services/vaultwarden: cleanup troubleshooting

2021-09-26 10:48:40 +02:00 · 2021-09-26 10:48:40 +02:00 · 0f8bc950ca
parent 684f2fa19e
commit 0f8bc950ca
1 changed files with 4 additions and 10 deletions
--- a/services/vaultwarden.nix
+++ b/services/vaultwarden.nix
@ -4,6 +4,7 @@
  services.vaultwarden = {
    enable = true;
    config = {
+      DATA_FOLDER="/persist/var/lib/vaultwarden/data";
      LOG_LEVEL="error";
      SIGNUPS_ALLOWED=false;
      SIGNUPS_VERIFY=true;
@ -25,25 +26,18 @@
      SMTP_PORT=587;
      SMTP_USERNAME="noreply@infra4future.de";

-      DATA_FOLDER="/persist/var/lib/vaultwarden/data";
    };
-    # currently missing SMPT_PASSWORD
-    environmentFile = "/persist/var/lib/vaultwarden/vaultwarden.env";
+    environmentFile = "/persist/var/lib/vaultwarden/vaultwarden.env"; #contains SMTP_PASSWORD
    dbBackend = "sqlite";
-
    backupDir = "/persist/data/vaultwarden_backups/";
  };

-  systemd.services.backup-vaultwarden.environment.DATA_FOLDER =
-    lib.mkForce "/persist/var/lib/vaultwarden/data";
-
+  #work around ProtectSystem=strict, cleanup
  systemd.services.vaultwarden.serviceConfig = {
-    StateDirectory =
-      lib.mkForce "vaultwarden";
    ReadWritePaths = [ "/persist/var/lib/vaultwarden" ];
+    StateDirectory = lib.mkForce "";
  };

-
  services.nginx.virtualHosts."pw.hacc.space" = {
    locations."/" = {
      proxyPass = "http://127.0.0.1:5354";