From 76362dd7eb2622f7809961b400f357f360de537f Mon Sep 17 00:00:00 2001
From: WilliButz <wbutz@cyberfnord.de>
Date: Mon, 7 Sep 2020 16:39:18 +0200
Subject: nixos/bitwarden_rs: add environmentFile option

Add the option `environmentFile` to allow passing secrets to the service
without adding them to the Nix store, while keeping the current
configuration via the existing environment file intact.
---
 .../services/security/bitwarden_rs/default.nix        | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'nixos/modules/services/security/bitwarden_rs/default.nix')

diff --git a/nixos/modules/services/security/bitwarden_rs/default.nix b/nixos/modules/services/security/bitwarden_rs/default.nix
index 903a5327037..a04bc883bf0 100644
--- a/nixos/modules/services/security/bitwarden_rs/default.nix
+++ b/nixos/modules/services/security/bitwarden_rs/default.nix
@@ -81,6 +81,23 @@ in {
         <link xlink:href="https://github.com/dani-garcia/bitwarden_rs/blob/${bitwarden_rs.version}/.env.template">the environment template file</link>.
       '';
     };
+
+    environmentFile = mkOption {
+      type = with types; nullOr path;
+      default = null;
+      example = "/root/bitwarden_rs.env";
+      description = ''
+        Additional environment file as defined in <citerefentry>
+        <refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
+        </citerefentry>.
+
+        Secrets like <envar>ADMIN_TOKEN</envar> and <envar>SMTP_PASSWORD</envar>
+        may be passed to the service without adding them to the world-readable Nix store.
+
+        Note that this file needs to be available on the host on which
+        <literal>bitwarden_rs</literal> is running.
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
@@ -101,7 +118,7 @@ in {
       serviceConfig = {
         User = user;
         Group = group;
-        EnvironmentFile = configFile;
+        EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
         ExecStart = "${bitwarden_rs}/bin/bitwarden_rs";
         LimitNOFILE = "1048576";
         LimitNPROC = "64";
-- 
cgit 1.4.1


From d95960e2755c1c2a8913cc27d0daada84c0c560c Mon Sep 17 00:00:00 2001
From: Ivan Kozik <ivan@ludios.org>
Date: Mon, 24 May 2021 03:44:15 +0000
Subject: nixos/bitwarden_rs: fix startup on 32 thread machines

LimitNPROC=64 is too low for bitwarden_rs to start on a 32 thread machine.
Remove the limit.

This fixes:

```
bitwarden_rs[38701]: /--------------------------------------------------------------------\
bitwarden_rs[38701]: |                       Starting Bitwarden_RS                        |
bitwarden_rs[38701]: |--------------------------------------------------------------------|
bitwarden_rs[38701]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
bitwarden_rs[38701]: | official channels to report bugs/features, regardless of client.   |
bitwarden_rs[38701]: | Send usage/configuration questions or feature requests to:         |
bitwarden_rs[38701]: |   https://bitwardenrs.discourse.group/                             |
bitwarden_rs[38701]: | Report suspected bugs/issues in the software itself at:            |
bitwarden_rs[38701]: |   https://github.com/dani-garcia/bitwarden_rs/issues/new           |
bitwarden_rs[38701]: \--------------------------------------------------------------------/
bitwarden_rs[38701]: [INFO] No .env file found.
bitwarden_rs[38701]: [2021-05-24 03:34:41.121][bitwarden_rs::api::core::sends][INFO] Initiating send deletion
bitwarden_rs[38701]: [2021-05-24 03:34:41.122][start][INFO] Rocket has launched from http://127.0.0.1:8222
bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'unnamed' panicked at 'failed to spawn thread: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }': /build/rustc-1.52.1-src/library/std/src/thread/mod.rs:620
bitwarden_rs[38701]:    0: bitwarden_rs::init_logging::{{closure}}
bitwarden_rs[38701]:    1: std::panicking::rust_panic_with_hook
bitwarden_rs[38701]:    2: std::panicking::begin_panic_handler::{{closure}}
bitwarden_rs[38701]:    3: std::sys_common::backtrace::__rust_end_short_backtrace
bitwarden_rs[38701]:    4: rust_begin_unwind
bitwarden_rs[38701]:    5: core::panicking::panic_fmt
bitwarden_rs[38701]:    6: core::result::unwrap_failed
bitwarden_rs[38701]:    7: hyper::server::listener::spawn_with
bitwarden_rs[38701]:    8: hyper::server::listener::ListenerPool<A>::accept
bitwarden_rs[38701]:    9: std::sys_common::backtrace::__rust_begin_short_backtrace
bitwarden_rs[38701]:   10: core::ops::function::FnOnce::call_once{{vtable.shim}}
bitwarden_rs[38701]:   11: std::sys::unix::thread::Thread::new::thread_start
bitwarden_rs[38701]:   12: start_thread
bitwarden_rs[38701]:   13: __GI___clone
bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'main' panicked at 'internal error: entered unreachable code: the call to `handle_threads` should block on success': /build/bitwarden_rs-1.20.0-vendor.tar.gz/rocket/src/rocket.rs:751
bitwarden_rs[38701]:    0: bitwarden_rs::init_logging::{{closure}}
bitwarden_rs[38701]:    1: std::panicking::rust_panic_with_hook
bitwarden_rs[38701]:    2: std::panicking::begin_panic_handler::{{closure}}
bitwarden_rs[38701]:    3: std::sys_common::backtrace::__rust_end_short_backtrace
bitwarden_rs[38701]:    4: rust_begin_unwind
bitwarden_rs[38701]:    5: core::panicking::panic_fmt
bitwarden_rs[38701]:    6: rocket::rocket::Rocket::launch
bitwarden_rs[38701]:    7: bitwarden_rs::main
bitwarden_rs[38701]:    8: std::sys_common::backtrace::__rust_begin_short_backtrace
bitwarden_rs[38701]:    9: std::rt::lang_start::{{closure}}
bitwarden_rs[38701]:   10: std::rt::lang_start_internal
bitwarden_rs[38701]:   11: main
```
---
 nixos/modules/services/security/bitwarden_rs/default.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'nixos/modules/services/security/bitwarden_rs/default.nix')

diff --git a/nixos/modules/services/security/bitwarden_rs/default.nix b/nixos/modules/services/security/bitwarden_rs/default.nix
index a04bc883bf0..bed59dbf821 100644
--- a/nixos/modules/services/security/bitwarden_rs/default.nix
+++ b/nixos/modules/services/security/bitwarden_rs/default.nix
@@ -121,7 +121,6 @@ in {
         EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
         ExecStart = "${bitwarden_rs}/bin/bitwarden_rs";
         LimitNOFILE = "1048576";
-        LimitNPROC = "64";
         PrivateTmp = "true";
         PrivateDevices = "true";
         ProtectHome = "true";
-- 
cgit 1.4.1


