From 82b0b4aff47eec1d6514935d175384bd5f5ea3d8 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Thu, 16 Nov 2023 01:12:09 +0000
Subject: [PATCH] bitwarden: final changes

---
 .../bitwarden/_bitwarden_sync_module.nix      | 33 ++++++-------------
 1 file changed, 10 insertions(+), 23 deletions(-)

diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix
index 2193603..6a45fb8 100644
--- a/applications/bitwarden/_bitwarden_sync_module.nix
+++ b/applications/bitwarden/_bitwarden_sync_module.nix
@@ -9,26 +9,6 @@ with lib; let
 
   ldap_data = builtins.toJSON cfg.ldap;
   sync_data = builtins.toJSON cfg.sync;
-
-  # coping directly from nix https://github.com/NixOS/nixpkgs/blob/da4024d0ead5d7820f6bd15147d3fe2a0c0cec73/nixos/modules/config/nix.nix#L62C1-L76C49
-  semanticConfType = with types; let
-    confAtom =
-      nullOr
-      (oneOf [
-        bool
-        int
-        float
-        str
-        path
-        package
-      ])
-      // {
-        description = "Nix config atom (null, bool, int, float, str, path or package)";
-      };
-  in
-    attrsOf (either confAtom (listOf confAtom));
-
-  json_string = string: builtins.replaceStrings ["\""] ["\\\""] string;
 in {
   imports = [];
 
@@ -81,7 +61,7 @@ in {
     ldap = mkOption {
       description = lib.mdDoc "Options to configurate LDAP.";
       type = types.submodule {
-        freeformType = semanticConfType;
+        freeformType = types.attrsOf (pkgs.formats.json {}).type;
 
         options = {
           ssl = mkOption {
@@ -144,7 +124,7 @@ in {
     sync = mkOption {
       description = lib.mdDoc "Options to configurate what gets synced.";
       type = types.submodule {
-        freeformType = semanticConfType;
+        freeformType = types.attrsOf (pkgs.formats.json {}).type;
 
         options = {
           removeDisabled = mkOption {
@@ -303,6 +283,9 @@ in {
           ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" ''
             # create the config file
             ${cfg.package}/bin/${cfg.binary_name} data-file
+            touch -- ${escapeShellArg cfg.directory}/data.json.tmp
+            chmod 600 ${escapeShellArg cfg.directory}/data.json
+            chmod 600 -- ${escapeShellArg cfg.directory}/data.json.tmp
 
             ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain}
 
@@ -326,7 +309,11 @@ in {
             ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.pw_env}
           '';
 
-          ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';
+          ExecStart = "${cfg.package}/bin/${cfg.binary_name} sync";
+
+          ExecStartPost = pkgs.writeShellScript "bitwarden_directory_connector-cleanup" ''
+            rm -f -- ${escapeShellArg cfg.directory}/data.json
+          '';
 
           EnvironmentFile = [
             "${cfg.env.ldap}"