diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index ec754dc..249ac82 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -8,6 +8,7 @@ pkg-config, libsecret, nodejs_18, + makeWrapper, }: let buildNpmPackage' = buildNpmPackage.override {nodejs = nodejs_18;}; in @@ -18,7 +19,7 @@ in src = fetchFromGitHub { owner = "bitwarden"; repo = "directory-connector"; - rev = "b2bc45137013b258bffda2c2703715cb9f6e687f"; + rev = "v${version}"; hash = "sha256-CgaCnMWNVWCJBypNcdoseVCwD8Mlq4YaWpK+VZT/7Qk="; leaveDotGit = true; }; @@ -31,8 +32,16 @@ in npmBuildScript = "build:cli:prod"; installPhase = '' - mkdir -p $out + runHook preInstall + mkdir -p $out/bin cp -R {build-cli,node_modules} $out + runHook postInstall + ''; + + # needs to be wrapped with nodejs so that it can be executed + postInstall = '' + chmod +x $out/build-cli/bwdc.js + makeWrapper $out/build-cli/bwdc.js $out/bin/${pname} --prefix PATH:"${lib.makeBinPath [nodejs_18]}" ''; buildInputs = [ @@ -43,6 +52,7 @@ in git python3 pkg-config + makeWrapper ]; meta = with lib; { @@ -51,5 +61,6 @@ in license = licenses.gpl3Only; maintainers = with maintainers; [Silver-Golden]; platforms = platforms.linux; + mainProgram = "${pname}"; }; } diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 3ca5157..31c8eeb 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -5,18 +5,13 @@ ... }: with lib; let - # to be changed once the package is accepted - connector = pkgs.callPackage ./_bitwarden-directory-connector.nix {}; - - cfg = config.services.bitwarden_connector; - - nodejs = pkgs.nodejs-18_x; + cfg = config.services.bitwarden_directory_connector; ldap_data = '' { "ssl": ${boolToString cfg.ldap.ssl}, "startTls": ${boolToString cfg.ldap.startTls}, - "sslAllowUnauthorized": ${boolToString cfg.ldap.startTls}, + "sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized}, "port": ${toString cfg.ldap.port}, "currentUser": false, "ad": ${boolToString cfg.ldap.ad}, @@ -66,9 +61,23 @@ with lib; let in { imports = []; - options.services.bitwarden_connector = { + options.services.bitwarden_directory_connector = { enable = mkEnableOption "Bitwarden Directory Connector"; + package = mkOption { + type = types.package; + default = pkgs.bitwarden-directory-connector; + defaultText = literalExpression "pkgs.bitwarden-directory-connector"; + description = lib.mdDoc "Reference to the Ditwarden Directory Connector package"; + example = literalExpression "pkgs.bitwarden-directory-connector-example"; + }; + + binary_name = mkOption { + type = types.str; + description = lib.mdDoc "The main binary for the connector."; + default = "bitwarden-directory-connector"; + }; + domain = mkOption { type = types.str; description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessable on."; @@ -84,7 +93,7 @@ in { directory = mkOption { type = types.str; description = lib.mdDoc "Folder to store the config file."; - default = "/etc/bitwarden/${cfg.user}"; + default = "/etc/bitwarden/bwdc"; }; ldap = { @@ -96,7 +105,7 @@ in { startTls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use startTls."; + description = lib.mdDoc "Use STARTTLS."; }; sslAllowUnauthorized = mkOption { type = types.bool; @@ -141,7 +150,7 @@ in { interval = mkOption { type = types.str; default = "*:0,15,30,45"; - description = lib.mdDoc "When to run the connector, cron syntax."; + description = lib.mdDoc "When to run the connector, OnCalendar syntax."; }; removeDisabled = mkOption { type = types.bool; @@ -157,7 +166,7 @@ in { largeImport = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable if you ar syncing more than 2000 users/groups."; + description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; }; memberAttribute = mkOption { @@ -247,10 +256,9 @@ in { }; env = { - description = "Env files to be passed in."; ldap = mkOption rec { type = types.str; - description = "Auth for the LDAP, has ${cfg.ldap.pw_env}"; + description = "Auth for the LDAP, has value defined in {option}`ldap.pw_env"; }; bitwarden = mkOption rec { type = types.str; @@ -271,18 +279,18 @@ in { }; systemd = { - timers."${cfg.user}" = { - description = "Timer for ${cfg.user}"; + timers.bitwarden_directory_connector = { + description = "Sync timer for Bitwarden Directory Connector"; wantedBy = ["timers.target"]; - partOf = ["${cfg.user}.service"]; + partOf = ["bitwarden_directory_connector.service"]; timerConfig = { OnCalendar = cfg.sync.interval; - Unit = "${cfg.user}.service"; + Unit = "bitwarden_directory_connector.service"; Persistent = true; }; }; - services."${cfg.user}" = { + services.bitwarden_directory_connector = { description = "Main process for Bitwarden Directory Connector"; wantedBy = ["multi-user.target"]; after = ["network-online.target"]; @@ -297,14 +305,14 @@ in { Type = "oneshot"; User = "${cfg.user}"; Group = "${cfg.user}"; - ExecStartPre = pkgs.writeShellScript "${cfg.user}-config" '' + ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" '' # create the config file - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js data-file + ${cfg.package}/bin/${cfg.binary_name} data-file - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config server ${cfg.domain} + ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain} # now login to set credentials - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js login + ${cfg.package}/bin/${cfg.binary_name} login # set the ldap details sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json @@ -317,11 +325,11 @@ in { sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json # final config - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config directory 0 - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config ldap.password --secretenv ${cfg.ldap.pw_env} + ${cfg.package}/bin/${cfg.binary_name} config directory 0 + ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env} ''; - ExecStart = ''${nodejs}/bin/node ${connector}/build-cli/bwdc.js sync''; + ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync''; EnvironmentFile = [ "${cfg.env.ldap}" @@ -331,4 +339,8 @@ in { }; }; }; + + meta = with lib; { + maintainers = with maintainers; [Silver-Golden]; + }; } diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index a993846..fb013e0 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -15,11 +15,13 @@ in { age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age; age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age; - services.bitwarden_connector = { + services.bitwarden_directory_connector = { enable = true; domain = "https://pw.skynet.ie"; + package = pkgs.callPackage ./_bitwarden-directory-connector.nix {}; + ldap = { ssl = false; startTls = false;