nixos/vaultwarden: backup all rsa_keys

The official documentation mentions rsa_key* as what should be backed up (https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#the-rsa_key-files). My particular install has rsa_key.pem and rsa_key.pub.pem so the existing command fails when trying to copy rsa_key.der. This change better aligns with the official documentation.

1 files changed, 11 insertions, 7 deletions

diff --git a/nixos/modules/services/security/vaultwarden/backup.sh b/nixos/modules/services/security/vaultwarden/backup.sh
index 7668da5bc88f3..0c1cd3aa544f6 100644
--- a/nixos/modules/services/security/vaultwarden/backup.sh
+++ b/nixos/modules/services/security/vaultwarden/backup.sh
@@ -1,17 +1,21 @@
 #!/usr/bin/env bash
 
+# Allow use of !() when copying to not copy certain files
+shopt -s extglob
+
 # Based on: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
 if [ ! -d "$BACKUP_FOLDER" ]; then
   echo "Backup folder '$BACKUP_FOLDER' does not exist" >&2
   exit 1
 fi
 
-if [[ ! -f "$DATA_FOLDER"/db.sqlite3 ]]; then
-  echo "Could not find SQLite database file '$DATA_FOLDER/db.sqlite3'" >&2
-  exit 1
+if [[ -f "$DATA_FOLDER"/db.sqlite3 ]]; then
+  sqlite3 "$DATA_FOLDER"/db.sqlite3 ".backup '$BACKUP_FOLDER/db.sqlite3'"
+fi
+
+if [ ! -d "$DATA_FOLDER" ]; then
+  echo "No data folder (yet). This will happen on first launch if backup is triggered before vaultwarden has started."
+  exit 0
 fi
 
-sqlite3 "$DATA_FOLDER"/db.sqlite3 ".backup '$BACKUP_FOLDER/db.sqlite3'"
-cp "$DATA_FOLDER"/rsa_key.{der,pem,pub.der} "$BACKUP_FOLDER"
-cp -r "$DATA_FOLDER"/attachments "$BACKUP_FOLDER"
-cp -r "$DATA_FOLDER"/icon_cache "$BACKUP_FOLDER"
+cp -r "$DATA_FOLDER"/!(db.*) "$BACKUP_FOLDER"/