a

hosts/server/modules/vaultwarden.nix

@@ -9,10 +9,10 @@
   services.vaultwarden = {
     enable = true;
     dbBackend = "sqlite";
-    environmentFile = "/private/vaultwarden/vaultwarden.env";
+    environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
     config = {
       # Keep data alongside the secret env file so we can back it up together.
-      DATA_FOLDER = "/private/vaultwarden/data";
+      DATA_FOLDER = "/var/lib/vaultwarden/data";
       PUSH_RELAY_URI = "https://api.bitwarden.eu";
       PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
       DOMAIN = "https://vault.ocbwoy3.dev";
@@ -25,15 +25,15 @@
     };
   };
 
-  # Allow vaultwarden to write under /private/vaultwarden and ensure the directories exist.
+  # Allow vaultwarden to write under /var/lib/vaultwarden and ensure the directories exist.
   systemd.services.vaultwarden.serviceConfig = {
-    ReadWritePaths = [ "/private/vaultwarden" ];
+    ReadWritePaths = [ "/var/lib/vaultwarden" ];
   };
 
   # Create parent/data directories with proper ownership before startup.
   systemd.tmpfiles.rules = [
-    "d /private/vaultwarden 0750 vaultwarden vaultwarden -"
-    "d /private/vaultwarden/data 0750 vaultwarden vaultwarden -"
+    "d /var/lib/vaultwarden 0750 vaultwarden vaultwarden -"
+    "d /var/lib/vaultwarden/data 0750 vaultwarden vaultwarden -"
   ];
 
   # cloudflared!!