From 2c7abf829aa2ee2c8fd91d8a6d3fd25c559d3c1e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Aug 2021 00:59:28 +0200 Subject: [PATCH] services: adapt bitwarden to vaultwarden rename --- hosts/poseidon/default.nix | 2 +- services/default.nix | 2 +- .../{bitwarden_rs.nix => vaultwarden.nix} | 40 ++++++++----------- 3 files changed, 18 insertions(+), 26 deletions(-) rename services/{bitwarden_rs.nix => vaultwarden.nix} (71%) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 46840ba..3b90696 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -60,7 +60,7 @@ in # List services that you want to enable: my.services = { - bitwarden_rs = { + vaultwarden = { enable = true; privatePort = 8081; websocketPort = 3012; diff --git a/services/default.nix b/services/default.nix index 4291e78..5f894c4 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,7 +2,7 @@ { imports = [ - ./bitwarden_rs.nix + ./vaultwarden.nix ./borg-backup.nix ./fail2ban.nix ./fava.nix diff --git a/services/bitwarden_rs.nix b/services/vaultwarden.nix similarity index 71% rename from services/bitwarden_rs.nix rename to services/vaultwarden.nix index e57ee2c..751f51d 100644 --- a/services/bitwarden_rs.nix +++ b/services/vaultwarden.nix @@ -3,13 +3,13 @@ with lib; let - cfg = config.my.services.bitwarden_rs; + cfg = config.my.services.vaultwarden; my = config.my; domain = config.networking.domain; in { - options.my.services.bitwarden_rs = { - enable = mkEnableOption "Bitwarden"; + options.my.services.vaultwarden = { + enable = mkEnableOption "Vaultwarden"; privatePort = mkOption { type = types.port; @@ -29,18 +29,13 @@ in { config = mkIf cfg.enable { services.postgresql = { enable = true; - - initialScript = pkgs.writeText "bitwarden_rs-init.sql" '' - CREATE ROLE "bitwarden_rs" WITH LOGIN; - CREATE DATABASE "bitwarden_rs" WITH OWNER "bitwarden_rs"; - ''; }; services.postgresqlBackup = { - databases = [ "bitwarden_rs" ]; + databases = [ "vaultwarden" ]; }; - services.bitwarden_rs = { + services.vaultwarden = { enable = true; dbBackend = "postgresql"; config = { @@ -54,7 +49,8 @@ in { SIGNUPS_ALLOWED = false; INVITATIONS_ALLOWED = false; DOMAIN = "https://pass.${domain}"; - DATABASE_URL = "postgresql://bitwarden_rs@/bitwarden_rs"; + # FIXME: should be renamed to vaultwarden eventually + DATABASE_URL = "postgresql://vaultwarden@/vaultwarden"; }; }; @@ -80,46 +76,42 @@ in { }; }; - # needed for bitwarden to find files to serve for the vault - environment.systemPackages = with pkgs; [ - bitwarden_rs-vault - ]; - + # FIXME: should be renamed to vaultwarden eventually my.services.restic-backup = mkIf cfg.enable { paths = [ "/var/lib/bitwarden_rs" ]; exclude = [ "/var/lib/bitwarden_rs/icon_cache" ]; }; services.fail2ban.jails = { - bitwarden_rs = '' + vaultwarden = '' enabled = true - filter = bitwarden_rs + filter = vaultwarden port = http,https maxretry = 5 ''; # Admin page isn't enabled by default, but just in case... - bitwarden_rs-admin = '' + vaultwarden-admin = '' enabled = true - filter = bitwarden_rs-admin + filter = vaultwarden-admin port = http,https maxretry = 2 ''; }; environment.etc = { - "fail2ban/filter.d/bitwarden_rs.conf".text = '' + "fail2ban/filter.d/vaultwarden.conf".text = '' [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$ ignoreregex = - journalmatch = _SYSTEMD_UNIT=bitwarden_rs.service + journalmatch = _SYSTEMD_UNIT=vaultwarden.service ''; - "fail2ban/filter.d/bitwarden_rs-admin.conf".text = '' + "fail2ban/filter.d/vaultwarden-admin.conf".text = '' [Definition] failregex = ^.*Invalid admin token\. IP: .*$ ignoreregex = - journalmatch = _SYSTEMD_UNIT=bitwarden_rs.service + journalmatch = _SYSTEMD_UNIT=vaultwarden.service ''; }; };