From dc1b56c714095d787f52c45c83723944dfeef779 Mon Sep 17 00:00:00 2001
From: K900 <me@0upti.me>
Date: Thu, 1 Jul 2021 12:14:51 +0300
Subject: vaultwarden: update to 1.22.1, rename from bitwarden_rs

I tried to make this as non-breaking as possible, but it will still
break things slightly for people expecting certain file names in the
packages themselves.
---
 .../from_md/release-notes/rl-2111.section.xml      | 110 ++++++++++++
 nixos/doc/manual/release-notes/rl-2111.section.md  |  26 +++
 nixos/modules/module-list.nix                      |   2 +-
 .../services/security/bitwarden_rs/backup.sh       |  17 --
 .../services/security/bitwarden_rs/default.nix     | 161 ------------------
 .../services/security/vaultwarden/backup.sh        |  17 ++
 .../services/security/vaultwarden/default.nix      | 168 ++++++++++++++++++
 nixos/tests/all-tests.nix                          |   2 +-
 nixos/tests/bitwarden.nix                          | 189 ---------------------
 nixos/tests/vaultwarden.nix                        | 189 +++++++++++++++++++++
 .../python-modules/selenium/default.nix            |   2 +-
 pkgs/tools/security/bitwarden_rs/default.nix       |  46 -----
 pkgs/tools/security/bitwarden_rs/vault.nix         |  28 ---
 pkgs/tools/security/vaultwarden/default.nix        |  47 +++++
 pkgs/tools/security/vaultwarden/vault.nix          |  28 +++
 pkgs/top-level/aliases.nix                         |   8 +
 pkgs/top-level/all-packages.nix                    |  18 +-
 17 files changed, 605 insertions(+), 453 deletions(-)
 delete mode 100644 nixos/modules/services/security/bitwarden_rs/backup.sh
 delete mode 100644 nixos/modules/services/security/bitwarden_rs/default.nix
 create mode 100644 nixos/modules/services/security/vaultwarden/backup.sh
 create mode 100644 nixos/modules/services/security/vaultwarden/default.nix
 delete mode 100644 nixos/tests/bitwarden.nix
 create mode 100644 nixos/tests/vaultwarden.nix
 delete mode 100644 pkgs/tools/security/bitwarden_rs/default.nix
 delete mode 100644 pkgs/tools/security/bitwarden_rs/vault.nix
 create mode 100644 pkgs/tools/security/vaultwarden/default.nix
 create mode 100644 pkgs/tools/security/vaultwarden/vault.nix

(limited to 'nixos/modules/services/security/bitwarden_rs/default.nix')

diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
index abd10a6f9a7..6f4079ea9bb 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@@ -339,6 +339,116 @@
           release instead of the old 2.31.0 version.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          The <literal>bitwarden_rs</literal> packages and modules were
+          renamed to <literal>vaultwarden</literal>
+          <link xlink:href="https://github.com/dani-garcia/vaultwarden/discussions/1642">following
+          upstream</link>. More specifically,
+        </para>
+        <itemizedlist>
+          <listitem>
+            <para>
+              <literal>pkgs.bitwarden_rs</literal>,
+              <literal>pkgs.bitwarden_rs-sqlite</literal>,
+              <literal>pkgs.bitwarden_rs-mysql</literal> and
+              <literal>pkgs.bitwarden_rs-postgresql</literal> were
+              renamed to <literal>pkgs.vaultwarden</literal>,
+              <literal>pkgs.vaultwarden-sqlite</literal>,
+              <literal>pkgs.vaultwarden-mysql</literal> and
+              <literal>pkgs.vaultwarden-postgresql</literal>,
+              respectively.
+            </para>
+            <itemizedlist spacing="compact">
+              <listitem>
+                <para>
+                  Old names are preserved as aliases for backwards
+                  compatibility, but may be removed in the future.
+                </para>
+              </listitem>
+              <listitem>
+                <para>
+                  The <literal>bitwarden_rs</literal> executable was
+                  also renamed to <literal>vaultwarden</literal> in all
+                  packages.
+                </para>
+              </listitem>
+            </itemizedlist>
+          </listitem>
+          <listitem>
+            <para>
+              <literal>pkgs.bitwarden_rs-vault</literal> was renamed to
+              <literal>pkgs.vaultwarden-vault</literal>.
+            </para>
+            <itemizedlist spacing="compact">
+              <listitem>
+                <para>
+                  <literal>pkgs.bitwarden_rs-vault</literal> is
+                  preserved as an alias for backwards compatibility, but
+                  may be removed in the future.
+                </para>
+              </listitem>
+              <listitem>
+                <para>
+                  The static files were moved from
+                  <literal>/usr/share/bitwarden_rs</literal> to
+                  <literal>/usr/share/vaultwarden</literal>.
+                </para>
+              </listitem>
+            </itemizedlist>
+          </listitem>
+          <listitem>
+            <para>
+              The <literal>services.bitwarden_rs</literal> config module
+              was renamed to <literal>services.vaultwarden</literal>.
+            </para>
+            <itemizedlist spacing="compact">
+              <listitem>
+                <para>
+                  <literal>services.bitwarden_rs</literal> is preserved
+                  as an alias for backwards compatibility, but may be
+                  removed in the future.
+                </para>
+              </listitem>
+            </itemizedlist>
+          </listitem>
+          <listitem>
+            <para>
+              <literal>systemd.services.bitwarden_rs</literal>,
+              <literal>systemd.services.backup-bitwarden_rs</literal>
+              and <literal>systemd.timers.backup-bitwarden_rs</literal>
+              were renamed to
+              <literal>systemd.services.vaultwarden</literal>,
+              <literal>systemd.services.backup-vaultwarden</literal> and
+              <literal>systemd.timers.backup-vaultwarden</literal>,
+              respectively.
+            </para>
+            <itemizedlist spacing="compact">
+              <listitem>
+                <para>
+                  Old names are preserved as aliases for backwards
+                  compatibility, but may be removed in the future.
+                </para>
+              </listitem>
+            </itemizedlist>
+          </listitem>
+          <listitem>
+            <para>
+              <literal>users.users.bitwarden_rs</literal> and
+              <literal>users.groups.bitwarden_rs</literal> were renamed
+              to <literal>users.users.vaultwarden</literal> and
+              <literal>users.groups.vaultwarden</literal>, respectively.
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+              The data directory remains located at
+              <literal>/var/lib/bitwarden_rs</literal>, for backwards
+              compatibility.
+            </para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
     </itemizedlist>
   </section>
   <section xml:id="sec-release-21.11-notable-changes">
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md
index 1b7250a1815..1f532a296ea 100644
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@@ -85,6 +85,32 @@ In addition to numerous new and upgraded packages, this release has the followin
 * The `libwnck` package now defaults to the 3.x release instead of the
   old 2.31.0 version.
 
