BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #126187 from K900/vaultwarden

Browse source 
vaultwarden: update to 1.21.0, rename from bitwarden_rs
This commit is contained in:
Jörg Thalheim 2021-07-03 11:15:22 +01:00 committed by GitHub
commit a47ace80e5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 212 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
View file

@ -339,6 +339,116 @@
release instead of the old 2.31.0 version.
</para>
</listitem>
<listitem>
<para>
The <literal>bitwarden_rs</literal> packages and modules were
renamed to <literal>vaultwarden</literal>
<link xlink:href="https://github.com/dani-garcia/vaultwarden/discussions/1642">following
upstream</link>. More specifically,
</para>
<itemizedlist>
<listitem>
<para>
<literal>pkgs.bitwarden_rs</literal>,
<literal>pkgs.bitwarden_rs-sqlite</literal>,
<literal>pkgs.bitwarden_rs-mysql</literal> and
<literal>pkgs.bitwarden_rs-postgresql</literal> were
renamed to <literal>pkgs.vaultwarden</literal>,
<literal>pkgs.vaultwarden-sqlite</literal>,
<literal>pkgs.vaultwarden-mysql</literal> and
<literal>pkgs.vaultwarden-postgresql</literal>,
respectively.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Old names are preserved as aliases for backwards
compatibility, but may be removed in the future.
</para>
</listitem>
<listitem>
<para>
The <literal>bitwarden_rs</literal> executable was
also renamed to <literal>vaultwarden</literal> in all
packages.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>pkgs.bitwarden_rs-vault</literal> was renamed to
<literal>pkgs.vaultwarden-vault</literal>.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>pkgs.bitwarden_rs-vault</literal> is
preserved as an alias for backwards compatibility, but
may be removed in the future.
</para>
</listitem>
<listitem>
<para>
The static files were moved from
<literal>/usr/share/bitwarden_rs</literal> to
<literal>/usr/share/vaultwarden</literal>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <literal>services.bitwarden_rs</literal> config module
was renamed to <literal>services.vaultwarden</literal>.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>services.bitwarden_rs</literal> is preserved
as an alias for backwards compatibility, but may be
removed in the future.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>systemd.services.bitwarden_rs</literal>,
<literal>systemd.services.backup-bitwarden_rs</literal>
and <literal>systemd.timers.backup-bitwarden_rs</literal>
were renamed to
<literal>systemd.services.vaultwarden</literal>,
<literal>systemd.services.backup-vaultwarden</literal> and
<literal>systemd.timers.backup-vaultwarden</literal>,
respectively.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Old names are preserved as aliases for backwards
compatibility, but may be removed in the future.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>users.users.bitwarden_rs</literal> and
<literal>users.groups.bitwarden_rs</literal> were renamed
to <literal>users.users.vaultwarden</literal> and
<literal>users.groups.vaultwarden</literal>, respectively.
</para>
</listitem>
<listitem>
<para>
The data directory remains located at
<literal>/var/lib/bitwarden_rs</literal>, for backwards
compatibility.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-notable-changes">

26
nixos/doc/manual/release-notes/rl-2111.section.md
View file

@ -85,6 +85,32 @@ In addition to numerous new and upgraded packages, this release has the followin
* The `libwnck` package now defaults to the 3.x release instead of the
old 2.31.0 version.
* The `bitwarden_rs` packages and modules were renamed to `vaultwarden`
[following upstream](https://github.com/dani-garcia/vaultwarden/discussions/1642). More specifically,
* `pkgs.bitwarden_rs`, `pkgs.bitwarden_rs-sqlite`, `pkgs.bitwarden_rs-mysql` and
`pkgs.bitwarden_rs-postgresql` were renamed to `pkgs.vaultwarden`, `pkgs.vaultwarden-sqlite`,
`pkgs.vaultwarden-mysql` and `pkgs.vaultwarden-postgresql`, respectively.
* Old names are preserved as aliases for backwards compatibility, but may be removed in the future.
* The `bitwarden_rs` executable was also renamed to `vaultwarden` in all packages.
* `pkgs.bitwarden_rs-vault` was renamed to `pkgs.vaultwarden-vault`.
* `pkgs.bitwarden_rs-vault` is preserved as an alias for backwards compatibility, but may be removed in the future.
* The static files were moved from `/usr/share/bitwarden_rs` to `/usr/share/vaultwarden`.
* The `services.bitwarden_rs` config module was renamed to `services.vaultwarden`.
* `services.bitwarden_rs` is preserved as an alias for backwards compatibility, but may be removed in the future.
* `systemd.services.bitwarden_rs`, `systemd.services.backup-bitwarden_rs` and `systemd.timers.backup-bitwarden_rs`
were renamed to `systemd.services.vaultwarden`, `systemd.services.backup-vaultwarden` and
`systemd.timers.backup-vaultwarden`, respectively.
* Old names are preserved as aliases for backwards compatibility, but may be removed in the future.
* `users.users.bitwarden_rs` and `users.groups.bitwarden_rs` were renamed to `users.users.vaultwarden` and
`users.groups.vaultwarden`, respectively.
* The data directory remains located at `/var/lib/bitwarden_rs`, for backwards compatibility.
## Other Notable Changes {#sec-release-21.11-notable-changes}
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.

