refactor(tmpfiles): migrate 12 services to deferred serviceFilePerms

services/bitwarden.nix

@@ -15,6 +15,10 @@
       service_configs.vaultwarden.path
       config.services.vaultwarden.backupDir
     ])
+    (lib.serviceFilePerms "vaultwarden" [
+      "Z ${service_configs.vaultwarden.path} 0700 vaultwarden vaultwarden"
+      "Z ${config.services.vaultwarden.backupDir} 0700 vaultwarden vaultwarden"
+    ])
   ];
 
   services.vaultwarden = {
@@ -39,11 +43,6 @@
     }
   '';
 
-  systemd.tmpfiles.rules = [
-    "Z ${service_configs.vaultwarden.path} 0700 vaultwarden vaultwarden"
-    "Z ${config.services.vaultwarden.backupDir} 0700 vaultwarden vaultwarden"
-  ];
-
   # Protect Vaultwarden login from brute force attacks
   services.fail2ban.jails.vaultwarden = {
     enabled = true;