{ lib, config, pkgs, proxyReverse, ... }: {
  options.my.servers.vaultwarden.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.servers.vaultwarden.enable {
    services = {
      vaultwarden = {
        enable = true;
        dbBackend = "postgresql";
        package = pkgs.vaultwarden;
        environmentFile = "/var/lib/vaultwarden.env";
        config = {
          ROCKET_ADDRESS = "${config.my.localhost}";
          ROCKET_PORT = 8222;
          WEBSOCKET_PORT = 8333;
          DATABASE_URL =
            "postgresql:///vaultwarden?host=${config.my.postgresSocket}";
          ENABLE_DB_WAL = false;
          WEBSOCKET_ENABLED = true;
          SHOW_PASSWORD_HINT = false;
          SIGNUPS_ALLOWED = false;
          EXTENDED_LOGGING = true;
          LOG_LEVEL = "warn";
        };
      };
      nginx = {
        enable = true;
        virtualHosts."vault.${config.my.domain}" =
          proxyReverse config.services.vaultwarden.config.ROCKET_PORT // { };
      };
    };
  };
}