clanModules/vaultwarden: Migrate from facts to vars

Closes: #3389
2025-04-23 11:02:20 +02:00
parent 260539c512
commit 68170ec9fb
2 changed files with 20 additions and 16 deletions
--- a/clanModules/vaultwarden/README.md
+++ b/clanModules/vaultwarden/README.md
@@ -6,9 +6,10 @@ After enabling the clan module, user accounts have to be created manually in the
 This is done by visiting `vaultwarden.example.com/admin` and typing in the admin password.
 You can get the admin password for vaultwarden by executing:
 ```bash
-clan secrets get  <machine-name>-vaultwarden-admin
+clan vars get <machine-name> vaultwarden-admin/vaultwarden-admin
 ```
 To see all secrets tied to vaultwarden execute:
 ```bash
-clan secrets list | grep vaultwarden
+clan vars get vaultwarden-admin/vaultwarden-admin
+clan vars get vaultwarden-smtp/vaultwarden-smtp
 ```
--- a/clanModules/vaultwarden/default.nix
+++ b/clanModules/vaultwarden/default.nix
@@ -92,36 +92,39 @@ in
      };
    };

-    clan.core.facts.services = {
+    clan.core.vars.generators = {
      vaultwarden-admin = {
-        secret."vaultwarden-admin" = { };
-        secret."vaultwarden-admin-hash" = { };
-        generator.path = with pkgs; [
+        migrateFact = "vaultwarden-admin";
+        files."vaultwarden-admin" = { };
+        files."vaultwarden-admin-hash" = { };
+        runtimeInputs = with pkgs; [
          coreutils
          pwgen
          libargon2
          openssl
        ];
-        generator.script = ''
+        script = ''
          ADMIN_PWD=$(pwgen 16 -n1 | tr -d "\n")
          ADMIN_HASH=$(echo -n "$ADMIN_PWD" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4)

          config="
          ADMIN_TOKEN=\"$ADMIN_HASH\"
          "
-          echo -n "$ADMIN_PWD" > "$secrets"/vaultwarden-admin
-          echo -n "$config" > "$secrets"/vaultwarden-admin-hash
+          echo -n "$ADMIN_PWD" > "$out"/vaultwarden-admin
+          echo -n "$config" > "$out"/vaultwarden-admin-hash
        '';
      };
      vaultwarden-smtp = {
-        secret."vaultwarden-smtp" = { };
-        generator.prompt = "${cfg.smtp.from} SMTP password";
-        generator.path = with pkgs; [ coreutils ];
-        generator.script = ''
+        migrateFact = "vaultwarden-smtp";
+        prompts."vaultwarden-smtp".description = "${cfg.smtp.from} SMTP password";
+        prompts."vaultwarden-smtp".persist = true;
+        runtimeInputs = with pkgs; [ coreutils ];
+        script = ''
+          prompt_value="$(cat "$prompts"/vaultwarden-smtp)"
          config="
            SMTP_PASSWORD=\"$prompt_value\"
          "
-          echo -n "$config" > "$secrets"/vaultwarden-smtp
+          echo -n "$config" > "$out"/vaultwarden-smtp
        '';
      };
    };
@@ -129,7 +132,7 @@ in
    systemd.services."vaultwarden" = {
      serviceConfig = {
        EnvironmentFile = [
-          config.clan.core.facts.services."vaultwarden-smtp".secret."vaultwarden-smtp".path
+          config.clan.core.vars.generators."vaultwarden-smtp".files."vaultwarden-smtp".path
        ];
      };
    };
@@ -138,7 +141,7 @@ in
      enable = true;
      dbBackend = "postgresql";
      environmentFile =
-        config.clan.core.facts.services."vaultwarden-admin".secret."vaultwarden-admin-hash".path; # TODO: Make this upstream an array
+        config.clan.core.vars.generators."vaultwarden-admin".files."vaultwarden-admin-hash".path; # TODO: Make this upstream an array
      config = {
        SMTP_SECURITY = "force_tls";
        SMTP_HOST = cfg.smtp.host;