Hello,
I am trying to configure bitwarden_rs with the ability to use YubiKey 2FA. My bitwarden configuration currently looks like the following:
services.bitwarden_rs = {
enable = true;
backupDir = "/bw-backups";
config = {
domain = "https://bitwarden.taylskid.me";
signupsAllowed = false;
environmentFile = "/bw-backups/bitwarden_rs.env";
};
};
/bw-backups/bitwarden_rs.env looks like the following:
YUBICO_CLIENT_ID='9024'
YUBICO_SECRET_KEY='*******'
I have ensured both the bw-backups directory and bitwarden_rs.env are owned by bitwarden_rs:bitwarden_rs, and bitwarden_rs.env is +x (although I don’t think this is needed). When I try to manage my yubikey settings from the Bitwarden site, I get an error saying that YUBICO_CLIENT_ID
and/or YUBICO_SECRET_KEY
are not set.
I’m not entirely sure what I’m doing wrong in the above.
When I look at the generated EnvironmentFile that’s getting passed into the systemd service, it starts out like:
DATA_FOLDER=/var/lib/bitwarden_rs
DOMAIN=https://bitwarden.taylskid.me
ENVIRONMENT_FILE=/bw-backups/bitwarden_rs.env
...
Personally, I was a little bit surprised to see an EnvironmentFile reference another Environment File. My assumption was that nix would be concatenating these configurations somehow, but maybe that’s not how it works?
Any ideas would be greatly appreciated! Thanks!