From 4b850af15a795056182dd8002b69416775f57d9a Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Wed, 20 Aug 2025 10:11:42 -0400
Subject: [PATCH] bitwarden: fix backup

---
 services/bitwarden.nix | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/services/bitwarden.nix b/services/bitwarden.nix
index fb52493..eba29fb 100644
--- a/services/bitwarden.nix
+++ b/services/bitwarden.nix
@@ -9,20 +9,17 @@
   imports = [
     (lib.serviceMountDeps "vaultwarden" [
       service_configs.vaultwarden.path
-      # config.services.vaultwarden.backupDir
+      config.services.vaultwarden.backupDir
     ])
     (lib.serviceMountDeps "backup-vaultwarden" [
       service_configs.vaultwarden.path
-      # config.services.vaultwarden.backupDir
+      config.services.vaultwarden.backupDir
     ])
   ];
 
   services.vaultwarden = {
     enable = true;
-    # backupDir = "/${service_configs.zpool_ssds}/bak/vaultwarden";
-    # in order to avoid having  ADMIN_TOKEN in the nix store it can be also set with the help of an environment file
-    # be aware that this file must be created by hand (or via secrets management like sops)
-    environmentFile = service_configs.vaultwarden.path + "/vaultwarden.env";
+    backupDir = "/${service_configs.zpool_ssds}/bak/vaultwarden";
     config = {
       # Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
       DOMAIN = "https://bitwarden.${service_configs.https.domain}";
@@ -44,6 +41,6 @@
 
   systemd.tmpfiles.rules = [
     "d ${service_configs.vaultwarden.path} 0700 vaultwarden vaultwarden"
-    # "d ${config.services.vaultwarden.backupDir} 0700 vaultwarden vaultwarden"
+    "d ${config.services.vaultwarden.backupDir} 0700 vaultwarden vaultwarden"
   ];
 }