Merge pull request #318347 from caffineehacker/vaultwarden_backup

nixos/vaultwarden: backup all rsa_keys

nixos/modules/services/security/vaultwarden/backup.sh

@@ -1,17 +1,21 @@
 #!/usr/bin/env bash
 
+# Allow use of !() when copying to not copy certain files
+shopt -s extglob
+
 # Based on: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
 if [ ! -d "$BACKUP_FOLDER" ]; then
   echo "Backup folder '$BACKUP_FOLDER' does not exist" >&2
   exit 1
 fi
 
-if [[ ! -f "$DATA_FOLDER"/db.sqlite3 ]]; then
-  echo "Could not find SQLite database file '$DATA_FOLDER/db.sqlite3'" >&2
-  exit 1
+if [[ -f "$DATA_FOLDER"/db.sqlite3 ]]; then
+  sqlite3 "$DATA_FOLDER"/db.sqlite3 ".backup '$BACKUP_FOLDER/db.sqlite3'"
 fi
 
-sqlite3 "$DATA_FOLDER"/db.sqlite3 ".backup '$BACKUP_FOLDER/db.sqlite3'"
-cp "$DATA_FOLDER"/rsa_key.{der,pem,pub.der} "$BACKUP_FOLDER"
-cp -r "$DATA_FOLDER"/attachments "$BACKUP_FOLDER"
-cp -r "$DATA_FOLDER"/icon_cache "$BACKUP_FOLDER"
+if [ ! -d "$DATA_FOLDER" ]; then
+  echo "No data folder (yet). This will happen on first launch if backup is triggered before vaultwarden has started."
+  exit 0
+fi
+
+cp -r "$DATA_FOLDER"/!(db.*) "$BACKUP_FOLDER"/

nixos/tests/vaultwarden.nix

@@ -208,6 +208,10 @@ builtins.mapAttrs (k: v: makeVaultwardenTest k v) {
           server.succeed('[ -d "/var/lib/vaultwarden/backups" ]')
           server.succeed('[ -f "/var/lib/vaultwarden/backups/db.sqlite3" ]')
           server.succeed('[ -d "/var/lib/vaultwarden/backups/attachments" ]')
+          server.succeed('[ -f "/var/lib/vaultwarden/backups/rsa_key.pem" ]')
+          server.succeed('[ -f "/var/lib/vaultwarden/backups/rsa_key.pub.pem" ]')
+          # Ensure only the db backed up with the backup command exists and not the other db files.
+          server.succeed('[ ! -f "/var/lib/vaultwarden/backups/db.sqlite3-shm" ]')
     '';
   };
 }