{ config, pkgs, lib, ... }:

lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004"){
  services.vaultwarden = {
    enable = true;

    backupDir = "/var/local/vaultwarden/backup";

    config = {
      SIGNUPS_ALLOWED = true;
      ROCKET_PORT = 8222;
    };
  };

  services.nginx = {
    enable = true;

    virtualHosts = {
      "${config.HostName}" = {
        listen = [{ addr = "0.0.0.0"; port = 8000; }];
        locations."/" = {
          proxyPass = "http://127.0.0.1:8222";
          extraConfig = ''
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
          '';
        };
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 8000 ];
}