caddy support multi domain

modules/services/vaultwarden.nix

@@ -13,6 +13,14 @@ in
   options.my.services.vaultwarden = {
     enable = lib.mkEnableOption "Enable Vaultwarden module";
 
+    adminPasswordFile = lib.mkOption {
+      default = "";
+      type = lib.types.str;
+      description = ''
+        Path to the file containing the admin password for Vaultwarden
+      '';
+    };
+
     proxy = {
       enable = lib.mkEnableOption "Set the proxy entry for this service";
 
@@ -24,6 +32,14 @@ in
         '';
       };
 
+      subdomain = lib.mkOption {
+        default = "vault";
+        type = lib.types.str;
+        description = ''
+          The subdomain where Vaultwarden is reachable
+        '';
+      };
+
       host = lib.mkOption {
         default = "localhost";
         type = lib.types.str;
@@ -38,8 +54,6 @@ in
   config = lib.mkMerge [
     (lib.mkIf cfg.enable {
 
-      age.secrets.vaultwarden-admin-pwd.file = ../../secrets/vaultwarden-admin-pwd.age;
-
       my.services.postgresql = {
         enable = true;
         ensures = [
@@ -53,7 +67,7 @@ in
       services.vaultwarden = {
         enable = true;
         dbBackend = "postgresql";
-        environmentFile = config.age.secrets.vaultwarden-admin-pwd.path;
+        environmentFile = cfg.adminPasswordFile;
         config = {
           DOMAIN = "https://vault.${cfg.proxy.domain}";
           SENDS_ALLOWED = true;
@@ -75,9 +89,9 @@ in
 
     (lib.mkIf cfg.proxy.enable {
       services.caddy = with cfg.proxy; {
-        virtualHosts."vault.${domain}".extraConfig = ''
+        virtualHosts."${subdomain}.${domain}".extraConfig = ''
           reverse_proxy http://${host}:${toString rocketPort}
-          import cloudflare
+          import cloudflare_${domain}
         '';
       };
     })