Issues trying to set services.bitwarden_rs.environmentFile

taylskid · November 7, 2020, 5:21pm

Hello,

I am trying to configure bitwarden_rs with the ability to use YubiKey 2FA. My bitwarden configuration currently looks like the following:

  services.bitwarden_rs = {
    enable = true;
    backupDir = "/bw-backups";
    config = {
      domain = "https://bitwarden.taylskid.me";
      signupsAllowed = false;
      environmentFile = "/bw-backups/bitwarden_rs.env";
    };
  };

/bw-backups/bitwarden_rs.env looks like the following:

YUBICO_CLIENT_ID='9024'
YUBICO_SECRET_KEY='*******'

I have ensured both the bw-backups directory and bitwarden_rs.env are owned by bitwarden_rs:bitwarden_rs, and bitwarden_rs.env is +x (although I don’t think this is needed). When I try to manage my yubikey settings from the Bitwarden site, I get an error saying that YUBICO_CLIENT_ID and/or YUBICO_SECRET_KEY are not set.

I’m not entirely sure what I’m doing wrong in the above.

When I look at the generated EnvironmentFile that’s getting passed into the systemd service, it starts out like:

DATA_FOLDER=/var/lib/bitwarden_rs
DOMAIN=https://bitwarden.taylskid.me
ENVIRONMENT_FILE=/bw-backups/bitwarden_rs.env
...

Personally, I was a little bit surprised to see an EnvironmentFile reference another Environment File. My assumption was that nix would be concatenating these configurations somehow, but maybe that’s not how it works?

Any ideas would be greatly appreciated! Thanks!

pinpox · November 26, 2020, 10:57am

Did you ever figure this out? My thought was to override the path of the env file with a fixed one

AluisioASG · November 26, 2020, 12:48pm

There doesn’t seem to be any special handling for that on the service module part. systemd itself supports multiple environment files, so this might work depending on how NixOS merges the value of EnvironmentFile:

systemd.services.bitwarden_rs.serviceConfig.EnvironmentFile = ["/bw-backups/bitwarden_rs.env"];

I don’t know if there is any convention about this in Nixpkgs, but it looks like the module could also be change to assign the environment variables directly through systemd.services.bitwarden_rs.environment instead of using an EnvironmentFile.