There’s a NixOS service for Linkwarden: https://search.nixos.org/options?channel=unstable&query=linkwarden but I couldn’t find any guides for setting it up from scratch, I have no self hosting experience. I tried services.linkwarden = { enable = true; }; and got - Linkwarden needs at least a nextauth secret to run.
I have not configured linkwarden on Nixos myself, but going trough the docs, this should be sufficient if you don’t want to use a specific database:
services.linkwarden = {
enable = true;
secretFiles = {
NEXTAUTH_SECRET= "/path/to/secret_file";
MEILI_MASTER_KEY= "/path/to/secret_file";
POSTGRES_PASSWORD= "/path/to/secret_file";
};
};
Relevant linkwarden docs:
I don’t know if you have to set the MEILI_MASTER_KEY. The NixOS options say you only need to configure NEXTAUTH_SECRET and POSTGRES_PASSWORD.
From the MR creator it looks like this is all that should be needed:
services.linkwarden = {
enable = true;
secretFiles.NEXTAUTH_SECRET = '/path/to/file';
};
2 Likes
I got the server running and created an account, but when I try logging in I get this. How do I access the logs?
services.linkwarden = {
enable = true;
secretFiles.NEXTAUTH_SECRET = config.sops.secrets."NEXTAUTH_SECRET".path;
enableRegistration = true;
};
journalctl -r -u linkwarden.service
I have set the environment variable for NEXTAUTH_URL in my config, I don’t remember why.
services.linkwarden = {
enable = true;
storageLocation = "/storage/linkwarden";
enableRegistration = false;
host = "192.168.1.55";
port = 10248;
environment = {
NEXTAUTH_URL = "http://192.168.1.55:10248/api/v1/auth";
};
secretFiles.NEXTAUTH_SECRET = config.sops.secrets.linkwarden-nextauth.path;
};
Nov 13 16:27:03 NixOS-Desktop rim9yzv14d350pzikl5spbzk8hpg5qch-linkwarden-env[2665]: code: 'NO_SECRET'
Nov 13 16:27:03 NixOS-Desktop rim9yzv14d350pzikl5spbzk8hpg5qch-linkwarden-env[2665]: at async auth (/nix/store/55w3iicdp2nnzjkz7q2s9svsrf9jk58s-linkwarden-2.13.1/share/linkwarden/apps/web/.next/server/pages/api/v1/auth/[...nextauth].js:1735:12) {
Nov 13 16:27:03 NixOS-Desktop rim9yzv14d350pzikl5spbzk8hpg5qch-linkwarden-env[2665]: at async NextAuthApiHandler (/nix/store/55w3iicdp2nnzjkz7q2s9svsrf9jk58s-linkwarden-2.13.1/share/linkwarden/node_modules/next-auth/next/index.js:22:19)
Nov 13 16:27:03 NixOS-Desktop rim9yzv14d350pzikl5spbzk8hpg5qch-linkwarden-env[2665]: at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
Nov 13 16:27:03 NixOS-Desktop rim9yzv14d350pzikl5spbzk8hpg5qch-linkwarden-env[2665]: at AuthHandler (/nix/store/55w3iicdp2nnzjkz7q2s9svsrf9jk58s-linkwarden-2.13.1/share/linkwarden/node_modules/next-auth/core/index.js:77:52)
Nov 13 16:27:03 NixOS-Desktop rim9yzv14d350pzikl5spbzk8hpg5qch-linkwarden-env[2665]: at assertConfig (/nix/store/55w3iicdp2nnzjkz7q2s9svsrf9jk58s-linkwarden-2.13.1/share/linkwarden/node_modules/next-auth/core/lib/assert.js:42:12)
Nov 13 16:27:03 NixOS-Desktop rim9yzv14d350pzikl5spbzk8hpg5qch-linkwarden-env[2665]: https://next-auth.js.org/errors#no_secret Please define a `secret` in production. MissingSecret [MissingSecretError]: Please define a `secret` in production.
I was seeing the same error but stupidly wasn’t setting the appropriate owner for my secrets file. With that fixed, I’m able to log in with the minimal config above.
Which secrets file???
The option with secretFiles in the name, presumably.
1 Like
The only one providing a required secret: NEXTAUTH_SECRET.
You put above that you’re using:
secretFiles.NEXTAUTH_SECRET = config.sops.secrets."NEXTAUTH_SECRET".path;
In this case, I’m also using sops; in my case, I had to set something analagous to
sops.secrets.NEXTAUTH_SECRET.owner = config.services.linkwarden.user;
(This should be obvious, was just something I overlooked. By default sops secret files are 0400 root:root, so the linkwarden user wouldn’t be able to see them.)
1 Like