diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/vaultwarden')
-rw-r--r-- | nixpkgs/pkgs/tools/security/vaultwarden/default.nix | 44 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/vaultwarden/update.nix | 30 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix | 70 |
3 files changed, 144 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/default.nix b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix new file mode 100644 index 000000000000..762c8312c1e6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix @@ -0,0 +1,44 @@ +{ lib, stdenv, callPackage, rustPlatform, fetchFromGitHub, nixosTests +, pkg-config, openssl +, libiconv, Security, CoreServices, SystemConfiguration +, dbBackend ? "sqlite", libmysqlclient, postgresql }: + +let + webvault = callPackage ./webvault.nix {}; +in + +rustPlatform.buildRustPackage rec { + pname = "vaultwarden"; + version = "1.30.1"; + + src = fetchFromGitHub { + owner = "dani-garcia"; + repo = pname; + rev = version; + hash = "sha256-9JCrEe0tla4v207XPgprLqP3g0BslpX8f7xa9aUhQcg="; + }; + + cargoHash = "sha256-4KyBMOdTAHe5uD6X69gMd0aqIo4w2Rqrlg+25yY2B6o="; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = with lib; [ openssl ] + ++ optionals stdenv.isDarwin [ libiconv Security CoreServices SystemConfiguration ] + ++ optional (dbBackend == "mysql") libmysqlclient + ++ optional (dbBackend == "postgresql") postgresql; + + buildFeatures = dbBackend; + + passthru = { + inherit webvault; + tests = nixosTests.vaultwarden; + updateScript = callPackage ./update.nix {}; + }; + + meta = with lib; { + description = "Unofficial Bitwarden compatible server written in Rust"; + homepage = "https://github.com/dani-garcia/vaultwarden"; + license = licenses.agpl3Only; + maintainers = with maintainers; [ msteen ivan ]; + mainProgram = "vaultwarden"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/update.nix b/nixpkgs/pkgs/tools/security/vaultwarden/update.nix new file mode 100644 index 000000000000..4d0c6c4a5047 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vaultwarden/update.nix @@ -0,0 +1,30 @@ +{ writeShellApplication +, lib +, nix +, nix-prefetch-git +, nix-update +, curl +, git +, gnugrep +, gnused +, jq +, yq +}: + +lib.getExe (writeShellApplication { + name = "update-vaultwarden"; + runtimeInputs = [ curl git gnugrep gnused jq yq nix nix-prefetch-git nix-update ]; + + text = '' + VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name') + nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION" + + URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/DockerSettings.yaml" + WEBVAULT_VERSION="$(curl --silent "$URL" | yq -r ".vault_version" | sed s/^v//)" + old_hash="$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash)" + new_hash="$(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256")" + new_hash_sri="$(nix --extra-experimental-features nix-command hash to-sri --type sha256 "$new_hash")" + sed -e "s#$old_hash#$new_hash_sri#" -i pkgs/tools/security/vaultwarden/webvault.nix + nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION" + ''; +}) diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix b/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix new file mode 100644 index 000000000000..52f153b6a30d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix @@ -0,0 +1,70 @@ +{ lib +, buildNpmPackage +, fetchFromGitHub +, git +, nixosTests +, python3 +}: + +let + version = "2023.10.0"; + + bw_web_builds = fetchFromGitHub { + owner = "dani-garcia"; + repo = "bw_web_builds"; + rev = "v${version}"; + hash = "sha256-5vfmMJIGKyZlTQDi/t1YKAALbW/6BFAcWODfkypk/eA="; + }; +in buildNpmPackage rec { + pname = "vaultwarden-webvault"; + inherit version; + + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "clients"; + rev = "web-v${lib.removeSuffix "b" version}"; + hash = "sha256-egXToXWfb9XV7JuCRBYJO4p/e+WOwMncPKz0oBgeALQ="; + }; + + npmDepsHash = "sha256-iO8ZozVl1vOOqowQARnRJWSFUFnau46+dKfcMSkyU3o="; + + postPatch = '' + ln -s ${bw_web_builds}/{patches,resources} .. + PATH="${git}/bin:$PATH" VAULT_VERSION="${lib.removePrefix "web-" src.rev}" \ + bash ${bw_web_builds}/scripts/apply_patches.sh + ''; + + nativeBuildInputs = [ + python3 + ]; + + makeCacheWritable = true; + + ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + + npmBuildScript = "dist:oss:selfhost"; + + npmBuildFlags = [ + "--workspace" "apps/web" + ]; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/vaultwarden + mv apps/web/build $out/share/vaultwarden/vault + runHook postInstall + ''; + + passthru = { + inherit bw_web_builds; + tests = nixosTests.vaultwarden; + }; + + meta = with lib; { + description = "Integrates the web vault into vaultwarden"; + homepage = "https://github.com/dani-garcia/bw_web_builds"; + platforms = platforms.all; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ dotlambda msteen mic92 ]; + }; +} |