fix(bw): websocket port deprecated

modules/nixos/vaultwarden.nix

@@ -17,10 +17,6 @@ in {
       type = port;
       default = 8222;
     };
-    websocketPort = mkOption {
-      type = nullOr port;
-      default = null;
-    };
     databaseUrlPath = mkOption {
       type = nullOr str;
       default = null;
@@ -41,9 +37,6 @@ in {
       ROCKET_ENV = mkOptionDefault "production";
       ROCKET_ADDRESS = mkOptionDefault "::1";
       ROCKET_PORT = mkOptionDefault cfg.port;
-      WEBSOCKET_ENABLED = mkOptionDefault (cfg.websocketPort != null);
-      WEBSOCKET_ADDRESS = mkOptionDefault "::1";
-      WEBSOCKET_PORT = mkIf (cfg.websocketPort != null) cfg.websocketPort;
     };
   };
   config.systemd.services.vaultwarden = let

modules/system/exports/vaultwarden.nix

@@ -16,14 +16,6 @@ in {
           assertion = config.ports.default.port == nixosConfig.services.vaultwarden.port;
           message = "port mismatch";
         })
-        (nixosConfig: {
-          assertion = nixosConfig.services.vaultwarden.websocketPort == null || config.ports.websocket.port == nixosConfig.services.vaultwarden.websocketPort;
-          message = "websocketPort mismatch";
-        })
-        (nixosConfig: {
-          assertion = config.ports.websocket.enable == (nixosConfig.services.vaultwarden.websocketPort != null);
-          message = "websocketPort enable mismatch";
-        })
       ];
     };
     ports = {
@@ -32,18 +24,6 @@ in {
         protocol = "http";
         status.enable = mkAlmostOptionDefault true;
       };
-      websocket = {
-        port = mkAlmostOptionDefault 8223;
-        protocol = "http";
-        displayName = mkAlmostOptionDefault "WebSocket";
-        status = {
-          enable = mkAlmostOptionDefault true;
-          gatus.http.websocket = {
-            enable = mkAlmostOptionDefault true;
-            status = mkAlmostOptionDefault 401;
-          };
-        };
-      };
     };
   };
 }

nixos/access/vaultwarden.nix

@@ -6,17 +6,9 @@
   inherit (lib.modules) mkIf mkDefault;
   cfg = config.services.vaultwarden;
   upstreamName = "vaultwarden'access";
-  upstreamName'websocket = "vaultwarden'websocket'access";
   locations = {
     "/".proxy.enable = true;
     "/notifications/hub" = {
-      proxy = {
-        enable = true;
-        upstream = mkDefault upstreamName'websocket;
-        websocket.enable = true;
-      };
-    };
-    "/notifications/hub/negotiate" = {
       proxy = {
         enable = true;
         websocket.enable = true;
@@ -41,20 +33,6 @@ in {
           };
         };
       };
-      ${upstreamName'websocket}.servers = {
-        local = mkIf cfg.enable {
-          enable = mkDefault (cfg.websocketPort != null);
-          addr = mkDefault "localhost";
-          port = mkIf (cfg.websocketPort != null) (mkDefault cfg.websocketPort);
-        };
-        access = {upstream, ...}: {
-          enable = mkDefault (!cfg.enable && !upstream.servers.local.enable or false);
-          accessService = {
-            name = "vaultwarden";
-            port = "websocket";
-          };
-        };
-      };
     };
     virtualHosts = {
       vaultwarden = {

nixos/vaultwarden.nix

@@ -11,7 +11,6 @@ in {
   config.services.vaultwarden = {
     enable = mkDefault true;
     dbBackend = mkDefault "postgresql";
-    websocketPort = mkDefault 8223;
     databaseUrlPath = mkIf (!postgresql.enable) (mkDefault config.sops.secrets.vaultwarden-database-url.path);
     adminTokenPath = mkIf enableAdmin (mkDefault config.sops.secrets.vaultwarden-admin-token.path);
     config = {
@@ -32,7 +31,6 @@ in {
   config.networking.firewall = mkIf cfg.enable {
     interfaces.lan.allowedTCPPorts = [
       cfg.port
-      (mkIf (cfg.websocketPort != null) cfg.websocketPort)
     ];
   };
   config.sops.secrets = let