thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

style: format tree

Browse Source
This commit is contained in:
nhnn
2025-06-18 19:53:44 +03:00
parent ed990906bd
commit 86233cac27
44 changed files with 2523 additions and 2253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
sp-modules/bitwarden/cleanup-module.nix
View File

@@ -5,13 +5,8 @@ in
# FIXME do we really want to delete passwords on module deactivation!?
{
config = lib.mkIf (!sp.modules.bitwarden.enable) {
system.activationScripts.bitwarden =
lib.trivial.warn
(
"bitwarden service is disabled, ${bitwarden-env} will be removed!"
)
''
rm -f -v ${bitwarden-env}
'';
system.activationScripts.bitwarden = lib.trivial.warn ("bitwarden service is disabled, ${bitwarden-env} will be removed!") ''
rm -f -v ${bitwarden-env}
'';
};
}

3
sp-modules/bitwarden/common.nix
View File

@@ -1,5 +1,4 @@
config:
{
config: {
sp = config.selfprivacy;
bitwarden-env = "/var/lib/bitwarden/.env";
}

65
sp-modules/bitwarden/flake.nix
View File

@@ -1,34 +1,41 @@
{
description = "PoC SP module for Bitwarden password management solution";
outputs = { self }: {
nixosModules.default = _:
{ imports = [ ./module.nix ./cleanup-module.nix ]; };
configPathsNeeded =
builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
meta = { lib, ... }: {
spModuleSchemaVersion = 1;
id = "bitwarden";
name = "Bitwarden";
description = "Bitwarden is a password manager.";
svgIcon = builtins.readFile ./icon.svg;
isMovable = true;
isRequired = false;
backupDescription = "Password database, encryption certificate and attachments.";
systemdServices = [
"vaultwarden.service"
];
user = "vaultwarden";
folders = [
"/var/lib/bitwarden"
"/var/lib/bitwarden_rs"
];
license = [
lib.licenses.agpl3Only
];
homepage = "https://github.com/dani-garcia/vaultwarden";
sourcePage = "https://github.com/dani-garcia/vaultwarden";
supportLevel = "normal";
outputs =
{ self }:
{
nixosModules.default = _: {
imports = [
./module.nix
./cleanup-module.nix
];
};
configPathsNeeded = builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
meta =
{ lib, ... }:
{
spModuleSchemaVersion = 1;
id = "bitwarden";
name = "Bitwarden";
description = "Bitwarden is a password manager.";
svgIcon = builtins.readFile ./icon.svg;
isMovable = true;
isRequired = false;
backupDescription = "Password database, encryption certificate and attachments.";
systemdServices = [
"vaultwarden.service"
];
user = "vaultwarden";
folders = [
"/var/lib/bitwarden"
"/var/lib/bitwarden_rs"
];
license = [
lib.licenses.agpl3Only
];
homepage = "https://github.com/dani-garcia/vaultwarden";
sourcePage = "https://github.com/dani-garcia/vaultwarden";
supportLevel = "normal";
};
};
};
}

130
sp-modules/bitwarden/module.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
secrets-filepath = "/etc/selfprivacy/secrets.json";
backup-dir = "/var/lib/bitwarden/backup";
@@ -7,65 +12,77 @@ let
in
{
options.selfprivacy.modules.bitwarden = {
enable = (lib.mkOption {
default = false;
type = lib.types.bool;
description = "Enable Vaultwarden";
}) // {
meta = {
type = "enable";
enable =
(lib.mkOption {
default = false;
type = lib.types.bool;
description = "Enable Vaultwarden";
})
// {
meta = {
type = "enable";
};
};
};
location = (lib.mkOption {
type = lib.types.str;
description = "Vaultwarden location";
}) // {
meta = {
type = "location";
location =
(lib.mkOption {
type = lib.types.str;
description = "Vaultwarden location";
})
// {
meta = {
type = "location";
};
};
};
subdomain = (lib.mkOption {
default = "password";
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
description = "Subdomain";
}) // {
meta = {
widget = "subdomain";
type = "string";
regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
weight = 0;
subdomain =
(lib.mkOption {
default = "password";
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
description = "Subdomain";
})
// {
meta = {
widget = "subdomain";
type = "string";
regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
weight = 0;
};
};
};
signupsAllowed = (lib.mkOption {
default = true;
type = lib.types.bool;
description = "Allow new user signups";
}) // {
meta = {
type = "bool";
weight = 1;
signupsAllowed =
(lib.mkOption {
default = true;
type = lib.types.bool;
description = "Allow new user signups";
})
// {
meta = {
type = "bool";
weight = 1;
};
};
};
sendsAllowed = (lib.mkOption {
default = true;
type = lib.types.bool;
description = "Allow users to use Bitwarden Send";
}) // {
meta = {
type = "bool";
weight = 2;
sendsAllowed =
(lib.mkOption {
default = true;
type = lib.types.bool;
description = "Allow users to use Bitwarden Send";
})
// {
meta = {
type = "bool";
weight = 2;
};
};
};
emergencyAccessAllowed = (lib.mkOption {
default = true;
type = lib.types.bool;
description = "Allow users to enable Emergency Access";
}) // {
meta = {
type = "bool";
weight = 3;
emergencyAccessAllowed =
(lib.mkOption {
default = true;
type = lib.types.bool;
description = "Allow users to enable Emergency Access";
})
// {
meta = {
type = "bool";
weight = 3;
};
};
};
};
config = lib.mkIf config.selfprivacy.modules.bitwarden.enable {
@@ -118,7 +135,10 @@ in
before = [ "vaultwarden.service" ];
requiredBy = [ "vaultwarden.service" ];
serviceConfig.Type = "oneshot";
path = with pkgs; [ coreutils jq ];
path = with pkgs; [
coreutils
jq
];
script = ''
set -o nounset