diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-12-13 18:17:04 +0100 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-12-14 15:00:20 +0100 |
commit | 0497d5b99f7d6b7282ab77c30f1f791a47b41566 (patch) | |
tree | edbf7b415e079c8628fc054e87d858024cf4b526 /pkgs/tools/security/vaultwarden | |
parent | 78aaaaaadb44b1169f59f5103c12f46525ed9553 (diff) |
vaultwarden: Add update script to keep web vault in sync
- Adds an update script to fetch the compatible web vault version - Removes `vaultwarden-vault` from top-level to prevent independent updates through e.g. r-ryantm. Istead the vault is now accessible at `vaultwarden.webvault`. - The name webvault was chosen because it is the title of the projects README and it makes it clearer, that this is the web UI.
Diffstat (limited to 'pkgs/tools/security/vaultwarden')
-rw-r--r-- | pkgs/tools/security/vaultwarden/default.nix | 12 | ||||
-rw-r--r-- | pkgs/tools/security/vaultwarden/update.nix | 22 | ||||
-rw-r--r-- | pkgs/tools/security/vaultwarden/webvault.nix (renamed from pkgs/tools/security/vaultwarden/vault.nix) | 2 |
3 files changed, 33 insertions, 3 deletions
diff --git a/pkgs/tools/security/vaultwarden/default.nix b/pkgs/tools/security/vaultwarden/default.nix index d4d5626d32e07..c3240a32e53cf 100644 --- a/pkgs/tools/security/vaultwarden/default.nix +++ b/pkgs/tools/security/vaultwarden/default.nix @@ -1,8 +1,12 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, fetchurl, nixosTests +{ lib, stdenv, callPackage, rustPlatform, fetchFromGitHub, fetchurl, nixosTests , pkg-config, openssl , libiconv, Security, CoreServices , dbBackend ? "sqlite", libmysqlclient, postgresql }: +let + webvault = callPackage ./webvault.nix {}; +in + rustPlatform.buildRustPackage rec { pname = "vaultwarden"; version = "1.26.0"; @@ -34,7 +38,11 @@ rustPlatform.buildRustPackage rec { buildFeatures = dbBackend; - passthru.tests = nixosTests.vaultwarden; + passthru = { + inherit webvault; + tests = nixosTests.vaultwarden; + updateScript = callPackage ./update.nix {}; + }; meta = with lib; { description = "Unofficial Bitwarden compatible server written in Rust"; diff --git a/pkgs/tools/security/vaultwarden/update.nix b/pkgs/tools/security/vaultwarden/update.nix new file mode 100644 index 0000000000000..0fc4b45a1296c --- /dev/null +++ b/pkgs/tools/security/vaultwarden/update.nix @@ -0,0 +1,22 @@ +{ writeShellScript +, lib +, nix-update +, curl +, git +, gnugrep +, gnused +, jq +}: + +writeShellScript "update-vaultwarden" '' + PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix-update ]} + + set -euxo pipefail + + VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name') + nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION" + + URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2" + WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"([^\"]+)\".*/\\1/") + nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION" +'' diff --git a/pkgs/tools/security/vaultwarden/vault.nix b/pkgs/tools/security/vaultwarden/webvault.nix index 0a80c10795326..f52a93ac04618 100644 --- a/pkgs/tools/security/vaultwarden/vault.nix +++ b/pkgs/tools/security/vaultwarden/webvault.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchurl, nixosTests }: stdenv.mkDerivation rec { - pname = "vaultwarden-vault"; + pname = "vaultwarden-webvault"; version = "2022.11.1"; src = fetchurl { |