{
  lib,
  config,
  pkgs,
  ...
}:
let
  cfg = config.my.servers.vaultwarden;
  setup = import ../factories/mkserver.nix { inherit lib config; };
in
{
  options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222;
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
    sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
    services.vaultwarden = {
      inherit (cfg) enable;
      dbBackend = "postgresql";
      package = pkgs.vaultwarden;
      environmentFile = config.sops.secrets.vaultwarden.path;
      config = {
        # ROCKET_ADDRESS = "${config.my.localhost}"; # VPS
        ROCKET_ADDRESS = cfg.ip;
        ROCKET_PORT = cfg.port;
        WEBSOCKET_PORT = 8333;
        DATABASE_URL = "postgresql:///${cfg.name}?host=${config.my.postgresSocket}";
        ENABLE_DB_WAL = false;
        WEBSOCKET_ENABLED = true;
        SHOW_PASSWORD_HINT = false;
        EXTENDED_LOGGING = true;
        LOG_LEVEL = "warn";
      };
    };
  };
}