+* The `bitwarden_rs` packages and modules were renamed to `vaultwarden`
+  [following upstream](https://github.com/dani-garcia/vaultwarden/discussions/1642). More specifically,
+
+  * `pkgs.bitwarden_rs`, `pkgs.bitwarden_rs-sqlite`, `pkgs.bitwarden_rs-mysql` and
+    `pkgs.bitwarden_rs-postgresql` were renamed to `pkgs.vaultwarden`, `pkgs.vaultwarden-sqlite`,
+    `pkgs.vaultwarden-mysql` and `pkgs.vaultwarden-postgresql`, respectively.
+    * Old names are preserved as aliases for backwards compatibility, but may be removed in the future.
+    * The `bitwarden_rs` executable was also renamed to `vaultwarden` in all packages.
+
+  * `pkgs.bitwarden_rs-vault` was renamed to `pkgs.vaultwarden-vault`.
+    * `pkgs.bitwarden_rs-vault` is preserved as an alias for backwards compatibility, but may be removed in the future.
+    * The static files were moved from `/usr/share/bitwarden_rs` to `/usr/share/vaultwarden`.
+
+  * The `services.bitwarden_rs` config module was renamed to `services.vaultwarden`.
+    * `services.bitwarden_rs` is preserved as an alias for backwards compatibility, but may be removed in the future.
+
+  * `systemd.services.bitwarden_rs`, `systemd.services.backup-bitwarden_rs` and `systemd.timers.backup-bitwarden_rs`
+    were renamed to `systemd.services.vaultwarden`, `systemd.services.backup-vaultwarden` and
+    `systemd.timers.backup-vaultwarden`, respectively.
+    * Old names are preserved as aliases for backwards compatibility, but may be removed in the future.
+
+  * `users.users.bitwarden_rs` and `users.groups.bitwarden_rs` were renamed to `users.users.vaultwarden` and
+    `users.groups.vaultwarden`, respectively.
+
+  * The data directory remains located at `/var/lib/bitwarden_rs`, for backwards compatibility.
+
 ## Other Notable Changes {#sec-release-21.11-notable-changes}
 
 - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 2d0f5d37f9e..7eb4c7e922e 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -874,7 +874,6 @@
   ./services/search/hound.nix
   ./services/search/kibana.nix
   ./services/search/solr.nix
-  ./services/security/bitwarden_rs/default.nix
   ./services/security/certmgr.nix
   ./services/security/cfssl.nix
   ./services/security/clamav.nix
@@ -900,6 +899,7 @@
   ./services/security/torsocks.nix
   ./services/security/usbguard.nix
   ./services/security/vault.nix
+  ./services/security/vaultwarden/default.nix
   ./services/security/yubikey-agent.nix
   ./services/system/cloud-init.nix
   ./services/system/dbus.nix
diff --git a/nixos/modules/services/security/bitwarden_rs/backup.sh b/nixos/modules/services/security/bitwarden_rs/backup.sh
deleted file mode 100644
index 264a7da9cbb..00000000000
--- a/nixos/modules/services/security/bitwarden_rs/backup.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-# Based on: https://github.com/dani-garcia/bitwarden_rs/wiki/Backing-up-your-vault
-if ! mkdir -p "$BACKUP_FOLDER"; then
-  echo "Could not create backup folder '$BACKUP_FOLDER'" >&2
-  exit 1
-fi
-
-if [[ ! -f "$DATA_FOLDER"/db.sqlite3 ]]; then
-  echo "Could not find SQLite database file '$DATA_FOLDER/db.sqlite3'" >&2
-  exit 1
-fi
-
-sqlite3 "$DATA_FOLDER"/db.sqlite3 ".backup '$BACKUP_FOLDER/db.sqlite3'"
-cp "$DATA_FOLDER"/rsa_key.{der,pem,pub.der} "$BACKUP_FOLDER"
-cp -r "$DATA_FOLDER"/attachments "$BACKUP_FOLDER"
-cp -r "$DATA_FOLDER"/icon_cache "$BACKUP_FOLDER"
diff --git a/nixos/modules/services/security/bitwarden_rs/default.nix b/nixos/modules/services/security/bitwarden_rs/default.nix
deleted file mode 100644
index bed59dbf821..00000000000
--- a/nixos/modules/services/security/bitwarden_rs/default.nix
+++ /dev/null
@@ -1,161 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.bitwarden_rs;
-  user = config.users.users.bitwarden_rs.name;
-  group = config.users.groups.bitwarden_rs.name;
-
-  # Convert name from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
-  nameToEnvVar = name:
-    let
-      parts = builtins.split "([A-Z0-9]+)" name;
-      partsToEnvVar = parts: foldl' (key: x: let last = stringLength key - 1; in
-        if isList x then key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
-        else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ]
-          substring 0 last key + optionalString (substring (last - 1) 1 key != "_") "_" + substring last 1 key + toUpper x
-        else key + toUpper x) "" parts;
-    in if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts;
-
-  # Due to the different naming schemes allowed for config keys,
-  # we can only check for values consistently after converting them to their corresponding environment variable name.
-  configEnv =
-    let
-      configEnv = listToAttrs (concatLists (mapAttrsToList (name: value:
-        if value != null then [ (nameValuePair (nameToEnvVar name) (if isBool value then boolToString value else toString value)) ] else []
-      ) cfg.config));
-    in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
-      WEB_VAULT_FOLDER = "${pkgs.bitwarden_rs-vault}/share/bitwarden_rs/vault";
-    } // configEnv;
-
-  configFile = pkgs.writeText "bitwarden_rs.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
-
-  bitwarden_rs = pkgs.bitwarden_rs.override { inherit (cfg) dbBackend; };
-
-in {
-  options.services.bitwarden_rs = with types; {
-    enable = mkEnableOption "bitwarden_rs";
-
-    dbBackend = mkOption {
-      type = enum [ "sqlite" "mysql" "postgresql" ];
-      default = "sqlite";
-      description = ''
-        Which database backend bitwarden_rs will be using.
-      '';
-    };
-
-    backupDir = mkOption {
-      type = nullOr str;
-      default = null;
-      description = ''
-        The directory under which bitwarden_rs will backup its persistent data.
-      '';
-    };
-
-    config = mkOption {
-      type = attrsOf (nullOr (oneOf [ bool int str ]));
-      default = {};
-      example = literalExample ''
-        {
-          domain = "https://bw.domain.tld:8443";
-          signupsAllowed = true;
-          rocketPort = 8222;
-          rocketLog = "critical";
-        }
-      '';
-      description = ''
-        The configuration of bitwarden_rs is done through environment variables,
-        therefore the names are converted from camel case (e.g. disable2FARemember)
-        to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
-        In this conversion digits (0-9) are handled just like upper case characters,
-        so foo2 would be converted to FOO_2.
-        Names already in this format remain unchanged, so FOO2 remains FOO2 if passed as such,
-        even though foo2 would have been converted to FOO_2.
-        This allows working around any potential future conflicting naming conventions.
-
-        Based on the attributes passed to this config option an environment file will be generated
-        that is passed to bitwarden_rs's systemd service.
-
-        The available configuration options can be found in
-        <link xlink:href="https://github.com/dani-garcia/bitwarden_rs/blob/${bitwarden_rs.version}/.env.template">the environment template file</link>.
-      '';
-    };
-
-    environmentFile = mkOption {
-      type = with types; nullOr path;
-      default = null;
-      example = "/root/bitwarden_rs.env";
-      description = ''
-        Additional environment file as defined in <citerefentry>
-        <refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
-        </citerefentry>.
-
-        Secrets like <envar>ADMIN_TOKEN</envar> and <envar>SMTP_PASSWORD</envar>
-        may be passed to the service without adding them to the world-readable Nix store.
-
-        Note that this file needs to be available on the host on which
-        <literal>bitwarden_rs</literal> is running.
-      '';
-    };
-  };
-
-  config = mkIf cfg.enable {
-    assertions = [ {
-      assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
-      message = "Backups for database backends other than sqlite will need customization";
-    } ];
-
-    users.users.bitwarden_rs = {
-      inherit group;
-      isSystemUser = true;
-    };
-    users.groups.bitwarden_rs = { };
-
-    systemd.services.bitwarden_rs = {
-      after = [ "network.target" ];
-      path = with pkgs; [ openssl ];
-      serviceConfig = {
-        User = user;
-        Group = group;
-        EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
-        ExecStart = "${bitwarden_rs}/bin/bitwarden_rs";
-        LimitNOFILE = "1048576";
-        PrivateTmp = "true";
-        PrivateDevices = "true";
-        ProtectHome = "true";
-        ProtectSystem = "strict";
-        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
-        StateDirectory = "bitwarden_rs";
-      };
-      wantedBy = [ "multi-user.target" ];
-    };
-
-    systemd.services.backup-bitwarden_rs = mkIf (cfg.backupDir != null) {
-      description = "Backup bitwarden_rs";
-      environment = {
-        DATA_FOLDER = "/var/lib/bitwarden_rs";
-        BACKUP_FOLDER = cfg.backupDir;
-      };
-      path = with pkgs; [ sqlite ];
-      serviceConfig = {
-        SyslogIdentifier = "backup-bitwarden_rs";
-        Type = "oneshot";
-        User = mkDefault user;
-        Group = mkDefault group;
-        ExecStart = "${pkgs.bash}/bin/bash ${./backup.sh}";
-      };
-      wantedBy = [ "multi-user.target" ];
-    };
-
-    systemd.timers.backup-bitwarden_rs = mkIf (cfg.backupDir != null) {
-      description = "Backup bitwarden_rs on time";
-      timerConfig = {
-        OnCalendar = mkDefault "23:00";
-        Persistent = "true";
-        Unit = "backup-bitwarden_rs.service";
-      };
-      wantedBy = [ "multi-user.target" ];
-    };
-  };
-}
diff --git a/nixos/modules/services/security/vaultwarden/backup.sh b/nixos/modules/services/security/vaultwarden/backup.sh
new file mode 100644
index 00000000000..2a3de0ab1de
--- /dev/null
+++ b/nixos/modules/services/security/vaultwarden/backup.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# Based on: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
+if ! mkdir -p "$BACKUP_FOLDER"; then
+  echo "Could not create backup folder '$BACKUP_FOLDER'" >&2
+  exit 1
+fi
+
+if [[ ! -f "$DATA_FOLDER"/db.sqlite3 ]]; then
+  echo "Could not find SQLite database file '$DATA_FOLDER/db.sqlite3'" >&2
+  exit 1
+fi
+
+sqlite3 "$DATA_FOLDER"/db.sqlite3 ".backup '$BACKUP_FOLDER/db.sqlite3'"
+cp "$DATA_FOLDER"/rsa_key.{der,pem,pub.der} "$BACKUP_FOLDER"
+cp -r "$DATA_FOLDER"/attachments "$BACKUP_FOLDER"
+cp -r "$DATA_FOLDER"/icon_cache "$BACKUP_FOLDER"
diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix
new file mode 100644
index 00000000000..940ac7832da
--- /dev/null
+++ b/nixos/modules/services/security/vaultwarden/default.nix
@@ -0,0 +1,168 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.vaultwarden;
+  user = config.users.users.vaultwarden.name;
+  group = config.users.groups.vaultwarden.name;
+
+  # Convert name from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
+  nameToEnvVar = name:
+    let
+      parts = builtins.split "([A-Z0-9]+)" name;
+      partsToEnvVar = parts: foldl' (key: x: let last = stringLength key - 1; in
+        if isList x then key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
+        else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ]
+          substring 0 last key + optionalString (substring (last - 1) 1 key != "_") "_" + substring last 1 key + toUpper x
+        else key + toUpper x) "" parts;
+    in if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts;
+
+  # Due to the different naming schemes allowed for config keys,
+  # we can only check for values consistently after converting them to their corresponding environment variable name.
+  configEnv =
+    let
+      configEnv = listToAttrs (concatLists (mapAttrsToList (name: value:
+        if value != null then [ (nameValuePair (nameToEnvVar name) (if isBool value then boolToString value else toString value)) ] else []
+      ) cfg.config));
+    in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
