Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

bitwarden: brought in line with the nixpkgs again.

Browse source
This commit is contained in:
silver 2023-11-18 03:03:35 +00:00
parent e42f718ba5
commit cbb4100b4e
8 changed files with 74 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
applications/bitwarden/_bitwarden_sync_module.nix
View file

@ -46,12 +46,6 @@ in {
description = lib.mdDoc "Folder to store the config file.";
default = "/etc/bitwarden/bwdc";
};
pw_env = mkOption {
type = types.str;
description = lib.mdDoc "The ENV var that the ldap password is stored.";
default = "LDAP_PW";
};
interval = mkOption {
type = types.str;
default = "*:0,15,30,45";
@ -229,14 +223,20 @@ in {
};
};
env = {
secrets = {
ldap = mkOption rec {
type = types.str;
description = "Auth for the LDAP, has value defined in {option}`pw_env";
};
bitwarden = mkOption rec {
bitwarden = {
client_path_id = mkOption rec {
type = types.str;
description = "Auth for Bitwarden, has BW_CLIENTID and BW_CLIENTSECRET";
description = "Path to file that contains Client ID.";
};
client_path_secret = mkOption rec {
type = types.str;
description = "Path to file that contains Client Secret.";
};
};
};
};
@ -290,6 +290,8 @@ in {
${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain}
# now login to set credentials
export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})"
export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})"
${cfg.package}/bin/${cfg.binary_name} login
jq '.authenticatedAccounts[0] as $account
@ -306,7 +308,7 @@ in {
# final config
${cfg.package}/bin/${cfg.binary_name} config directory 0
${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.pw_env}
${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretfile ${cfg.secrets.ldap}
'';
ExecStart = "${cfg.package}/bin/${cfg.binary_name} sync";
@ -314,11 +316,6 @@ in {
ExecStartPost = pkgs.writeShellScript "bitwarden_directory_connector-cleanup" ''
rm -f -- ${escapeShellArg cfg.directory}/data.json
'';
EnvironmentFile = [
"${cfg.env.ldap}"
"${cfg.env.bitwarden}"
];
};
};
};

29
applications/bitwarden/bitwarden_sync.nix
View file

@ -4,6 +4,7 @@
lib,
...
}: let
user = "bwdc";
in {
imports = [
./_bitwarden_sync_module.nix
@ -12,18 +13,31 @@ in {
options = {};
config = {
age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;
age.secrets.bitwarden_sync_id = {
file = ../../secrets/bitwarden/id.age;
owner = user;
group = user;
};
age.secrets.bitwarden_sync_secret = {
file = ../../secrets/bitwarden/secret.age;
owner = user;
group = user;
};
age.secrets.bitwarden_sync_ldap = {
file = ../../secrets/ldap/pw.age;
owner = user;
group = user;
};
services.bitwarden_directory_connector = {
enable = true;
user = user;
domain = "https://pw.skynet.ie";
package = pkgs.callPackage ./_bitwarden-directory-connector.nix {};
pw_env = "LDAP_ADMIN_PW";
ldap = {
ssl = false;
startTls = false;
@ -54,9 +68,12 @@ in {
groupNameAttribute = "cn";
};
env = {
bitwarden = config.age.secrets.bitwarden_sync_api.path;
secrets = {
ldap = config.age.secrets.bitwarden_sync_ldap.path;
bitwarden = {
client_path_id = config.age.secrets.bitwarden_sync_id.path;
client_path_secret = config.age.secrets.bitwarden_sync_secret.path;
};
};
};
};

BIN
secrets/bitwarden/api.age
View file

Binary file not shown.

BIN
secrets/bitwarden/details.age
View file

Binary file not shown.

BIN
secrets/bitwarden/id.age Normal file
View file

Binary file not shown.