2
nixos/modules/module-list.nix
View file

@ -874,7 +874,6 @@
./services/search/hound.nix
./services/search/kibana.nix
./services/search/solr.nix
./services/security/bitwarden_rs/default.nix
./services/security/certmgr.nix
./services/security/cfssl.nix
./services/security/clamav.nix
@ -900,6 +899,7 @@
./services/security/torsocks.nix
./services/security/usbguard.nix
./services/security/vault.nix
./services/security/vaultwarden/default.nix
./services/security/yubikey-agent.nix
./services/system/cloud-init.nix
./services/system/dbus.nix

2
nixos/modules/services/security/bitwarden_rs/backup.sh → nixos/modules/services/security/vaultwarden/backup.sh
View file

@ -1,6 +1,6 @@
#!/usr/bin/env bash
# Based on: https://github.com/dani-garcia/bitwarden_rs/wiki/Backing-up-your-vault
# Based on: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
if ! mkdir -p "$BACKUP_FOLDER"; then
echo "Could not create backup folder '$BACKUP_FOLDER'" >&2
exit 1

57
nixos/modules/services/security/bitwarden_rs/default.nix → nixos/modules/services/security/vaultwarden/default.nix
View file

@ -3,9 +3,9 @@
with lib;
let
cfg = config.services.bitwarden_rs;
user = config.users.users.bitwarden_rs.name;
group = config.users.groups.bitwarden_rs.name;
cfg = config.services.vaultwarden;
user = config.users.users.vaultwarden.name;
group = config.users.groups.vaultwarden.name;
# Convert name from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
nameToEnvVar = name:
@ -26,22 +26,26 @@ let
if value != null then [ (nameValuePair (nameToEnvVar name) (if isBool value then boolToString value else toString value)) ] else []
) cfg.config));
in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
WEB_VAULT_FOLDER = "${pkgs.bitwarden_rs-vault}/share/bitwarden_rs/vault";
WEB_VAULT_FOLDER = "${pkgs.vaultwarden-vault}/share/vaultwarden/vault";
} // configEnv;
configFile = pkgs.writeText "bitwarden_rs.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
bitwarden_rs = pkgs.bitwarden_rs.override { inherit (cfg) dbBackend; };
vaultwarden = pkgs.vaultwarden.override { inherit (cfg) dbBackend; };
in {
options.services.bitwarden_rs = with types; {
enable = mkEnableOption "bitwarden_rs";
imports = [
(mkRenamedOptionModule [ "services" "bitwarden_rs" ] [ "services" "vaultwarden" ])
];
options.services.vaultwarden = with types; {
enable = mkEnableOption "vaultwarden";
dbBackend = mkOption {
type = enum [ "sqlite" "mysql" "postgresql" ];
default = "sqlite";
description = ''
Which database backend bitwarden_rs will be using.
Which database backend vaultwarden will be using.
'';
};
@ -49,7 +53,7 @@ in {
type = nullOr str;
default = null;
description = ''
The directory under which bitwarden_rs will backup its persistent data.
The directory under which vaultwarden will backup its persistent data.
'';
};
@ -65,7 +69,7 @@ in {
}
'';
description = ''
The configuration of bitwarden_rs is done through environment variables,
The configuration of vaultwarden is done through environment variables,
therefore the names are converted from camel case (e.g. disable2FARemember)
to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
In this conversion digits (0-9) are handled just like upper case characters,
@ -75,17 +79,17 @@ in {
This allows working around any potential future conflicting naming conventions.
Based on the attributes passed to this config option an environment file will be generated
that is passed to bitwarden_rs's systemd service.
