pkgs/tools/security/vaultwarden/update.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / tools / security / vaultwarden / update.nix

at netboot-syslinux-multiplatform 27 lines 1.2 kB view raw

 1{ writeShellScript
 2, lib
 3, nix
 4, nix-prefetch-git
 5, nix-update
 6, curl
 7, git
 8, gnugrep
 9, gnused
10, jq
11}:
12
13writeShellScript "update-vaultwarden" ''
14  PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix nix-prefetch-git nix-update ]}
15
16  set -euxo pipefail
17
18  VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name')
19  nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"
20
21  URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2"
22  WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"v([^\"]+)\".*/\\1/")
23  old_hash=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash)
24  new_hash=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256"))
25  sed -e "s#$old_hash#$new_hash#" -i pkgs/tools/security/vaultwarden/webvault.nix
26  nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"
27''