diff --git a/README.md b/README.md index 5c70d6c..e9da670 100644 --- a/README.md +++ b/README.md @@ -232,6 +232,12 @@ disnix-lock -u In rough order of highest to lowest priority. +Roadmap for V1: +- [ ] Have Vaultwarden deployable behind Haproxy with Keycloak and + oauth2proxy as SSO. +- [ ] Have example for Vaultwarden working. +- [ ] Have integration tests for Vaultwarden. + - Misc - [x] Function to generate haproxy config - [ ] Handle Nixops 2 (nixops_unstable) @@ -240,6 +246,9 @@ In rough order of highest to lowest priority. - [ ] Add configuration examples - [ ] Merge all keycloak services into one definition - [ ] Run tests on Hercules-CI + - [ ] Explain how to setup secret keys. + - [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules + to setup configuration. - Dev - [ ] Automatically pull client credentials from keycloak to populate oauth2proxy's clientsecret key. @@ -265,6 +274,3 @@ In rough order of highest to lowest priority. - [ ] Move a few packages installed through network.nix into services.nix. - [ ] Use something else than `pass` to retrieve secrets. Or better, allow multiple options. - - [ ] Explain how to setup secret keys. - - [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules - to setup configuration. diff --git a/all-packages.nix b/all-packages.nix index 3bece31..97f8d44 100644 --- a/all-packages.nix +++ b/all-packages.nix @@ -3,6 +3,7 @@ , system ? builtins.currentSystem , pkgs ? import { inherit system; } , utils ? null +, secret ? null }: let @@ -32,7 +33,7 @@ let keycloak = callPackage ./keycloak {inherit utils customPkgs;}; ttrss = callPackage ./ttrss {inherit utils customPkgs;}; - vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs;}; + vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs secret;}; }; in customPkgs diff --git a/vaultwarden/default.nix b/vaultwarden/default.nix index b9f8c51..1349048 100644 --- a/vaultwarden/default.nix +++ b/vaultwarden/default.nix @@ -1,6 +1,7 @@ { customPkgs , pkgs , utils +, secret }: { serviceName ? "Vaultwarden" , subdomain ? "vaultwarden" @@ -236,15 +237,15 @@ rec { deployKeys = domain: { "${serviceName}_oauth2proxy_cookiesecret".text = '' - OAUTH2_PROXY_COOKIE_SECRET="${builtins.extraBuiltins.pass "${domain}/${subdomain}/${cookieSecretName}"}" + OAUTH2_PROXY_COOKIE_SECRET="${secret "${domain}/${subdomain}/${cookieSecretName}"}" ''; "${serviceName}_oauth2proxy_clientsecret".text = '' - OAUTH2_PROXY_CLIENT_SECRET="${builtins.extraBuiltins.pass "${domain}/${subdomain}/${clientSecretName}"}" + OAUTH2_PROXY_CLIENT_SECRET="${secret "${domain}/${subdomain}/${clientSecretName}"}" ''; "${serviceName}_smtp_all".text = '' - SMTP_HOST="${builtins.extraBuiltins.pass "${domain}/mailgun.com/smtp_hostname"}" - SMTP_USERNAME="${builtins.extraBuiltins.pass "${domain}/mailgun.com/smtp_login"}" - SMTP_PASSWORD="${builtins.extraBuiltins.pass "${domain}/mailgun.com/password"}" + SMTP_HOST="${secret "${domain}/mailgun.com/smtp_hostname"}" + SMTP_USERNAME="${secret "${domain}/mailgun.com/smtp_login"}" + SMTP_PASSWORD="${secret "${domain}/mailgun.com/password"}" ''; };