that is passed to vaultwarden's systemd service.
The available configuration options can be found in
<link xlink:href="https://github.com/dani-garcia/bitwarden_rs/blob/${bitwarden_rs.version}/.env.template">the environment template file</link>.
<link xlink:href="https://github.com/dani-garcia/vaultwarden/blob/${vaultwarden.version}/.env.template">the environment template file</link>.
'';
};
environmentFile = mkOption {
type = with types; nullOr path;
default = null;
example = "/root/bitwarden_rs.env";
example = "/root/vaultwarden.env";
description = ''
Additional environment file as defined in <citerefentry>
<refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
@ -95,7 +99,7 @@ in {
may be passed to the service without adding them to the world-readable Nix store.
Note that this file needs to be available on the host on which
<literal>bitwarden_rs</literal> is running.
<literal>vaultwarden</literal> is running.
'';
};
};
@ -106,20 +110,21 @@ in {
message = "Backups for database backends other than sqlite will need customization";
} ];
users.users.bitwarden_rs = {
users.users.vaultwarden = {
inherit group;
isSystemUser = true;
};
users.groups.bitwarden_rs = { };
users.groups.vaultwarden = { };
systemd.services.bitwarden_rs = {
systemd.services.vaultwarden = {
aliases = [ "bitwarden_rs" ];
after = [ "network.target" ];
path = with pkgs; [ openssl ];
serviceConfig = {
User = user;
Group = group;
EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
ExecStart = "${bitwarden_rs}/bin/bitwarden_rs";
ExecStart = "${vaultwarden}/bin/vaultwarden";
LimitNOFILE = "1048576";
PrivateTmp = "true";
PrivateDevices = "true";
@ -131,15 +136,16 @@ in {
wantedBy = [ "multi-user.target" ];
};
systemd.services.backup-bitwarden_rs = mkIf (cfg.backupDir != null) {
description = "Backup bitwarden_rs";
systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) {
aliases = [ "backup-bitwarden_rs" ];
description = "Backup vaultwarden";
environment = {
DATA_FOLDER = "/var/lib/bitwarden_rs";
BACKUP_FOLDER = cfg.backupDir;
};
path = with pkgs; [ sqlite ];
serviceConfig = {
SyslogIdentifier = "backup-bitwarden_rs";
SyslogIdentifier = "backup-vaultwarden";
Type = "oneshot";
User = mkDefault user;
Group = mkDefault group;
@ -148,12 +154,13 @@ in {
wantedBy = [ "multi-user.target" ];
};
systemd.timers.backup-bitwarden_rs = mkIf (cfg.backupDir != null) {
description = "Backup bitwarden_rs on time";
systemd.timers.backup-vaultwarden = mkIf (cfg.backupDir != null) {
aliases = [ "backup-bitwarden_rs" ];
description = "Backup vaultwarden on time";
timerConfig = {
OnCalendar = mkDefault "23:00";
Persistent = "true";
Unit = "backup-bitwarden_rs.service";
Unit = "backup-vaultwarden.service";
};
wantedBy = [ "multi-user.target" ];
};

2
nixos/tests/all-tests.nix
View file

@ -42,7 +42,6 @@ in
bind = handleTest ./bind.nix {};
bitcoind = handleTest ./bitcoind.nix {};
bittorrent = handleTest ./bittorrent.nix {};
bitwarden = handleTest ./bitwarden.nix {};
blockbook-frontend = handleTest ./blockbook-frontend.nix {};
boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64
boot-stage1 = handleTest ./boot-stage1.nix {};
@ -447,6 +446,7 @@ in
v2ray = handleTest ./v2ray.nix {};
vault = handleTest ./vault.nix {};
vault-postgresql = handleTest ./vault-postgresql.nix {};
vaultwarden = handleTest ./vaultwarden.nix {};
vector = handleTest ./vector.nix {};
victoriametrics = handleTest ./victoriametrics.nix {};
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};

