diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2024-01-28 19:18:10 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-28 19:18:10 +0100 |
commit | 263af5888447c7b402a29a315fbf93ec2fed4527 (patch) | |
tree | a6f72cc9e059cad10862a0b8e3733b7f77e71a21 /nixos | |
parent | 1bd6b2bb990cf8b43d559b81a8f8d94b1edd38ff (diff) | |
parent | fe59b6d24ba18fe0b364c55e9e86204c9cc2488f (diff) |
Merge pull request #284488 from Silver-Golden/master
Bitwarden directory connector: fix bad preStart
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/security/bitwarden-directory-connector-cli.nix | 64 |
1 files changed, 32 insertions, 32 deletions
diff --git a/nixos/modules/services/security/bitwarden-directory-connector-cli.nix b/nixos/modules/services/security/bitwarden-directory-connector-cli.nix index 18c02e22fd7e6..a55758322a75a 100644 --- a/nixos/modules/services/security/bitwarden-directory-connector-cli.nix +++ b/nixos/modules/services/security/bitwarden-directory-connector-cli.nix @@ -277,42 +277,42 @@ in { BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS = "true"; }; + preStart = '' + set -eo pipefail + + # create the config file + ${lib.getExe cfg.package} data-file + touch /tmp/data.json.tmp + chmod 600 /tmp/data.json{,.tmp} + + ${lib.getExe cfg.package} config server ${cfg.domain} + + # now login to set credentials + export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})" + export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})" + ${lib.getExe cfg.package} login + + jq '.authenticatedAccounts[0] as $account + | .[$account].directoryConfigurations.ldap |= $ldap_data + | .[$account].directorySettings.organizationId |= $orgID + | .[$account].directorySettings.sync |= $sync_data' \ + --argjson ldap_data ${escapeShellArg cfg.ldap.finalJSON} \ + --arg orgID "''${BW_CLIENTID//organization.}" \ + --argjson sync_data ${escapeShellArg cfg.sync.finalJSON} \ + /tmp/data.json \ + > /tmp/data.json.tmp + + mv -f /tmp/data.json.tmp /tmp/data.json + + # final config + ${lib.getExe cfg.package} config directory 0 + ${lib.getExe cfg.package} config ldap.password --secretfile ${cfg.secrets.ldap} + ''; + serviceConfig = { Type = "oneshot"; User = "${cfg.user}"; PrivateTmp = true; - preStart = '' - set -eo pipefail - - # create the config file - ${lib.getExe cfg.package} data-file - touch /tmp/data.json.tmp - chmod 600 /tmp/data.json{,.tmp} - - ${lib.getExe cfg.package} config server ${cfg.domain} - - # now login to set credentials - export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})" - export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})" - ${lib.getExe cfg.package} login - - jq '.authenticatedAccounts[0] as $account - | .[$account].directoryConfigurations.ldap |= $ldap_data - | .[$account].directorySettings.organizationId |= $orgID - | .[$account].directorySettings.sync |= $sync_data' \ - --argjson ldap_data ${escapeShellArg cfg.ldap.finalJSON} \ - --arg orgID "''${BW_CLIENTID//organization.}" \ - --argjson sync_data ${escapeShellArg cfg.sync.finalJSON} \ - /tmp/data.json \ - > /tmp/data.json.tmp - - mv -f /tmp/data.json.tmp /tmp/data.json - - # final config - ${lib.getExe cfg.package} config directory 0 - ${lib.getExe cfg.package} config ldap.password --secretfile ${cfg.secrets.ldap} - ''; - ExecStart = "${lib.getExe cfg.package} sync"; }; }; |