Use vault admin token

linux/singularity/vaultwarden.nix

@@ -1,4 +1,6 @@
-{config, ...}: {
+{config, ...}: let
+  vaultEnvironment = "vaultwarden/environment";
+in {
   services.vaultwarden = {
     enable = true;
     config = with config.constants; {
@@ -8,5 +10,7 @@
       ROCKET_ADDRESS = localhost;
       ROCKET_PORT = port.vault;
     };
+    environmentFile = config.sops.secrets.${vaultEnvironment}.path;
   };
+  sops.secrets.${vaultEnvironment} = {};
 }