20
nixos/tests/bitwarden.nix → nixos/tests/vaultwarden.nix
View file

@ -4,7 +4,7 @@
}:
# These tests will:
# * Set up a bitwarden-rs server
# * Set up a vaultwarden server
# * Have Firefox use the web vault to create an account, log in, and save a password to the valut
# * Have the bw cli log in and read that password from the vault
#
@ -24,8 +24,8 @@ let
storedPassword = "seeeecret";
makeBitwardenTest = backend: makeTest {
name = "bitwarden_rs-${backend}";
makeVaultwardenTest = backend: makeTest {
name = "vaultwarden-${backend}";
meta = {
maintainers = with pkgs.lib.maintainers; [ jjjollyjim ];
};
@ -45,9 +45,9 @@ let
package = pkgs.mariadb;
};
services.bitwarden_rs.config.databaseUrl = "mysql://bitwardenuser:${dbPassword}@localhost/bitwarden";
services.vaultwarden.config.databaseUrl = "mysql://bitwardenuser:${dbPassword}@localhost/bitwarden";
systemd.services.bitwarden_rs.after = [ "mysql.service" ];
systemd.services.vaultwarden.after = [ "mysql.service" ];
};
postgresql = {
@ -60,9 +60,9 @@ let
'';
};
services.bitwarden_rs.config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden";
services.vaultwarden.config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden";
systemd.services.bitwarden_rs.after = [ "postgresql.service" ];
systemd.services.vaultwarden.after = [ "postgresql.service" ];
};
sqlite = { };
@ -71,7 +71,7 @@ let
mkMerge [
backendConfig.${backend}
{
services.bitwarden_rs = {
services.vaultwarden = {
enable = true;
dbBackend = backend;
config.rocketPort = 80;
@ -152,7 +152,7 @@ let
testScript = ''
start_all()
server.wait_for_unit("bitwarden_rs.service")
server.wait_for_unit("vaultwarden.service")
server.wait_for_open_port(80)
with subtest("configure the cli"):
@ -184,6 +184,6 @@ let
in
builtins.listToAttrs (
map
(backend: { name = backend; value = makeBitwardenTest backend; })
(backend: { name = backend; value = makeVaultwardenTest backend; })
backends
)

2
pkgs/development/python-modules/selenium/default.nix
View file

@ -49,7 +49,7 @@ buildPythonPackage rec {
'';
passthru.tests = {
testing-bitwarden = nixosTests.bitwarden;
testing-vaultwarden = nixosTests.vaultwarden;
};
meta = with lib; {

15
pkgs/tools/security/bitwarden_rs/default.nix → pkgs/tools/security/vaultwarden/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, rustPlatform, fetchFromGitHub, nixosTests
{ lib, stdenv, rustPlatform, fetchFromGitHub, fetchurl, nixosTests
, pkg-config, openssl
, libiconv, Security, CoreServices
, dbBackend ? "sqlite", libmysqlclient, postgresql }:
@ -7,16 +7,18 @@ let
featuresFlag = "--features ${dbBackend}";
in rustPlatform.buildRustPackage rec {
pname = "bitwarden_rs";
version = "1.20.0";
pname = "vaultwarden";
version = "1.22.1";
src = fetchFromGitHub {
owner = "dani-garcia";
repo = pname;
rev = version;
sha256 = "1ncy4iwmdzdp8rv1gc5i4s1rp97d94n4l4bh08v6w4zdpx0zn8b9";
sha256 = "sha256-aXbnNO3mTAgE1yNx7YVDo1vPpO8ACZpBGHQ633fNZ3k=";
};
cargoSha256 = "sha256-SFzq3OU0a0s3zlEzUkqGdZb/knYafqDamLy4ghH4i8I=";
nativeBuildInputs = [ pkg-config ];
buildInputs = with lib; [ openssl ]
++ optionals stdenv.isDarwin [ libiconv Security CoreServices ]
@ -25,7 +27,6 @@ in rustPlatform.buildRustPackage rec {
RUSTC_BOOTSTRAP = 1;
cargoSha256 = "0vdi792bzqxj8g215r9r5anzs4qhqsm6sjzwpj1l9861bn7j4xsz";
cargoBuildFlags = [ featuresFlag ];
checkPhase = ''
@ -35,11 +36,11 @@ in rustPlatform.buildRustPackage rec {
runHook postCheck
'';
passthru.tests = nixosTests.bitwarden;
passthru.tests = nixosTests.vaultwarden;
meta = with lib; {
description = "Unofficial Bitwarden compatible server written in Rust";
homepage = "https://github.com/dani-garcia/bitwarden_rs";
homepage = "https://github.com/dani-garcia/vaultwarden";
license = licenses.gpl3Only;
maintainers = with maintainers; [ msteen ];
};