+      WEB_VAULT_FOLDER = "${pkgs.vaultwarden-vault}/share/vaultwarden/vault";
+    } // configEnv;
+
+  configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
+
+  vaultwarden = pkgs.vaultwarden.override { inherit (cfg) dbBackend; };
+
+in {
+  imports = [
+    (mkRenamedOptionModule [ "services" "bitwarden_rs" ] [ "services" "vaultwarden" ])
+  ];
+
+  options.services.vaultwarden = with types; {
+    enable = mkEnableOption "vaultwarden";
+
+    dbBackend = mkOption {
+      type = enum [ "sqlite" "mysql" "postgresql" ];
+      default = "sqlite";
+      description = ''
+        Which database backend vaultwarden will be using.
+      '';
+    };
+
+    backupDir = mkOption {
+      type = nullOr str;
+      default = null;
+      description = ''
+        The directory under which vaultwarden will backup its persistent data.
+      '';
+    };
+
+    config = mkOption {
+      type = attrsOf (nullOr (oneOf [ bool int str ]));
+      default = {};
+      example = literalExample ''
+        {
+          domain = "https://bw.domain.tld:8443";
+          signupsAllowed = true;
+          rocketPort = 8222;
+          rocketLog = "critical";
+        }
+      '';
+      description = ''
+        The configuration of vaultwarden is done through environment variables,
+        therefore the names are converted from camel case (e.g. disable2FARemember)
+        to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
+        In this conversion digits (0-9) are handled just like upper case characters,
+        so foo2 would be converted to FOO_2.
+        Names already in this format remain unchanged, so FOO2 remains FOO2 if passed as such,
+        even though foo2 would have been converted to FOO_2.
+        This allows working around any potential future conflicting naming conventions.
+
+        Based on the attributes passed to this config option an environment file will be generated
+        that is passed to vaultwarden's systemd service.
+
+        The available configuration options can be found in
+        <link xlink:href="https://github.com/dani-garcia/vaultwarden/blob/${vaultwarden.version}/.env.template">the environment template file</link>.
+      '';
+    };
+
+    environmentFile = mkOption {
+      type = with types; nullOr path;
+      default = null;
+      example = "/root/vaultwarden.env";
+      description = ''
+        Additional environment file as defined in <citerefentry>
+        <refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
+        </citerefentry>.
+
+        Secrets like <envar>ADMIN_TOKEN</envar> and <envar>SMTP_PASSWORD</envar>
+        may be passed to the service without adding them to the world-readable Nix store.
+
+        Note that this file needs to be available on the host on which
+        <literal>vaultwarden</literal> is running.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [ {
+      assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
+      message = "Backups for database backends other than sqlite will need customization";
+    } ];
+
+    users.users.vaultwarden = {
+      inherit group;
+      isSystemUser = true;
+    };
+    users.groups.vaultwarden = { };
+
+    systemd.services.vaultwarden = {
+      aliases = [ "bitwarden_rs" ];
+      after = [ "network.target" ];
+      path = with pkgs; [ openssl ];
+      serviceConfig = {
+        User = user;
+        Group = group;
+        EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
+        ExecStart = "${vaultwarden}/bin/vaultwarden";
+        LimitNOFILE = "1048576";
+        PrivateTmp = "true";
+        PrivateDevices = "true";
+        ProtectHome = "true";
+        ProtectSystem = "strict";
+        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+        StateDirectory = "bitwarden_rs";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+
+    systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) {
+      aliases = [ "backup-bitwarden_rs" ];
+      description = "Backup vaultwarden";
+      environment = {
+        DATA_FOLDER = "/var/lib/bitwarden_rs";
+        BACKUP_FOLDER = cfg.backupDir;
+      };
+      path = with pkgs; [ sqlite ];
+      serviceConfig = {
+        SyslogIdentifier = "backup-vaultwarden";
+        Type = "oneshot";
+        User = mkDefault user;
+        Group = mkDefault group;
+        ExecStart = "${pkgs.bash}/bin/bash ${./backup.sh}";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+
+    systemd.timers.backup-vaultwarden = mkIf (cfg.backupDir != null) {
+      aliases = [ "backup-bitwarden_rs" ];
+      description = "Backup vaultwarden on time";
+      timerConfig = {
+        OnCalendar = mkDefault "23:00";
+        Persistent = "true";
+        Unit = "backup-vaultwarden.service";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+  };
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index b5126be8af7..4c72f30f7be 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -42,7 +42,6 @@ in
   bind = handleTest ./bind.nix {};
   bitcoind = handleTest ./bitcoind.nix {};
   bittorrent = handleTest ./bittorrent.nix {};
-  bitwarden = handleTest ./bitwarden.nix {};
   blockbook-frontend = handleTest ./blockbook-frontend.nix {};
   boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64
   boot-stage1 = handleTest ./boot-stage1.nix {};
@@ -446,6 +445,7 @@ in
   v2ray = handleTest ./v2ray.nix {};
   vault = handleTest ./vault.nix {};
   vault-postgresql = handleTest ./vault-postgresql.nix {};
+  vaultwarden = handleTest ./vaultwarden.nix {};
   vector = handleTest ./vector.nix {};
   victoriametrics = handleTest ./victoriametrics.nix {};
   virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
diff --git a/nixos/tests/bitwarden.nix b/nixos/tests/bitwarden.nix
deleted file mode 100644
index f64cf171f01..00000000000
--- a/nixos/tests/bitwarden.nix
+++ /dev/null
@@ -1,189 +0,0 @@
-{ system ? builtins.currentSystem
-, config ? { }
-, pkgs ? import ../.. { inherit system config; }
-}:
-
-# These tests will:
-#  * Set up a bitwarden-rs server
-#  * Have Firefox use the web vault to create an account, log in, and save a password to the valut
-#  * Have the bw cli log in and read that password from the vault
-#
-# Note that Firefox must be on the same machine as the server for WebCrypto APIs to be available (or HTTPS must be configured)
-#
-# The same tests should work without modification on the official bitwarden server, if we ever package that.
-
-with import ../lib/testing-python.nix { inherit system pkgs; };
-with pkgs.lib;
-let
-  backends = [ "sqlite" "mysql" "postgresql" ];
-
-  dbPassword = "please_dont_hack";
-
-  userEmail = "meow@example.com";
-  userPassword = "also_super_secret_ZJWpBKZi668QGt"; # Must be complex to avoid interstitial warning on the signup page
-
-  storedPassword = "seeeecret";
-
-  makeBitwardenTest = backend: makeTest {
-    name = "bitwarden_rs-${backend}";
-    meta = {
-      maintainers = with pkgs.lib.maintainers; [ jjjollyjim ];
-    };
-
-    nodes = {
-      server = { pkgs, ... }:
-        let backendConfig = {
-          mysql = {
-            services.mysql = {
-              enable = true;
-              initialScript = pkgs.writeText "mysql-init.sql" ''
-                CREATE DATABASE bitwarden;
-                CREATE USER 'bitwardenuser'@'localhost' IDENTIFIED BY '${dbPassword}';
-                GRANT ALL ON `bitwarden`.* TO 'bitwardenuser'@'localhost';
-                FLUSH PRIVILEGES;
-              '';
-              package = pkgs.mariadb;
-            };
-
-            services.bitwarden_rs.config.databaseUrl = "mysql://bitwardenuser:${dbPassword}@localhost/bitwarden";
-
-            systemd.services.bitwarden_rs.after = [ "mysql.service" ];
-          };
-
-          postgresql = {
-            services.postgresql = {
-              enable = true;
-              initialScript = pkgs.writeText "postgresql-init.sql" ''
-                CREATE DATABASE bitwarden;
-                CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}';
-                GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser;
-              '';
-            };
-
-            services.bitwarden_rs.config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden";
-
-            systemd.services.bitwarden_rs.after = [ "postgresql.service" ];
-          };
-
-          sqlite = { };
-        };
-        in
-        mkMerge [
-          backendConfig.${backend}
-          {
-            services.bitwarden_rs = {
-              enable = true;
-              dbBackend = backend;
-              config.rocketPort = 80;
-            };
-
-            networking.firewall.allowedTCPPorts = [ 80 ];
-
-            environment.systemPackages =
-              let
-                testRunner = pkgs.writers.writePython3Bin "test-runner"
-                  {
-                    libraries = [ pkgs.python3Packages.selenium ];
-                  } ''
-                  from selenium.webdriver import Firefox
-                  from selenium.webdriver.firefox.options import Options
-                  from selenium.webdriver.support.ui import WebDriverWait
-                  from selenium.webdriver.support import expected_conditions as EC
-
-                  options = Options()
-                  options.add_argument('--headless')
-                  driver = Firefox(options=options)
-
-                  driver.implicitly_wait(20)
-                  driver.get('http://localhost/#/register')
-
-                  wait = WebDriverWait(driver, 10)
-
-                  wait.until(EC.title_contains("Create Account"))
-
-                  driver.find_element_by_css_selector('input#email').send_keys(
-                    '${userEmail}'
-                  )
-                  driver.find_element_by_css_selector('input#name').send_keys(
-                    'A Cat'
-                  )
-                  driver.find_element_by_css_selector('input#masterPassword').send_keys(
-                    '${userPassword}'
-                  )
-                  driver.find_element_by_css_selector('input#masterPasswordRetype').send_keys(
-                    '${userPassword}'