15
secrets/bitwarden/secret.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA BxPb6d6nlJHiTkbcwOoPrvAPBuR1iJSFAXIp9n23Ix0
hl0X3RjOEYp2G1QU4SC6CBF5YVlCWiakMsRbGTBYkzs
-> ssh-ed25519 4PzZog Nf/tUysmhTfzaoHhubwdQ5NKZw5SBd3CEs129FGkuio
750oaBtfeBEpDuasZFr7RY5uBzFZZNMNGQkRyFfEGCo
-> ssh-ed25519 5Nd93w fI9TNLWkDkvLCDA8eTMfVw7fRPylWHPGzPupya737xY
wQcz+yf+EqDNmRWqldNuQjjy9tKc1zN//yumtGpGbaM
-> ssh-ed25519 q8eJgg T9Iv+fRwmOLYMXe3ur6dqudA1z2wQsKQX6ogkyQT3Fw
LBYKL2OtLiwq25FkvZjT4H3tu8fOA+KFmFp5vjbncLI
-> ssh-ed25519 IzAMqA O9JfKAlOUao2S14iczlnTzT2sTSAM1vOR5KjO8eJMG0
ioTSe6X4E6jE4c9Utl2d6EUHZYilnbtRnB5QJg3S3Q4
-> 6&-grease
BkWorA2LiphyWLmdV3AeKsI
--- +MO1wX7pJf7eq4MkiWSP+xyxThI5jnfseS8jd7LbFoY
¿ÕWV¥—>ådD­"ð`ûi+ €Ç¸ÃæÕ¬ã<C2AC>ÂSмk°H¨Ojt<6A>±Ç*âòkßäŒØ<C592>ŒÔ¢9Ë×P

