services/vaultwarden: Provide SMTP/email support

config/hosts/athame/nixos.nix

@@ -73,7 +73,6 @@ with lib;
     device = "/dev/sda";
   };
 
-
   # Networking
 
   networking = {

config/services/mail/default.nix

@@ -4,7 +4,7 @@ with lib;
 
 let
   domains = [ "kittywitch" "dork" ];
-  users = [ "gitea" "kat" "keycloak" ];
+  users = [ "gitea" "kat" "keycloak" "vaultwarden" ];
 in
 {
   imports = [ sources.nixos-mailserver.outPath ];

config/services/vaultwarden/default.nix

@@ -1,15 +1,23 @@
-{ config, pkgs, lib, tf, ... }:
+{ config, pkgs, lib, tf, ... }: with lib;
 
 {
-  kw.secrets.variables = {
+  kw.secrets.variables = mapListToAttrs (field:
-    vaultwarden-admin-token = {
+    nameValuePair "vaultwarden-${field}" {
       path = "secrets/vaultwarden";
-    };
+      inherit field;
-  };
+    }) [ "password" "smtp" ];
 
   secrets.files.vaultwarden-env = {
     text = ''
-      ADMIN_TOKEN=${tf.variables.vaultwarden-admin-token.ref}
+      ADMIN_TOKEN=${tf.variables.vaultwarden-password.ref}
+      SMTP_HOST=athame.kittywit.ch
+      SMTP_FROM=vaultwarden@kittywit.ch
+      SMTP_FROM_NAME=Vaultwarden
+      SMTP_PORT=465
+      SMTP_SSL=true
+      SMTP_EXPLICIT_TLS=true
+      SMTP_USERNAME=vaultwarden@kittywit.ch
+      SMTP_PASSWORD=${tf.variables.vaultwarden-smtp.ref}
     '';
     owner = "bitwarden_rs";
     group = "bitwarden_rs";