Merge pull request #205943 from mweinelt/vaultwarden

vaultwarden: Add update script to keep web vault in sync
2022-12-14 16:15:49 +00:00 · 2022-12-14 16:15:49 +00:00 · 7af2f0e2e7
parent b09d18903c d37dca5f14
commit 7af2f0e2e7
7 changed files with 54 additions and 22 deletions
--- a/nixos/modules/services/security/vaultwarden/default.nix
+++ b/nixos/modules/services/security/vaultwarden/default.nix
@ -162,8 +162,8 @@ in {

    webVaultPackage = mkOption {
      type = package;
-      default = pkgs.vaultwarden-vault;
-      defaultText = literalExpression "pkgs.vaultwarden-vault";
+      default = pkgs.vaultwarden.webvault;
+      defaultText = literalExpression "pkgs.vaultwarden.webvault";
      description = lib.mdDoc "Web vault package to use.";
    };
  };
--- a/nixos/tests/vaultwarden.nix
+++ b/nixos/tests/vaultwarden.nix
@ -87,6 +87,9 @@ let
                testRunner = pkgs.writers.writePython3Bin "test-runner"
                  {
                    libraries = [ pkgs.python3Packages.selenium ];
+                    flakeIgnore = [
+                      "E501"
+                    ];
                  } ''

                  from selenium.webdriver.common.by import By
@ -106,25 +109,25 @@ let

                  wait.until(EC.title_contains("Create Account"))

-                  driver.find_element(By.CSS_SELECTOR, 'input#email').send_keys(
-                    '${userEmail}'
+                  driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_email').send_keys(
+                      '${userEmail}'
                  )
-                  driver.find_element(By.CSS_SELECTOR, 'input#name').send_keys(
-                    'A Cat'
+                  driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_name').send_keys(
+                      'A Cat'
                  )
-                  driver.find_element(By.CSS_SELECTOR, 'input#masterPassword').send_keys(
-                    '${userPassword}'
+                  driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_master-password').send_keys(
+                      '${userPassword}'
                  )
-                  driver.find_element(By.CSS_SELECTOR, 'input#masterPasswordRetype').send_keys(
-                    '${userPassword}'
+                  driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_confirm-master-password').send_keys(
+                      '${userPassword}'
                  )

-                  driver.find_element(By.XPATH, "//button[contains(., 'Submit')]").click()
+                  driver.find_element(By.XPATH, "//button[contains(., 'Create Account')]").click()

                  wait.until_not(EC.title_contains("Create Account"))

-                  driver.find_element(By.CSS_SELECTOR, 'input#masterPassword').send_keys(
-                    '${userPassword}'
+                  driver.find_element(By.CSS_SELECTOR, 'input#login_input_master-password').send_keys(
+                      '${userPassword}'
                  )
                  driver.find_element(By.XPATH, "//button[contains(., 'Log In')]").click()

@ -133,10 +136,10 @@ let
                  driver.find_element(By.XPATH, "//button[contains(., 'Add Item')]").click()

                  driver.find_element(By.CSS_SELECTOR, 'input#name').send_keys(
-                    'secrets'
+                      'secrets'
                  )
                  driver.find_element(By.CSS_SELECTOR, 'input#loginPassword').send_keys(
-                    '${storedPassword}'
+                      '${storedPassword}'
                  )

                  driver.find_element(By.XPATH, "//button[contains(., 'Save')]").click()
--- a/pkgs/tools/security/vaultwarden/default.nix
+++ b/pkgs/tools/security/vaultwarden/default.nix
@ -1,8 +1,12 @@
-{ lib, stdenv, rustPlatform, fetchFromGitHub, fetchurl, nixosTests
+{ lib, stdenv, callPackage, rustPlatform, fetchFromGitHub, fetchurl, nixosTests
 , pkg-config, openssl
 , libiconv, Security, CoreServices
 , dbBackend ? "sqlite", libmysqlclient, postgresql }:

+let
+  webvault = callPackage ./webvault.nix {};
+in
+
 rustPlatform.buildRustPackage rec {
  pname = "vaultwarden";
  version = "1.26.0";
@ -34,7 +38,11 @@ rustPlatform.buildRustPackage rec {

  buildFeatures = dbBackend;

-  passthru.tests = nixosTests.vaultwarden;
+  passthru = {
+    inherit webvault;
+    tests = nixosTests.vaultwarden;
+    updateScript = callPackage ./update.nix {};
+  };

  meta = with lib; {
    description = "Unofficial Bitwarden compatible server written in Rust";
--- a/pkgs/tools/security/vaultwarden/update.nix
+++ b/pkgs/tools/security/vaultwarden/update.nix
@ -0,0 +1,22 @@
+{ writeShellScript
+, lib
+, nix-update
+, curl
+, git
+, gnugrep
+, gnused
+, jq
+}:
+
+writeShellScript "update-vaultwarden" ''
+  PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix-update ]}
+
+  set -euxo pipefail
+
+  VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name')
+  nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"
+
+  URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2"
+  WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"([^\"]+)\".*/\\1/")
+  nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"
+''
--- a/pkgs/tools/security/vaultwarden/webvault.nix
+++ b/pkgs/tools/security/vaultwarden/webvault.nix
@ -1,12 +1,12 @@
 { lib, stdenv, fetchurl, nixosTests }:

 stdenv.mkDerivation rec {
-  pname = "vaultwarden-vault";
-  version = "2022.11.1";
+  pname = "vaultwarden-webvault";
+  version = "2022.10.0";

  src = fetchurl {
    url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz";
-    sha256 = "sha256-nd32Q0uTsnrdVPDe1Yglvkg2QcwgLR+x0dFvKSD8o8I=";
+    hash = "sha256-Sf1YnOikjZmloTQvdrFH/UAevQqKQEkNNrCRUhvNZfA=";
  };

  buildCommand = ''
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@ -1558,6 +1558,7 @@ mapAliases ({
  varnish63 = throw "varnish63 was removed from nixpkgs, because it is unmaintained upstream. Please switch to a different release"; # Added 2021-07-26
  varnish65 = throw "varnish65 was removed from nixpkgs, because it is unmaintained upstream. Please switch to a different release"; # Added 2021-09-15
  varnish70 = throw "varnish70 was removed from nixpkgs, because it was superseded upstream. Please switch to a different release"; # Added 2022-03-17
+  vaultwarden-vault = vaultwarden.webvault; # Added 2022-12-13
  varnish71 = throw "varnish71 was removed from nixpkgs, because it was superseded upstream. Please switch to a different release"; # Added 2022-11-08
  vdirsyncerStable  = vdirsyncer; # Added 2020-11-08, see https://github.com/NixOS/nixpkgs/issues/103026#issuecomment-723428168
  venus = throw "venus has been removed from nixpkgs, as it's unmaintained"; # Added 2021-02-05
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -37528,8 +37528,6 @@ with pkgs;
  vaultwarden-mysql = vaultwarden.override { dbBackend = "mysql"; };
  vaultwarden-postgresql = vaultwarden.override { dbBackend = "postgresql"; };

-  vaultwarden-vault = callPackage ../tools/security/vaultwarden/vault.nix { };
-
  vazir-fonts = callPackage ../data/fonts/vazir-fonts { };

  vhs = callPackage ../applications/misc/vhs { };