = "127.0.0.1";
      ROCKET_PORT = PORT;
      ROCKET_LOG = "critical";

      SMTP_HOST = "smtp.resend.com";
      SMTP_PORT = 2587;
      SMTP_SECURITY = "starttls";

      SMTP_FROM = "meow@mail.wlo.moe";
      SMTP_FROM_NAME = "vaultmeowden";
      SMTP_USER = "resend";
      SMTP_USERNAME = "resend";
    };
  };

  services.caddy.virtualHosts."vaultwarden.vt3e.cat" = {
    hostName = "vaultwarden.vt3e.cat";
    extraConfig = ''
      encode zstd gzip
      reverse_proxy :${toString PORT} {
        header_up X-Real-IP {remote_host}
      }
    '';
  };

}