-                  )
-                  driver.find_element_by_css_selector('input#acceptPolicies').click()
-
-                  driver.find_element_by_xpath("//button[contains(., 'Submit')]").click()
-
-                  wait.until_not(EC.title_contains("Create Account"))
-
-                  driver.find_element_by_css_selector('input#masterPassword').send_keys(
-                    '${userPassword}'
-                  )
-                  driver.find_element_by_xpath("//button[contains(., 'Log In')]").click()
-
-                  wait.until(EC.title_contains("My Vault"))
-
-                  driver.find_element_by_xpath("//button[contains(., 'Add Item')]").click()
-
-                  driver.find_element_by_css_selector('input#name').send_keys(
-                    'secrets'
-                  )
-                  driver.find_element_by_css_selector('input#loginPassword').send_keys(
-                    '${storedPassword}'
-                  )
-
-                  driver.find_element_by_xpath("//button[contains(., 'Save')]").click()
-                '';
-              in
-              [ pkgs.firefox-unwrapped pkgs.geckodriver testRunner ];
-
-            virtualisation.memorySize = 768;
-          }
-        ];
-
-      client = { pkgs, ... }:
-        {
-          environment.systemPackages = [ pkgs.bitwarden-cli ];
-        };
-    };
-
-    testScript = ''
-      start_all()
-      server.wait_for_unit("bitwarden_rs.service")
-      server.wait_for_open_port(80)
-
-      with subtest("configure the cli"):
-          client.succeed("bw --nointeraction config server http://server")
-
-      with subtest("can't login to nonexistant account"):
-          client.fail(
-              "bw --nointeraction --raw login ${userEmail} ${userPassword}"
-          )
-
-      with subtest("use the web interface to sign up, log in, and save a password"):
-          server.succeed("PYTHONUNBUFFERED=1 test-runner | systemd-cat -t test-runner")
-
-      with subtest("log in with the cli"):
-          key = client.succeed(
-              "bw --nointeraction --raw login ${userEmail} ${userPassword}"
-          ).strip()
-
-      with subtest("sync with the cli"):
-          client.succeed(f"bw --nointeraction --raw --session {key} sync -f")
-
-      with subtest("get the password with the cli"):
-          password = client.succeed(
-              f"bw --nointeraction --raw --session {key} list items | ${pkgs.jq}/bin/jq -r .[].login.password"
-          )
-          assert password.strip() == "${storedPassword}"
-    '';
-  };
-in
-builtins.listToAttrs (
-  map
-    (backend: { name = backend; value = makeBitwardenTest backend; })
-    backends
-)
diff --git a/nixos/tests/vaultwarden.nix b/nixos/tests/vaultwarden.nix
new file mode 100644
index 00000000000..b5343f5cad2
--- /dev/null
+++ b/nixos/tests/vaultwarden.nix
@@ -0,0 +1,189 @@
+{ system ? builtins.currentSystem
+, config ? { }
+, pkgs ? import ../.. { inherit system config; }
+}:
+
+# These tests will:
+#  * Set up a vaultwarden server
+#  * Have Firefox use the web vault to create an account, log in, and save a password to the valut
+#  * Have the bw cli log in and read that password from the vault
+#
+# Note that Firefox must be on the same machine as the server for WebCrypto APIs to be available (or HTTPS must be configured)
+#
+# The same tests should work without modification on the official bitwarden server, if we ever package that.
+
+with import ../lib/testing-python.nix { inherit system pkgs; };
+with pkgs.lib;
+let
+  backends = [ "sqlite" "mysql" "postgresql" ];
+
+  dbPassword = "please_dont_hack";
+
+  userEmail = "meow@example.com";
+  userPassword = "also_super_secret_ZJWpBKZi668QGt"; # Must be complex to avoid interstitial warning on the signup page
+
+  storedPassword = "seeeecret";
+
+  makeVaultwardenTest = backend: makeTest {
+    name = "vaultwarden-${backend}";
+    meta = {
+      maintainers = with pkgs.lib.maintainers; [ jjjollyjim ];
+    };
+
+    nodes = {
+      server = { pkgs, ... }:
+        let backendConfig = {
+          mysql = {
+            services.mysql = {
+              enable = true;
+              initialScript = pkgs.writeText "mysql-init.sql" ''
+                CREATE DATABASE bitwarden;
+                CREATE USER 'bitwardenuser'@'localhost' IDENTIFIED BY '${dbPassword}';
+                GRANT ALL ON `bitwarden`.* TO 'bitwardenuser'@'localhost';
+                FLUSH PRIVILEGES;
+              '';
+              package = pkgs.mariadb;
+            };
+
+            services.vaultwarden.config.databaseUrl = "mysql://bitwardenuser:${dbPassword}@localhost/bitwarden";
+
+            systemd.services.vaultwarden.after = [ "mysql.service" ];
+          };
+
+          postgresql = {
+            services.postgresql = {
+              enable = true;
+              initialScript = pkgs.writeText "postgresql-init.sql" ''
+                CREATE DATABASE bitwarden;
+                CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}';
+                GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser;
+              '';
+            };
+
+            services.vaultwarden.config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden";
+
+            systemd.services.vaultwarden.after = [ "postgresql.service" ];
+          };
+
+          sqlite = { };
+        };
+        in
+        mkMerge [
+          backendConfig.${backend}
+          {
+            services.vaultwarden = {
+              enable = true;
+              dbBackend = backend;
+              config.rocketPort = 80;
+            };
+
+            networking.firewall.allowedTCPPorts = [ 80 ];
+
+            environment.systemPackages =
+              let
+                testRunner = pkgs.writers.writePython3Bin "test-runner"
+                  {
+                    libraries = [ pkgs.python3Packages.selenium ];
+                  } ''
+                  from selenium.webdriver import Firefox
+                  from selenium.webdriver.firefox.options import Options
+                  from selenium.webdriver.support.ui import WebDriverWait
+                  from selenium.webdriver.support import expected_conditions as EC
+
+                  options = Options()
+                  options.add_argument('--headless')
+                  driver = Firefox(options=options)
+
+                  driver.implicitly_wait(20)
+                  driver.get('http://localhost/#/register')
+
+                  wait = WebDriverWait(driver, 10)
+
+                  wait.until(EC.title_contains("Create Account"))
+
+                  driver.find_element_by_css_selector('input#email').send_keys(
+                    '${userEmail}'
+                  )
+                  driver.find_element_by_css_selector('input#name').send_keys(
+                    'A Cat'
+                  )
+                  driver.find_element_by_css_selector('input#masterPassword').send_keys(
+                    '${userPassword}'
+                  )
+                  driver.find_element_by_css_selector('input#masterPasswordRetype').send_keys(
+                    '${userPassword}'
+                  )
+                  driver.find_element_by_css_selector('input#acceptPolicies').click()
+
+                  driver.find_element_by_xpath("//button[contains(., 'Submit')]").click()
+
+                  wait.until_not(EC.title_contains("Create Account"))
+
+                  driver.find_element_by_css_selector('input#masterPassword').send_keys(
+                    '${userPassword}'
+                  )
+                  driver.find_element_by_xpath("//button[contains(., 'Log In')]").click()
+
+                  wait.until(EC.title_contains("My Vault"))
+
+                  driver.find_element_by_xpath("//button[contains(., 'Add Item')]").click()
+
+                  driver.find_element_by_css_selector('input#name').send_keys(
+                    'secrets'
+                  )
+                  driver.find_element_by_css_selector('input#loginPassword').send_keys(
+                    '${storedPassword}'
+                  )
+
+                  driver.find_element_by_xpath("//button[contains(., 'Save')]").click()
+                '';
+              in
+              [ pkgs.firefox-unwrapped pkgs.geckodriver testRunner ];
+
+            virtualisation.memorySize = 768;
+          }
+        ];
+
+      client = { pkgs, ... }:
+        {
+          environment.systemPackages = [ pkgs.bitwarden-cli ];
+        };
+    };
+
+    testScript = ''
+      start_all()
+      server.wait_for_unit("vaultwarden.service")
+      server.wait_for_open_port(80)
+
+      with subtest("configure the cli"):
+          client.succeed("bw --nointeraction config server http://server")
+
+      with subtest("can't login to nonexistant account"):
+          client.fail(
+              "bw --nointeraction --raw login ${userEmail} ${userPassword}"
+          )
+
+      with subtest("use the web interface to sign up, log in, and save a password"):
+          server.succeed("PYTHONUNBUFFERED=1 test-runner | systemd-cat -t test-runner")
+
+      with subtest("log in with the cli"):
+          key = client.succeed(
+              "bw --nointeraction --raw login ${userEmail} ${userPassword}"
+          ).strip()
+
+      with subtest("sync with the cli"):
+          client.succeed(f"bw --nointeraction --raw --session {key} sync -f")
+
+      with subtest("get the password with the cli"):
+          password = client.succeed(
+              f"bw --nointeraction --raw --session {key} list items | ${pkgs.jq}/bin/jq -r .[].login.password"
+          )
+          assert password.strip() == "${storedPassword}"
+    '';
+  };
+in
+builtins.listToAttrs (
+  map
+    (backend: { name = backend; value = makeVaultwardenTest backend; })
+    backends
+)
diff --git a/pkgs/development/python-modules/selenium/default.nix b/pkgs/development/python-modules/selenium/default.nix
index 370d2548980..7a1d1439c1f 100644
--- a/pkgs/development/python-modules/selenium/default.nix
+++ b/pkgs/development/python-modules/selenium/default.nix
@@ -49,7 +49,7 @@ buildPythonPackage rec {
   '';
 
