pyrox.dev / nixpkgs
lol
fork atom

vaultwarden: Add update script to keep web vault in sync

- Adds an update script to fetch the compatible web vault version
- Removes `vaultwarden-vault` from top-level to prevent independent
updates through e.g. r-ryantm. Istead the vault is now accessible
at `vaultwarden.webvault`.
- The name webvault was chosen because it is the title of the projects
README and it makes it clearer, that this is the web UI.

Martin Weinelt 0497d5b9 78aaaaaa

options
unified split
Changed files
+36 -7
nixos
modules
services
security
vaultwarden
default.nix
pkgs
tools
security
vaultwarden
default.nix
update.nix
webvault.nix
top-level
aliases.nix
all-packages.nix
+2 -2
nixos/modules/services/security/vaultwarden/default.nix 
···

       
162

       
162

       
 

       



     

       
163

       
163

       
 

       
    webVaultPackage = mkOption {


     

       
164

       
164

       
 

       
      type = package;


     

       
165

       

       
-

       
      default = pkgs.vaultwarden-vault;


     

       
166

       

       
-

       
      defaultText = literalExpression "pkgs.vaultwarden-vault";


     

       

       
165

       
+

       
      default = pkgs.vaultwarden.webvault;


     

       

       
166

       
+

       
      defaultText = literalExpression "pkgs.vaultwarden.webvault";


     

       
167

       
167

       
 

       
      description = lib.mdDoc "Web vault package to use.";


     

       
168

       
168

       
 

       
    };


     

       
169

       
169

       
 

       
  };
+10 -2
pkgs/tools/security/vaultwarden/default.nix 
···

       
1

       

       
-

       
{ lib, stdenv, rustPlatform, fetchFromGitHub, fetchurl, nixosTests


     

       

       
1

       
+

       
{ lib, stdenv, callPackage, rustPlatform, fetchFromGitHub, fetchurl, nixosTests


     

       
2

       
2

       
 

       
, pkg-config, openssl


     

       
3

       
3

       
 

       
, libiconv, Security, CoreServices


     

       
4

       
4

       
 

       
, dbBackend ? "sqlite", libmysqlclient, postgresql }:


     

       

       
5

       
+

       



     

       

       
6

       
+

       
let


     

       

       
7

       
+

       
  webvault = callPackage ./webvault.nix {};


     

       

       
8

       
+

       
in


     

       
5

       
9

       
 

       



     

       
6

       
10

       
 

       
rustPlatform.buildRustPackage rec {


     

       
7

       
11

       
 

       
  pname = "vaultwarden";


     
···

       
34

       
38

       
 

       



     

       
35

       
39

       
 

       
  buildFeatures = dbBackend;


     

       
36

       
40

       
 

       



     

       
37

       

       
-

       
  passthru.tests = nixosTests.vaultwarden;


     

       

       
41

       
+

       
  passthru = {


     

       

       
42

       
+

       
    inherit webvault;


     

       

       
43

       
+

       
    tests = nixosTests.vaultwarden;


     

       

       
44

       
+

       
    updateScript = callPackage ./update.nix {};


     

       

       
45

       
+

       
  };


     

       
38

       
46

       
 

       



     

       
39

       
47

       
 

       
  meta = with lib; {


     

       
40

       
48

       
 

       
    description = "Unofficial Bitwarden compatible server written in Rust";
+22
pkgs/tools/security/vaultwarden/update.nix 
···

       

       
1

       
+

       
{ writeShellScript


     

       

       
2

       
+

       
, lib


     

       

       
3

       
+

       
, nix-update


     

       

       
4

       
+

       
, curl


     

       

       
5

       
+

       
, git


     

       

       
6

       
+

       
, gnugrep


     

       

       
7

       
+

       
, gnused


     

       

       
8

       
+

       
, jq


     

       

       
9

       
+

       
}:


     

       

       
10

       
+

       



     

       

       
11

       
+

       
writeShellScript "update-vaultwarden" ''


     

       

       
12

       
+

       
  PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix-update ]}


     

       

       
13

       
+

       



     

       

       
14

       
+

       
  set -euxo pipefail


     

       

       
15

       
+

       



     

       

       
16

       
+

       
  VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name')


     

       

       
17

       
+

       
  nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"


     

       

       
18

       
+

       



     

       

       
19

       
+

       
  URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2"


     

       

       
20

       
+

       
  WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"([^\"]+)\".*/\\1/")


     

       

       
21

       
+

       
  nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"


     

       

       
22

       
+

       
''
+1 -1
pkgs/tools/security/vaultwarden/vault.nix pkgs/tools/security/vaultwarden/webvault.nix 
···

       
1

       
1

       
 

       
{ lib, stdenv, fetchurl, nixosTests }:


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
stdenv.mkDerivation rec {


     

       
4

       

       
-

       
  pname = "vaultwarden-vault";


     

       

       
4

       
+

       
  pname = "vaultwarden-webvault";


     

       
5

       
5

       
 

       
  version = "2022.11.1";


     

       
6

       
6

       
 

       



     

       
7

       
7

       
 

       
  src = fetchurl {
+1
pkgs/top-level/aliases.nix 
···

       
1558

       
1558

       
 

       
  varnish63 = throw "varnish63 was removed from nixpkgs, because it is unmaintained upstream. Please switch to a different release"; # Added 2021-07-26


     

       
1559

       
1559

       
 

       
  varnish65 = throw "varnish65 was removed from nixpkgs, because it is unmaintained upstream. Please switch to a different release"; # Added 2021-09-15


     

       
1560

       
1560

       
 

       
  varnish70 = throw "varnish70 was removed from nixpkgs, because it was superseded upstream. Please switch to a different release"; # Added 2022-03-17


     

       

       
1561

       
+

       
  vaultwarden-vault = vaultwarden.webvault; # Added 2022-12-13


     

       
1561

       
1562

       
 

       
  varnish71 = throw "varnish71 was removed from nixpkgs, because it was superseded upstream. Please switch to a different release"; # Added 2022-11-08


     

       
1562

       
1563

       
 

       
  vdirsyncerStable  = vdirsyncer; # Added 2020-11-08, see https://github.com/NixOS/nixpkgs/issues/103026#issuecomment-723428168


     

       
1563

       
1564

       
 

       
  venus = throw "venus has been removed from nixpkgs, as it's unmaintained"; # Added 2021-02-05
-2
pkgs/top-level/all-packages.nix 
···

       
37528

       
37528

       
 

       
  vaultwarden-mysql = vaultwarden.override { dbBackend = "mysql"; };


     

       
37529

       
37529

       
 

       
  vaultwarden-postgresql = vaultwarden.override { dbBackend = "postgresql"; };


     

       
37530

       
37530

       
 

       



     

       
37531

       

       
-

       
  vaultwarden-vault = callPackage ../tools/security/vaultwarden/vault.nix { };


     

       
37532

       

       
-

       



     

       
37533

       
37531

       
 

       
  vazir-fonts = callPackage ../data/fonts/vazir-fonts { };


     

       
37534

       
37532

       
 

       



     

       
37535

       
37533

       
 

       
  vhs = callPackage ../applications/misc/vhs { };