summary refs log tree commit diff
path: root/pkgs/tools/security/vaultwarden/update.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security/vaultwarden/update.nix')
-rw-r--r--pkgs/tools/security/vaultwarden/update.nix31
1 files changed, 17 insertions, 14 deletions
diff --git a/pkgs/tools/security/vaultwarden/update.nix b/pkgs/tools/security/vaultwarden/update.nix
index c2c03413cc4..4d0c6c4a504 100644
--- a/pkgs/tools/security/vaultwarden/update.nix
+++ b/pkgs/tools/security/vaultwarden/update.nix
@@ -1,4 +1,4 @@
-{ writeShellScript
+{ writeShellApplication
 , lib
 , nix
 , nix-prefetch-git
@@ -8,20 +8,23 @@
 , gnugrep
 , gnused
 , jq
+, yq
 }:
 
-writeShellScript "update-vaultwarden" ''
-  PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix nix-prefetch-git nix-update ]}
+lib.getExe (writeShellApplication {
+  name = "update-vaultwarden";
+  runtimeInputs = [ curl git gnugrep gnused jq yq nix nix-prefetch-git nix-update ];
 
-  set -euxo pipefail
+  text = ''
+    VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name')
+    nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"
 
-  VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name')
-  nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"
-
-  URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2"
-  WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"v([^\"]+)\".*/\\1/")
-  old_hash=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash)
-  new_hash=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256"))
-  sed -e "s#$old_hash#$new_hash#" -i pkgs/tools/security/vaultwarden/webvault.nix
-  nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"
-''
+    URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/DockerSettings.yaml"
+    WEBVAULT_VERSION="$(curl --silent "$URL" | yq -r ".vault_version" | sed s/^v//)"
+    old_hash="$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash)"
+    new_hash="$(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256")"
+    new_hash_sri="$(nix --extra-experimental-features nix-command hash to-sri --type sha256 "$new_hash")"
+    sed -e "s#$old_hash#$new_hash_sri#" -i pkgs/tools/security/vaultwarden/webvault.nix
+    nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"
+  '';
+})
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-06 13:55:04 +0000