39
secrets/ldap/pw.age
View file

@ -1,20 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA y4Jn8Hbj1tfjCM5x0uNHYMgFUNDr6KHCcuXoPxlT9RY
tbBvpE6eGiBTpUdIq4qgZ9JRC9RptiqV+b0xghMITgA
-> ssh-ed25519 4PzZog e+daH2rT2eant/6TKRpcWs6upAMZ3Xw9SnRWtXo/s0Y
mDvQxqaj2XYnZ0SPMW1CeaWiWBalHt3LsEgHeEwCbQ0
-> ssh-ed25519 5Nd93w AXtyVYaQ2LEIM2rqrh8blQHt51qDfwQ3aiI5RRvgtHo
sSfCow1fkwpYuT2WQhFzuuDqKIrR0wxBrWxOcrPRC3A
-> ssh-ed25519 q8eJgg LS2iaiXUINhcAv131p1TftyQOBz/efp1+IV2tUkHwDw
ZW3ktiCi8vTspB6Sc7tq9tSAaDMtyHL5FADXLi9nlxc
-> ssh-ed25519 IzAMqA SH4eaJm8kdw6Pf4eIQGsMx3Wg9dRkEjCkjbpSWPxSGE
YKTUSXXyswYkfFUdYB963isQXAEaMefQsNIDwCmwt8o
-> ssh-ed25519 uZzB3g W1aPkpNkRJufFmDy+GoWJmwi3a5jp3RWyTiKSPP+2HM
N+njssQYN1tMmfcvYcFHmPR1gYSom3aJkVsTIHUpslg
-> ssh-ed25519 Hb0ipQ hvEFVHPzRtX2T8AbEk/rWIf5QGDE2kmQFylFVWzHmG0
NWwpgmqnIMUDFeHynofn+1GTe2nNWI+YOelmuLC7hhI
-> WEEa'-grease \ NIu4o?\m S;\E"U.
SZy71FpmUaUVoMICsdVcYZ1i4zbDmq4+w/fKB/Dkepm5dX3u3kRimmYdOp7S/s8H
3GaZ5oFXeBt3Alj6Vw3UizOZjPwWbyyA/Q
--- ARW6OvhJD/OEtsgEnb3x0bf5xBUYaZ0eZzXfvc5K9rw
H?æô É––ÏàUPë]·×.Øþ„)S—(Í•ì¯XN¢ }4Àþo{Ƹw ÌÄe1¼!Qý3¶ž¡…¤ÌÒtlÃ;dw½À_¦ñ_¹Ý(ùK6F#ñ¥ê_nŽL®(%4%eõB}¡KÏã ‡i i,æú˜I<CB9C>GQ:£Ë\ðéŽUâ<>§d¦>A<4¿Ÿ]#`Ñ
-> ssh-ed25519 V1pwNA 7xMn5rTcihSdgzDvXVBCbcGX8d428ytwBK0G1TOAMBQ
AYXY36I3DdQc8TJeWknIW8HFRZKXalkwBnJp5J4HjKM
-> ssh-ed25519 4PzZog +V5lAWzv8+NbK3jZZeCc491F2dLcCMqaVbzX14nPcS8
c6DqiOextznWRSOtsR8KJmyGSJL+Ubx9jHVSeH0w+zs
-> ssh-ed25519 5Nd93w 7JnyPksmvytXPorlyoNPrh8BSsZNCAXXILKlS8F+ogk
iStkE+rT43h0zkgcRehbVTX1wGYZkJj0/zIQilm78Ak
-> ssh-ed25519 q8eJgg 6EGWaxyf1vDSzdvRU4+XEsVEfaj3K6dE/3tt8MA5YAE
CrIad5K2lTWlDh7jLZr+nIWtdWpRYg6HVt0HbhmMaMk
-> ssh-ed25519 IzAMqA eh7mAmV0l35n55rnmMPV6N/MUxrCKT+v7OFKNZlakgU
6cBUHDuHX6/5x84WFIbxlVVtIyx4eiJaGB9TP718u2A
-> ssh-ed25519 uZzB3g RbnBlsD9bSqG2W6RC8eWFhV3hVSx6ItFbH+irxa+uFk
mNGkTJODGb+anzqrWIX53AfUfMBjhZMdRF4ZGmT+bBM
-> ssh-ed25519 Hb0ipQ 9dQNJXGE3uIVPGLi2J/TCVW2xPem/qwKAEq/GPzEl0E
VTQYcZjCUTkom7bloTaIvR+/fA4rNwBUU2YzCUX1sss
-> ssh-ed25519 IzAMqA Q/SCKGBzFVtk2fkXYF4cyWWSdGG8BiSztPLHyr3UnCQ
l75JzJC9hRp34yA3cBUkDOupA4UTifxSwVNqb+aWXZk
-> T4-grease & M~o 5A#" =^Z3b:
oI4xOpmGL8b+HPrdKyMomAuW2AfCqCvXxbIv7NSA+nd1dYH/QFuw
--- vSy8f0+j42gCL0K7N8yZlWajUMwKKtGptqKP6ajbW1U
wϵm*¶¡tX§t.JúhA»Þž*Á²ÓŠå<C5A0>‰æQŽh™ÏwÿËÍaZŒÅœ!Ï6`ÔéËSXÀéÙ×<C399>pu<70>ã ïl¨¼²9n<39>ÒËlÁÎÄi&áC÷áæf <66>Ö¥:v^Ÿ=Ò$1= ¡ãg¢¹ycK…µkÚ@ê@Z¹cŠ­#Ì™ëÅd#e”_.þ(6´

5
secrets/secrets.nix
View file

@ -117,7 +117,7 @@ in {
"gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners;
# for ldap
"ldap/pw.age".publicKeys = users ++ ldap;
"ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden;
# for use connectring to teh ldap
"ldap/details.age".publicKeys = users ++ ldap ++ discord ++ bitwarden;
@ -139,6 +139,7 @@ in {
"wolves/details.age".publicKeys = users ++ ldap ++ discord;
# for bitwarden connector
"bitwarden/api.age".publicKeys = users ++ bitwarden;
"bitwarden/id.age".publicKeys = users ++ bitwarden;
"bitwarden/secret.age".publicKeys = users ++ bitwarden;
"bitwarden/details.age".publicKeys = users ++ bitwarden;
}