pyrox.dev / nixpkgs
lol
fork atom

nixos/vaultwarden: drop outdated ownership requirements for environmentFile (#304825)

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>

networkException 3dd970f9 db9627d9

options
unified split
Changed files
+4 -12
nixos
modules
services
security
vaultwarden
default.nix
+4 -12
nixos/modules/services/security/vaultwarden/default.nix 
···

       
131

       
131

       
 

       
        Additional environment file as defined in {manpage}`systemd.exec(5)`.


     

       
132

       
132

       
 

       



     

       
133

       
133

       
 

       
        Secrets like {env}`ADMIN_TOKEN` and {env}`SMTP_PASSWORD`


     

       
134

       

       
-

       
        may be passed to the service without adding them to the world-readable Nix store.


     

       

       
134

       
+

       
        should be passed to the service without adding them to the world-readable Nix store.


     

       
135

       
135

       
 

       



     

       
136

       

       
-

       
        Note that this file needs to be available on the host on which


     

       
137

       

       
-

       
        `vaultwarden` is running.


     

       

       
136

       
+

       
        Note that this file needs to be available on the host on which `vaultwarden` is running.


     

       
138

       
137

       
 

       



     

       
139

       

       
-

       
        As a concrete example, to make the Admin UI available


     

       
140

       

       
-

       
        (from which new users can be invited initially),


     

       

       
138

       
+

       
        As a concrete example, to make the Admin UI available (from which new users can be invited initially),


     

       
141

       
139

       
 

       
        the secret {env}`ADMIN_TOKEN` needs to be defined as described


     

       
142

       

       
-

       
        [here](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page).


     

       
143

       

       
-

       
        Setting `environmentFile` to `/var/lib/vaultwarden.env`


     

       
144

       

       
-

       
        and ensuring permissions with e.g.


     

       
145

       

       
-

       
        `chown vaultwarden:vaultwarden /var/lib/vaultwarden.env`


     

       
146

       

       
-

       
        (the `vaultwarden` user will only exist after activating with


     

       
147

       

       
-

       
        `enable = true;` before this), we can set the contents of the file to have


     

       
148

       

       
-

       
        contents such as:


     

       

       
140

       
+

       
        [here](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page):


     

       
149

       
141

       
 

       



     

       
150

       
142

       
 

       
        ```


     

       
151

       
143

       
 

       
        # Admin secret token, see