{pkgs, ...}: { project.name = "passwords"; networks.dmz = { name = "dmz"; external = true; }; services = { vaultwarden.service = { image = "vaultwarden/server:1.32.4"; container_name = "vaultwarden"; labels = { "traefik.enable" = "true"; "diun.enable" = "true"; "traefik.docker.network" = "dmz"; "traefik.http.services.vaultwarden.loadbalancer.server.port" = "80"; "traefik.http.routers.vaultwarden.service" = "vaultwarden"; "traefik.http.routers.vaultwarden.entrypoints" = "websecure"; "traefik.http.routers.vaultwarden.rule" = "Host(`vault.ghoscht.com`)"; "traefik.http.routers.vaultwarden.tls" = "true"; "traefik.http.routers.vaultwarden.tls.certresolver" = "letsencrypt"; "traefik.http.services.vaultwarden-external.loadbalancer.server.port" = "80"; "traefik.http.routers.vaultwarden-external.service" = "vaultwarden-external"; "traefik.http.routers.vaultwarden-external.rule" = "Host(`vault.ghoscht.com`)"; "traefik.http.routers.vaultwarden-external.entrypoints" = "websecure-external"; "traefik.http.routers.vaultwarden-external.tls" = "true"; "traefik.http.routers.vaultwarden-external.tls.certresolver" = "letsencrypt"; }; volumes = [ "/storage/dataset/docker/passwords/vaultwarden_data/:/data" ]; environment = { DOMAIN = "http://vaultwarden.ghoscht.com"; }; restart = "always"; networks = [ "dmz" ]; }; }; }