add roadmap

README.md

@@ -232,6 +232,12 @@ disnix-lock -u
 
 In rough order of highest to lowest priority.
 
+Roadmap for V1:
+- [ ] Have Vaultwarden deployable behind Haproxy with Keycloak and
+      oauth2proxy as SSO.
+- [ ] Have example for Vaultwarden working.
+- [ ] Have integration tests for Vaultwarden.
+
 - Misc
   - [x] Function to generate haproxy config
   - [ ] Handle Nixops 2 (nixops_unstable)
@@ -240,6 +246,9 @@ In rough order of highest to lowest priority.
   - [ ] Add configuration examples
   - [ ] Merge all keycloak services into one definition
   - [ ] Run tests on Hercules-CI
+  - [ ] Explain how to setup secret keys.
+  - [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules
+        to setup configuration.
 - Dev
   - [ ] Automatically pull client credentials from keycloak to
         populate oauth2proxy's clientsecret key.
@@ -265,6 +274,3 @@ In rough order of highest to lowest priority.
   - [ ] Move a few packages installed through network.nix into services.nix.
   - [ ] Use something else than `pass` to retrieve secrets. Or better,
         allow multiple options.
-  - [ ] Explain how to setup secret keys.
-  - [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules
-        to setup configuration.

all-packages.nix

@@ -3,6 +3,7 @@
 , system ? builtins.currentSystem
 , pkgs ? import <nixpkgs> { inherit system; }
 , utils ? null
+, secret ? null
 }:
 
 let
@@ -32,7 +33,7 @@ let
     keycloak = callPackage ./keycloak {inherit utils customPkgs;};
 
     ttrss = callPackage ./ttrss {inherit utils customPkgs;};
-    vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs;};
+    vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs secret;};
   };
 in
 customPkgs

vaultwarden/default.nix

@@ -1,6 +1,7 @@
 { customPkgs
 , pkgs
 , utils
+, secret
 }:
 { serviceName ? "Vaultwarden"
 , subdomain ? "vaultwarden"
@@ -236,15 +237,15 @@ rec {
 
   deployKeys = domain: {
     "${serviceName}_oauth2proxy_cookiesecret".text = ''
-        OAUTH2_PROXY_COOKIE_SECRET="${builtins.extraBuiltins.pass "${domain}/${subdomain}/${cookieSecretName}"}"
+        OAUTH2_PROXY_COOKIE_SECRET="${secret "${domain}/${subdomain}/${cookieSecretName}"}"
         '';
     "${serviceName}_oauth2proxy_clientsecret".text = ''
-        OAUTH2_PROXY_CLIENT_SECRET="${builtins.extraBuiltins.pass "${domain}/${subdomain}/${clientSecretName}"}"
+        OAUTH2_PROXY_CLIENT_SECRET="${secret "${domain}/${subdomain}/${clientSecretName}"}"
         '';
     "${serviceName}_smtp_all".text = ''
-        SMTP_HOST="${builtins.extraBuiltins.pass "${domain}/mailgun.com/smtp_hostname"}"
+        SMTP_HOST="${secret "${domain}/mailgun.com/smtp_hostname"}"
-        SMTP_USERNAME="${builtins.extraBuiltins.pass "${domain}/mailgun.com/smtp_login"}"
+        SMTP_USERNAME="${secret "${domain}/mailgun.com/smtp_login"}"
-        SMTP_PASSWORD="${builtins.extraBuiltins.pass "${domain}/mailgun.com/password"}"
+        SMTP_PASSWORD="${secret "${domain}/mailgun.com/password"}"
         '';
   };