Setup vaultwarden smtp

linux/singularity/mailserver.nix

@@ -1,6 +1,7 @@
 {config, ...}:
 with config.constants; let
-  mailSecret = "mail/${userName}/password";
+  userSecret = "mail/${userName}/password";
+  vaultwardenSecret = "mail/vaultwarden/password";
 in {
   mailserver = {
     enable = true;
@@ -10,11 +11,15 @@ in {
     loginAccounts = {
       "${userName}@${domain}" = {
         aliases = [postMaster];
-        hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
+        hashedPasswordFile = config.sops.secrets.${userSecret}.path;
       };
+      ${config.services.vaultwarden.config.SMTP_FROM}.hashedPasswordFile = config.sops.secrets.${vaultwardenSecret}.path;
     };
 
     certificateScheme = "acme";
   };
-  sops.secrets.${mailSecret} = {};
+  sops.secrets = {
+    ${userSecret} = {};
+    ${vaultwardenSecret} = {};
+  };
 }

linux/singularity/vaultwarden.nix

@@ -4,11 +4,19 @@ in {
   services.vaultwarden = {
     enable = true;
     config = with config.constants; {
-      # Disable signup
-      SIGNUPS_ALLOWED = false;
+      DOMAIN = "https://vault.${domain}";
       # Specify service port
       ROCKET_ADDRESS = localhost;
       ROCKET_PORT = port.vault;
+      # Disable signup
+      SIGNUPS_ALLOWED = false;
+      # SMTP config
+      SMTP_FROM = "vaultwarden@${domain}";
+      SMTP_FROM_NAME = "vaultwarden";
+      SMTP_HOST = "mail.${domain}";
+      SMTP_USERNAME = "vaultwarden@${domain}";
+      SMTP_PORT = 587;
+      SMTP_SECURITY = "starttls";
     };
     environmentFile = config.sops.secrets.${vaultEnvironment}.path;
   };