update vaultwarden config

2023-04-25 17:20:58 +03:00 · 2023-04-25 17:20:58 +03:00 · 26219a7381
commit 26219a7381
parent 42ebbbba6c
3 changed files with 12 additions and 9 deletions
--- a/flake.nix
+++ b/flake.nix
@ -107,6 +107,7 @@
      "bitwarden-pr224092.patch"
      "ivpn.patch"
      "ivpn-ui.patch"
+      "vaultwarden.patch"
    ];
    channelsConfig = { allowUnfree = true; };
    channels.unstable.input = nixpkgs;
--- a/patches/vaultwarden.patch
+++ b/patches/vaultwarden.patch
@ -7,15 +7,15 @@ index aaa3f5507f7..d6a72f74370 100644
         ${nameToEnvVar name} = if isBool value then boolToString value else toString value;
       }) cfg.config;
 -    in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
-+    in { DATA_FOLDER = cfg.stateDir; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
+    in { DATA_FOLDER = cfg.dataDir; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
       WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
     } // configEnv;
- 
+
@@ -57,6 +57,16 @@ in {
       '';
     };
- 
-+    stateDir = mkOption {
+
+    dataDir = mkOption {
 +      type = str;
 +      default = "/var/lib/bitwarden_rs";
 +      description = ''
@ -48,7 +48,7 @@ index aaa3f5507f7..d6a72f74370 100644
 -        Restart = "always";
 -      };
 +      serviceConfig = mkMerge [
-+        (mkIf (cfg.stateDir == "/var/lib/bitwarden_rs") {
+        (mkIf (cfg.dataDir == "/var/lib/bitwarden_rs") {
 +          StateDirectory = "bitwarden_rs";
 +          StateDirectoryMode = "0700";
 +        })
@ -68,13 +68,13 @@ index aaa3f5507f7..d6a72f74370 100644
 +      ];
       wantedBy = [ "multi-user.target" ];
     };
- 
+
@@ -206,7 +220,7 @@ in {
       aliases = [ "backup-bitwarden_rs.service" ];
       description = "Backup vaultwarden";
       environment = {
 -        DATA_FOLDER = "/var/lib/bitwarden_rs";
-+        DATA_FOLDER = cfg.stateDir;
+        DATA_FOLDER = cfg.dataDir;
         BACKUP_FOLDER = cfg.backupDir;
       };
       path = with pkgs; [ sqlite ];
--- a/profiles/servers/vaultwarden.nix
+++ b/profiles/servers/vaultwarden.nix
@ -12,7 +12,8 @@ in {
      domain = "https://vw.ataraxiadev.com";
      extendedLogging = true;
      invitationsAllowed = false;
-      logFile = "/var/log/vaultwarden.log";
+      useSyslog = true;
+      # logFile = "/var/log/vaultwarden.log";
      logLevel = "warn";
      rocketAddress = "127.0.0.1";
      rocketPort = 8812;
@ -31,6 +32,7 @@ in {
      websocketPort = 3012;
      webVaultEnabled = true;
      # rocketWorkers = 10;
+      dataDir = "/var/lib/bitwarden_rs";
    };
    environmentFile = config.secrets.vaultwarden.decrypted;
  };
@ -42,7 +44,7 @@ in {
  };

  persist.state.directories = [
-    "/var/lib/bitwarden_rs"
+    config.services.vaultwarden.dataDir
  ] ++ lib.optionals (config.deviceSpecific.devInfo.fileSystem != "zfs") [
    config.services.vaultwarden.backupDir
  ];