Issues trying to set services.bitwarden_rs.environmentFile


I am trying to configure bitwarden_rs with the ability to use YubiKey 2FA. My bitwarden configuration currently looks like the following:

  services.bitwarden_rs = {
    enable = true;
    backupDir = "/bw-backups";
    config = {
      domain = "";
      signupsAllowed = false;
      environmentFile = "/bw-backups/bitwarden_rs.env";

/bw-backups/bitwarden_rs.env looks like the following:


I have ensured both the bw-backups directory and bitwarden_rs.env are owned by bitwarden_rs:bitwarden_rs, and bitwarden_rs.env is +x (although I don’t think this is needed). When I try to manage my yubikey settings from the Bitwarden site, I get an error saying that YUBICO_CLIENT_ID and/or YUBICO_SECRET_KEY are not set.

I’m not entirely sure what I’m doing wrong in the above.

When I look at the generated EnvironmentFile that’s getting passed into the systemd service, it starts out like:


Personally, I was a little bit surprised to see an EnvironmentFile reference another Environment File. My assumption was that nix would be concatenating these configurations somehow, but maybe that’s not how it works?

Any ideas would be greatly appreciated! Thanks!

Did you ever figure this out? My thought was to override the path of the env file with a fixed one

There doesn’t seem to be any special handling for that on the service module part. systemd itself supports multiple environment files, so this might work depending on how NixOS merges the value of EnvironmentFile: = ["/bw-backups/bitwarden_rs.env"];

I don’t know if there is any convention about this in Nixpkgs, but it looks like the module could also be change to assign the environment variables directly through instead of using an EnvironmentFile.

1 Like