pkgs/tools/security/vaultwarden/update.nix

   1 {
   2   writeShellApplication,
   3   lib,
   4   nix,
   5   nix-prefetch-git,
   6   nix-update,
   7   curl,
   8   git,
   9   gnugrep,
  10   gnused,
  11   jq,
  12   yq,
  13 }:
  14
  15 lib.getExe (writeShellApplication {
  16   name = "update-vaultwarden";
  17   runtimeInputs = [
  18     curl
  19     git
  20     gnugrep
  21     gnused
  22     jq
  23     yq
  24     nix
  25     nix-prefetch-git
  26     nix-update
  27   ];
  28
  29   text = ''
  30     VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name')
  31     nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"
  32
  33     URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/DockerSettings.yaml"
  34     WEBVAULT_VERSION="$(curl --silent "$URL" | yq -r ".vault_version" | sed s/^v//)"
  35     old_hash="$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash)"
  36     new_hash="$(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256")"
  37     new_hash_sri="$(nix --extra-experimental-features nix-command hash to-sri --type sha256 "$new_hash")"
  38     sed -e "s#$old_hash#$new_hash_sri#" -i pkgs/tools/security/vaultwarden/webvault.nix
  39     nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"
  40   '';
  41 })