bitwarden: final changes

2023-11-16 01:12:09 +00:00 · 2023-11-16 01:12:09 +00:00 · 82b0b4aff4
commit 82b0b4aff4
parent 4c0f3a1645
1 changed files with 10 additions and 23 deletions
--- a/applications/bitwarden/_bitwarden_sync_module.nix
+++ b/applications/bitwarden/_bitwarden_sync_module.nix
@ -9,26 +9,6 @@ with lib; let

  ldap_data = builtins.toJSON cfg.ldap;
  sync_data = builtins.toJSON cfg.sync;
-
-  # coping directly from nix https://github.com/NixOS/nixpkgs/blob/da4024d0ead5d7820f6bd15147d3fe2a0c0cec73/nixos/modules/config/nix.nix#L62C1-L76C49
-  semanticConfType = with types; let
-    confAtom =
-      nullOr
-      (oneOf [
-        bool
-        int
-        float
-        str
-        path
-        package
-      ])
-      // {
-        description = "Nix config atom (null, bool, int, float, str, path or package)";
-      };
-  in
-    attrsOf (either confAtom (listOf confAtom));
-
-  json_string = string: builtins.replaceStrings ["\""] ["\\\""] string;
 in {
  imports = [];

@ -81,7 +61,7 @@ in {
    ldap = mkOption {
      description = lib.mdDoc "Options to configurate LDAP.";
      type = types.submodule {
-        freeformType = semanticConfType;
+        freeformType = types.attrsOf (pkgs.formats.json {}).type;

        options = {
          ssl = mkOption {
@ -144,7 +124,7 @@ in {
    sync = mkOption {
      description = lib.mdDoc "Options to configurate what gets synced.";
      type = types.submodule {
-        freeformType = semanticConfType;
+        freeformType = types.attrsOf (pkgs.formats.json {}).type;

        options = {
          removeDisabled = mkOption {
@ -303,6 +283,9 @@ in {
          ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" ''
            # create the config file
            ${cfg.package}/bin/${cfg.binary_name} data-file
+            touch -- ${escapeShellArg cfg.directory}/data.json.tmp
+            chmod 600 ${escapeShellArg cfg.directory}/data.json
+            chmod 600 -- ${escapeShellArg cfg.directory}/data.json.tmp

            ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain}

@ -326,7 +309,11 @@ in {
            ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.pw_env}
          '';

-          ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';
+          ExecStart = "${cfg.package}/bin/${cfg.binary_name} sync";
+
+          ExecStartPost = pkgs.writeShellScript "bitwarden_directory_connector-cleanup" ''
+            rm -f -- ${escapeShellArg cfg.directory}/data.json
+          '';

          EnvironmentFile = [
            "${cfg.env.ldap}"