   passthru.tests = {
-    testing-bitwarden = nixosTests.bitwarden;
+    testing-vaultwarden = nixosTests.vaultwarden;
   };
 
   meta = with lib; {
diff --git a/pkgs/tools/security/bitwarden_rs/default.nix b/pkgs/tools/security/bitwarden_rs/default.nix
deleted file mode 100644
index 2790a643499..00000000000
--- a/pkgs/tools/security/bitwarden_rs/default.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ lib, stdenv, rustPlatform, fetchFromGitHub, nixosTests
-, pkg-config, openssl
-, libiconv, Security, CoreServices
-, dbBackend ? "sqlite", libmysqlclient, postgresql }:
-
-let
-  featuresFlag = "--features ${dbBackend}";
-
-in rustPlatform.buildRustPackage rec {
-  pname = "bitwarden_rs";
-  version = "1.20.0";
-
-  src = fetchFromGitHub {
-    owner = "dani-garcia";
-    repo = pname;
-    rev = version;
-    sha256 = "1ncy4iwmdzdp8rv1gc5i4s1rp97d94n4l4bh08v6w4zdpx0zn8b9";
-  };
-
-  nativeBuildInputs = [ pkg-config ];
-  buildInputs = with lib; [ openssl ]
-    ++ optionals stdenv.isDarwin [ libiconv Security CoreServices ]
-    ++ optional (dbBackend == "mysql") libmysqlclient
-    ++ optional (dbBackend == "postgresql") postgresql;
-
-  RUSTC_BOOTSTRAP = 1;
-
-  cargoSha256 = "0vdi792bzqxj8g215r9r5anzs4qhqsm6sjzwpj1l9861bn7j4xsz";
-  cargoBuildFlags = [ featuresFlag ];
-
-  checkPhase = ''
-    runHook preCheck
-    echo "Running cargo cargo test ${featuresFlag} -- ''${checkFlags} ''${checkFlagsArray+''${checkFlagsArray[@]}}"
-    cargo test ${featuresFlag} -- ''${checkFlags} ''${checkFlagsArray+"''${checkFlagsArray[@]}"}
-    runHook postCheck
-  '';
-
-  passthru.tests = nixosTests.bitwarden;
-
-  meta = with lib; {
-    description = "Unofficial Bitwarden compatible server written in Rust";
-    homepage = "https://github.com/dani-garcia/bitwarden_rs";
-    license = licenses.gpl3Only;
-    maintainers = with maintainers; [ msteen ];
-  };
-}
diff --git a/pkgs/tools/security/bitwarden_rs/vault.nix b/pkgs/tools/security/bitwarden_rs/vault.nix
deleted file mode 100644
index 2b0855b821d..00000000000
--- a/pkgs/tools/security/bitwarden_rs/vault.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ lib, stdenv, fetchurl, nixosTests }:
-
-stdenv.mkDerivation rec {
-  pname = "bitwarden_rs-vault";
-  version = "2.19.0";
-
-  src = fetchurl {
-    url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz";
-    sha256 = "sha256:0yrk2b2d5sld4z60siacafdz95gqikcv4snzd6hwhq1l6kz151az";
-  };
-
-  buildCommand = ''
-    mkdir -p $out/share/bitwarden_rs/
-    cd $out/share/bitwarden_rs/
-    tar xf $src
-    mv web-vault vault
-  '';
-
-  passthru.tests = nixosTests.bitwarden;
-
-  meta = with lib; {
-    description = "Integrates the web vault into bitwarden_rs";
-    homepage = "https://github.com/dani-garcia/bw_web_builds";
-    platforms = platforms.all;
-    license = licenses.gpl3Plus;
-    maintainers = with maintainers; [ msteen mic92 ];
-  };
-}
diff --git a/pkgs/tools/security/vaultwarden/default.nix b/pkgs/tools/security/vaultwarden/default.nix
new file mode 100644
index 00000000000..4342c8f3ac9
--- /dev/null
+++ b/pkgs/tools/security/vaultwarden/default.nix
@@ -0,0 +1,47 @@
+{ lib, stdenv, rustPlatform, fetchFromGitHub, fetchurl, nixosTests
+, pkg-config, openssl
+, libiconv, Security, CoreServices
+, dbBackend ? "sqlite", libmysqlclient, postgresql }:
+
+let
+  featuresFlag = "--features ${dbBackend}";
+
+in rustPlatform.buildRustPackage rec {
+  pname = "vaultwarden";
+  version = "1.22.1";
+
+  src = fetchFromGitHub {
+    owner = "dani-garcia";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-aXbnNO3mTAgE1yNx7YVDo1vPpO8ACZpBGHQ633fNZ3k=";
+  };
+
+  cargoSha256 = "sha256-SFzq3OU0a0s3zlEzUkqGdZb/knYafqDamLy4ghH4i8I=";
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = with lib; [ openssl ]
+    ++ optionals stdenv.isDarwin [ libiconv Security CoreServices ]
+    ++ optional (dbBackend == "mysql") libmysqlclient
+    ++ optional (dbBackend == "postgresql") postgresql;
+
+  RUSTC_BOOTSTRAP = 1;
+
+  cargoBuildFlags = [ featuresFlag ];
+
+  checkPhase = ''
+    runHook preCheck
+    echo "Running cargo cargo test ${featuresFlag} -- ''${checkFlags} ''${checkFlagsArray+''${checkFlagsArray[@]}}"
+    cargo test ${featuresFlag} -- ''${checkFlags} ''${checkFlagsArray+"''${checkFlagsArray[@]}"}
+    runHook postCheck
+  '';
+
+  passthru.tests = nixosTests.vaultwarden;
+
+  meta = with lib; {
+    description = "Unofficial Bitwarden compatible server written in Rust";
+    homepage = "https://github.com/dani-garcia/vaultwarden";
+    license = licenses.gpl3Only;
+    maintainers = with maintainers; [ msteen ];
+  };
+}
diff --git a/pkgs/tools/security/vaultwarden/vault.nix b/pkgs/tools/security/vaultwarden/vault.nix
new file mode 100644
index 00000000000..49e7cc4f3ba
--- /dev/null
+++ b/pkgs/tools/security/vaultwarden/vault.nix
@@ -0,0 +1,28 @@
+{ lib, stdenv, fetchurl, nixosTests }:
+
+stdenv.mkDerivation rec {
+  pname = "vaultwarden-vault";
+  version = "2.19.0";
+
+  src = fetchurl {
+    url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz";
+    sha256 = "sha256:0yrk2b2d5sld4z60siacafdz95gqikcv4snzd6hwhq1l6kz151az";
+  };
+
+  buildCommand = ''
+    mkdir -p $out/share/vaultwarden/
+    cd $out/share/vaultwarden/
+    tar xf $src
+    mv web-vault vault
+  '';
+
+  passthru.tests = nixosTests.vaultwarden;
+
+  meta = with lib; {
+    description = "Integrates the web vault into vaultwarden";
+    homepage = "https://github.com/dani-garcia/bw_web_builds";
+    platforms = platforms.all;
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ msteen mic92 ];
+  };
+}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 5bfaed5ac45..d36f7e9719d 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -88,6 +88,14 @@ mapAliases ({
   bittorrentSync = throw "bittorrentSync has been deprecated by resilio-sync."; # added 2019-06-03
   bittorrentSync14 = throw "bittorrentSync14 has been deprecated by resilio-sync."; # added 2019-06-03
   bittorrentSync20 = throw "bittorrentSync20 has been deprecated by resilio-sync."; # added 2019-06-03
+
+  # bitwarden_rs renamed to vaultwarden with release 1.21.0 (2021-04-30)
+  bitwarden_rs = vaultwarden;
+  bitwarden_rs-sqlite = vaultwarden-sqlite;
+  bitwarden_rs-mysql = vaultwarden-mysql;
+  bitwarden_rs-postgresql = vaultwarden-postgresql;
+  bitwarden_rs-vault = vaultwarden-vault;
+
   bs1770gain = throw "bs1770gain has been removed from nixpkgs, as it had no maintainer or reverse dependencies."; # added 2021-01-02
   btc1 = throw "btc1 has been removed, it was abandoned by upstream"; # added 2020-11-03
   buildPerlPackage = perlPackages.buildPerlPackage; # added 2018-10-12
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 285f9ec31b0..999a0451aa9 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1308,15 +1308,6 @@ in
 