10
pkgs/tools/security/bitwarden_rs/vault.nix → pkgs/tools/security/vaultwarden/vault.nix
View file

@ -1,7 +1,7 @@
{ lib, stdenv, fetchurl, nixosTests }:
stdenv.mkDerivation rec {
pname = "bitwarden_rs-vault";
pname = "vaultwarden-vault";
version = "2.19.0";
src = fetchurl {
@ -10,16 +10,16 @@ stdenv.mkDerivation rec {
};
buildCommand = ''
mkdir -p $out/share/bitwarden_rs/
cd $out/share/bitwarden_rs/
mkdir -p $out/share/vaultwarden/
cd $out/share/vaultwarden/
tar xf $src
mv web-vault vault
'';
passthru.tests = nixosTests.bitwarden;
passthru.tests = nixosTests.vaultwarden;
meta = with lib; {
description = "Integrates the web vault into bitwarden_rs";
description = "Integrates the web vault into vaultwarden";
homepage = "https://github.com/dani-garcia/bw_web_builds";
platforms = platforms.all;
license = licenses.gpl3Plus;

8
pkgs/top-level/aliases.nix
View file

@ -88,6 +88,14 @@ mapAliases ({
bittorrentSync = throw "bittorrentSync has been deprecated by resilio-sync."; # added 2019-06-03
bittorrentSync14 = throw "bittorrentSync14 has been deprecated by resilio-sync."; # added 2019-06-03
bittorrentSync20 = throw "bittorrentSync20 has been deprecated by resilio-sync."; # added 2019-06-03
# bitwarden_rs renamed to vaultwarden with release 1.21.0 (2021-04-30)
bitwarden_rs = vaultwarden;
bitwarden_rs-sqlite = vaultwarden-sqlite;
bitwarden_rs-mysql = vaultwarden-mysql;
bitwarden_rs-postgresql = vaultwarden-postgresql;
bitwarden_rs-vault = vaultwarden-vault;
bs1770gain = throw "bs1770gain has been removed from nixpkgs, as it had no maintainer or reverse dependencies."; # added 2021-01-02
btc1 = throw "btc1 has been removed, it was abandoned by upstream"; # added 2020-11-03
buildPerlPackage = perlPackages.buildPerlPackage; # added 2018-10-12

18
pkgs/top-level/all-packages.nix
View file

@ -1312,15 +1312,6 @@ in
inherit (nodePackages) bitwarden-cli;
bitwarden_rs = callPackage ../tools/security/bitwarden_rs {
inherit (darwin.apple_sdk.frameworks) Security CoreServices;
};
bitwarden_rs-sqlite = bitwarden_rs;
bitwarden_rs-mysql = bitwarden_rs.override { dbBackend = "mysql"; };
bitwarden_rs-postgresql = bitwarden_rs.override { dbBackend = "postgresql"; };
bitwarden_rs-vault = callPackage ../tools/security/bitwarden_rs/vault.nix { };
bkyml = callPackage ../tools/misc/bkyml { };
blockbench-electron = callPackage ../applications/graphics/blockbench-electron { };
@ -31585,6 +31576,15 @@ in
vazir-code-font = callPackage ../data/fonts/vazir-code-font { };
vaultwarden = callPackage ../tools/security/vaultwarden {
inherit (darwin.apple_sdk.frameworks) Security CoreServices;
};
vaultwarden-sqlite = vaultwarden;
vaultwarden-mysql = vaultwarden.override { dbBackend = "mysql"; };
vaultwarden-postgresql = vaultwarden.override { dbBackend = "postgresql"; };
vaultwarden-vault = callPackage ../tools/security/vaultwarden/vault.nix { };
vazir-fonts = callPackage ../data/fonts/vazir-fonts { };
vbam = callPackage ../misc/emulators/vbam { };