-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/vaultwarden: backup all rsa_keys #318347
nixos/vaultwarden: backup all rsa_keys #318347
Conversation
@dotlambda @SuperSandro2000 looks like this didn't get auto assigned |
same for mine |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Why don't we backup |
We probably should, but note that config.json is only there if the user has changed settings via the admin page (I think, may get created in other ways, but it won't be in every install). We should probably do a command that copies everything in data except the sqlite files. I can take a look at making that work tomorrow. |
Lets merge #292857 first, to know if the backups work at all. |
cp -r "$DATA_FOLDER"/attachments "$BACKUP_FOLDER" | ||
if [[ -e "$DATA_FOLDER"/config.json ]]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SuperSandro2000 What are your thoughts on doing the same logic before doing the sqlite dump? Technically this backup script could be used with another backing DB (although a lot less useful). I know the script still continues executing, but it does produce error messages in the logs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure, why not
Can you rebase to draw in the above PR and adjust the test accordingly? That would be awesome |
9dd7384
to
57cac1d
Compare
The official documentation mentions rsa_key* as what should be backed up (https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#the-rsa_key-files). My particular install has rsa_key.pem and rsa_key.pub.pem so the existing command fails when trying to copy rsa_key.der. This change better aligns with the official documentation.
57cac1d
to
72406a5
Compare
Done. I've done some further refinements which should reduce unnecessary errors. I'm on the fence as to whether not having the script return code 0 if the data directory doesn't exist is the right thing or not. It doesn't fail the tests to not have it, but it does show up in red during testing and in the journald logs. |
Please let me know if there is anything else waiting on me before this can be merged. No rush, just want to make sure I didn't miss an action item. |
The official documentation mentions rsa_key* as what should be backed up (https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#the-rsa_key-files). My particular install has rsa_key.pem and rsa_key.pub.pem so the existing command fails when trying to copy rsa_key.der. This change better aligns with the official documentation.
Description of changes
This is a simple change to just copy all rsa_key.* files instead of specific extensions. This commit to vaultwarden actually removed the use of .der files: dani-garcia/vaultwarden@46e0f3c
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.