From 4f637f278b58709a5e36c1165b8aeb5b5e3556bd Mon Sep 17 00:00:00 2001
From: novmar <marcel.novotny@gmail.com>
Date: Fri, 14 Jan 2022 00:05:37 +0100
Subject: [PATCH] Added services.vaultwarden.environmentFile mention, to not
 store secure vars inside /nix/store

---
 Deployment-examples.md | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Deployment-examples.md b/Deployment-examples.md
index 13ce5eb..746c485 100644
--- a/Deployment-examples.md
+++ b/Deployment-examples.md
@@ -35,7 +35,7 @@ This page is an index of standalone deployment examples. If adding a new example
 
 
 ## NixOS (by tklitschi)
-  There's a example bitwarden config for NixOS. It's not very complex, you have the backend option, for the type of Database you wanna use, the Backupdir for a dedicated Backup systemdserive, the option to enable it and the config Option. For the Config Option you simply pass the .env Variables [from the .env template](https://github.com/dani-garcia/vaultwarden/blob/1.13.1/.env.template) in nix syntax.
+  There's a example bitwarden config for NixOS. It's not very complex, you have the backend option, for the type of Database you wanna use, the Backupdir for a dedicated Backup systemdserive, the option to enable it and the config Option. For the Config Option you simply pass the .env Variables [from the .env template](https://github.com/dani-garcia/vaultwarden/blob/1.13.1/.env.template) in nix syntax. Secrets ( SMTP_PASSWORD,... ) store inside another .env file outside /nix/store and include by [services.vaultwarden.environmentFile](https://search.nixos.org/options?channel=21.11&show=services.vaultwarden.environmentFile&from=0&size=50&sort=relevance&type=packages&query=vaultw)
 See [Proxy Examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples) for a nixos-nginx example config.
 <details>
 <summary>Example Config</summary><br/>
@@ -54,21 +54,22 @@ See [Proxy Examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examp
       WEBSOCKET_ADDRESS = "0.0.0.0";
       WEBSOCKET_PORT = 3012;
       SIGNUPS_VERIFY = true;
-      ADMIN_TOKEN = (import /etc/nixos/secret/bitwarden.nix).ADMIN_TOKEN;
+ #    ADMIN_TOKEN = (import /etc/nixos/secret/bitwarden.nix).ADMIN_TOKEN;
       DOMAIN = "https://exmaple.com";
-      YUBICO_CLIENT_ID = (import /etc/nixos/secret/bitwarden.nix).YUBICO_CLIENT_ID;
-      YUBICO_SECRET_KEY = (import /etc/nixos/secret/bitwarden.nix).YUBICO_SECRET_KEY;
+ #    YUBICO_CLIENT_ID = (import /etc/nixos/secret/bitwarden.nix).YUBICO_CLIENT_ID;
+ #    YUBICO_SECRET_KEY = (import /etc/nixos/secret/bitwarden.nix).YUBICO_SECRET_KEY;
       YUBICO_SERVER = "https://api.yubico.com/wsapi/2.0/verify";
       SMTP_HOST = "mx.example.com";
       SMTP_FROM = "bitwarden@example.com";
       SMTP_FROM_NAME = "Bitwarden_RS";
       SMTP_PORT = 587;
       SMTP_SSL = true;
-      SMTP_USERNAME = (import /etc/nixos/secret/bitwarden.nix).SMTP_USERNAME;
-      SMTP_PASSWORD = (import /etc/nixos/secret/bitwarden.nix).SMTP_PASSWORD;
+#     SMTP_USERNAME = (import /etc/nixos/secret/bitwarden.nix).SMTP_USERNAME;
+#     SMTP_PASSWORD = (import /etc/nixos/secret/bitwarden.nix).SMTP_PASSWORD;
       SMTP_TIMEOUT = 15;
       ROCKET_PORT = 8812;
     };
+    environmentFile = "/etc/nixos/secret/bitwarden.env";
   };
 }
 ```