Add vaultwarden

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-06-11 19:05:11 +01:00
parent 0b15c9c3fa
commit 548666f86c
7 changed files with 235 additions and 1 deletions
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -15,6 +15,9 @@
  docker-grafana = import ./docker/grafana { inherit pkgs; };
  docker-grafana-image-renderer = import ./docker/grafana-image-renderer { inherit pkgs; };
  docker-ntfy = import ./docker/ntfy { inherit pkgs; };
+  docker-oidcwarden = import ./docker/oidcwarden {
+    inherit pkgs inputs system;
+  };
  docker-outline = import ./docker/outline { inherit pkgs; };
  docker-postgresql = import ./docker/postgresql { inherit pkgs; };
  docker-prometheus = import ./docker/prometheus { inherit pkgs; };
@@ -49,6 +52,8 @@

  obsidian-theme-minimal = import ./obsidian/themes/minimal { inherit pkgs; };

+  oidcwarden = import ./oidcwarden { inherit pkgs; };
+
  prometheus-fail2ban-exporter = import ./prometheus-fail2ban-exporter { inherit pkgs; };
  prometheus-podman-exporter = import ./prometheus-podman-exporter { inherit pkgs; };

--- a/packages/docker/oidcwarden/default.nix
+++ b/packages/docker/oidcwarden/default.nix
@@ -0,0 +1,41 @@
+{
+  pkgs,
+  inputs,
+  system,
+  ...
+}:
+let
+  selfPkgs = inputs.self.packages.${system};
+in
+pkgs.dockerTools.buildImage {
+  name = "oidcwarden";
+  fromImage = import ../base { inherit pkgs; };
+
+  copyToRoot = pkgs.buildEnv {
+    name = "root";
+    paths = with selfPkgs; [
+      oidcwarden
+      oidcwarden.webvault
+    ];
+    pathsToLink = [
+      "/bin"
+      "/share"
+    ];
+  };
+
+  config = {
+    Entrypoint = [ "/bin/oidcwarden" ];
+    Env = [
+      "WEB_VAULT_FOLDER=${selfPkgs.oidcwarden.webvault}/share/vaultwarden/vault"
+      "DATA_FOLDER=/var/lib/vaultwarden"
+      "ROCKET_PROFILE=release"
+      "ROCKET_ADDRESS=0.0.0.0"
+    ];
+    Volumes = {
+      "/var/lib/vaultwarden" = { };
+    };
+    ExposedPorts = {
+      "8000/tcp" = { };
+    };
+  };
+}
--- a/packages/oidcwarden/default.nix
+++ b/packages/oidcwarden/default.nix
@@ -0,0 +1,34 @@
+{ pkgs, ... }:
+# AUTO-UPDATE: nix-update --flake oidcwarden
+# FIXME: https://github.com/dani-garcia/vaultwarden/pull/3899
+pkgs.rustPlatform.buildRustPackage rec {
+  pname = "oidcwarden";
+  version = "2025.5.1-4";
+
+  src = pkgs.fetchFromGitHub {
+    owner = "Timshel";
+    repo = "OIDCWarden";
+    rev = "v${version}";
+    hash = "sha256-OEKksnZlL6kkNkU1pu7y58++EmunN0yQHwJtZwt3Cbs=";
+  };
+
+  useFetchCargoVendor = true;
+  cargoHash = "sha256-ZQ4Q5nD2WOkVX7OXEk1JTgN8zHvI6Cqmb1ifcHkXKp4=";
+
+  env.VW_VERSION = version;
+
+  nativeBuildInputs = with pkgs; [ pkg-config ];
+  buildInputs = with pkgs; [
+    openssl
+    libpq
+  ];
+
+  buildFeatures = [ "postgresql" ];
+
+  passthru = with pkgs.vaultwarden; {
+    inherit webvault updateScript;
+    tests = pkgs.lib.nixosTests.vaultwarden;
+  };
+
+  meta.mainProgram = "oidcwarden";
+}