   inherit (nodePackages) bitwarden-cli;
 
-  bitwarden_rs = callPackage ../tools/security/bitwarden_rs {
-    inherit (darwin.apple_sdk.frameworks) Security CoreServices;
-  };
-  bitwarden_rs-sqlite = bitwarden_rs;
-  bitwarden_rs-mysql = bitwarden_rs.override { dbBackend = "mysql"; };
-  bitwarden_rs-postgresql = bitwarden_rs.override { dbBackend = "postgresql"; };
-
-  bitwarden_rs-vault = callPackage ../tools/security/bitwarden_rs/vault.nix { };
-
   bkyml = callPackage ../tools/misc/bkyml { };
 
   blockbench-electron = callPackage ../applications/graphics/blockbench-electron { };
@@ -31572,6 +31563,15 @@ in
 
   vazir-code-font = callPackage ../data/fonts/vazir-code-font { };
 
+  vaultwarden = callPackage ../tools/security/vaultwarden {
+    inherit (darwin.apple_sdk.frameworks) Security CoreServices;
+  };
+  vaultwarden-sqlite = vaultwarden;
+  vaultwarden-mysql = vaultwarden.override { dbBackend = "mysql"; };
+  vaultwarden-postgresql = vaultwarden.override { dbBackend = "postgresql"; };
+
+  vaultwarden-vault = callPackage ../tools/security/vaultwarden/vault.nix { };
+
   vazir-fonts = callPackage ../data/fonts/vazir-fonts { };
 
   vbam = callPackage ../misc/emulators/vbam { };
-- 
cgit 1.4.1