From 4bfd8b6a9f81bfa92ca22afc7b573710d3ee51e3 Mon Sep 17 00:00:00 2001
From: Matei Adriel <rafaeladriel11@gmail.com>
Date: Sat, 10 Feb 2024 05:11:50 +0100
Subject: [PATCH] Update vaultwarden secret perms

---
 hosts/nixos/lapetus/services/vaultwarden.nix | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/hosts/nixos/lapetus/services/vaultwarden.nix b/hosts/nixos/lapetus/services/vaultwarden.nix
index cbf7785..d3b25d3 100644
--- a/hosts/nixos/lapetus/services/vaultwarden.nix
+++ b/hosts/nixos/lapetus/services/vaultwarden.nix
@@ -4,11 +4,17 @@ let
   host = "warden.moonythm.dev";
 in
 {
-  sops.secrets.vaultwarden_env.sopsFile = ../secrets.yaml;
   services.nginx.virtualHosts.${host} =
     config.satellite.proxy port { proxyWebsockets = true; };
 
-  # {{{ Persistence
+  # {{{ Secrets 
+  sops.secrets.vaultwarden_env = {
+    sopsFile = ../secrets.yaml;
+    owner = config.users.users.vaultwarden.name;
+    group = config.users.users.vaultwarden.group;
+  };
+  # }}}
+  # {{{ General config
   services.vaultwarden = {
     enable = true;
     environmentFile = config.sops.secrets.vaultwarden_env.path;
@@ -32,8 +38,8 @@ in
   environment.persistence."/persist/state".directories = [{
     directory = "/var/lib/bitwarden_rs";
     mode = "u=rwx,g=,o=";
-    user = "vaultwarden";
-    group = "vaultwarden";
+    user = config.users.users.vaultwarden.name;
+    group = config.users.users.vaultwarden.group;
   }];
   # }}}
 }