Add a script for setting up vaultwarden
This commit is contained in:
parent
df7d3efae8
commit
2dd88ee3c4
4 changed files with 98 additions and 0 deletions
|
@ -0,0 +1,11 @@
|
||||||
|
services:
|
||||||
|
vaultwarden:
|
||||||
|
environment:
|
||||||
|
DATABASE_URL: mysql://vaultwarden:pw@db/vault
|
||||||
|
ports:
|
||||||
|
- 127.0.0.1:1337:80
|
||||||
|
db:
|
||||||
|
environment:
|
||||||
|
MARIADB_USER: vaultwarden
|
||||||
|
MARIADB_PASSWORD: pw
|
||||||
|
MARIADB_DATABASE: vault
|
|
@ -0,0 +1,35 @@
|
||||||
|
services:
|
||||||
|
vaultwarden:
|
||||||
|
image: vaultwarden/server
|
||||||
|
restart: unless-stopped
|
||||||
|
extends:
|
||||||
|
file: docker-compose.secrets.yml
|
||||||
|
service: vaultwarden
|
||||||
|
volumes:
|
||||||
|
- ./data:/data
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
environment:
|
||||||
|
DOMAIN: https://passwords.nuth.ch
|
||||||
|
SMTP_HOST: bridge
|
||||||
|
SMTP_FROM: no-reply@nuth.ch
|
||||||
|
SMTP_FROM_VALUE: vaultwarden
|
||||||
|
SMTP_PORT: 25
|
||||||
|
SMTP_ACCEPT_INVALID_CERTS: "true"
|
||||||
|
SIGNUPS_ALLOWED: "false"
|
||||||
|
SIGNUPS_VERIFY: "true"
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
restart: unless-stopped
|
||||||
|
extends:
|
||||||
|
file: docker-compose.secrets.yml
|
||||||
|
service: db
|
||||||
|
volumes:
|
||||||
|
- ./db:/var/lib/mysql
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
environment:
|
||||||
|
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||||
|
bridge:
|
||||||
|
image: shenxn/protonmail-bridge
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- ./bridge:/root
|
|
@ -0,0 +1,40 @@
|
||||||
|
#!/bin/env fish
|
||||||
|
begin
|
||||||
|
set -l dir (status dirname)
|
||||||
|
set -l root "/usr/local/lib/vaultwarden"
|
||||||
|
set -l source "$dir/docker-compose.secrets.yml"
|
||||||
|
set -l config "$root/"(basename "$source")
|
||||||
|
set -l nginxRoot "/etc/nginx/conf.d"
|
||||||
|
set -l nginxConfig "$nginxRoot/vaultwarden.conf"
|
||||||
|
set -l portKey ".services.vaultwarden.ports[0]"
|
||||||
|
set -l portPattern "^\([.[:digit:]]\+:\)\([[:digit:]]\+\)\(:[[:digit:]]\+\)"
|
||||||
|
source "$dir/../../../../../lib/software.fish"
|
||||||
|
|
||||||
|
function installSW -V dir -V root -V source -V config -V nginxRoot -V nginxConfig -V portKey -V portPattern
|
||||||
|
set -l pw (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32")
|
||||||
|
set -l dbKey ".services.vaultwarden.environment.DATABASE_URL"
|
||||||
|
set -l dbUrl (yq "$dbKey" "$source" --raw-output | sed "s/^\(.*:\/\/.*:\).*\(@.*\/.*\)\$/\1$pw\2/")
|
||||||
|
set -l port (random 49152 65535)
|
||||||
|
set -l exposedPort (yq --raw-output "$portKey" "$source" | sed "s/$portPattern/\1$port\3/")
|
||||||
|
sudo mkdir -p "$root"
|
||||||
|
sudo mkdir -p "$nginxRoot"
|
||||||
|
sudo cp "$dir/docker-compose.yml" "$root"
|
||||||
|
|
||||||
|
URL=$dbUrl yq "$dbKey = env.URL" "$source" | \
|
||||||
|
PW=$pw yq ".services.db.environment.MARIADB_PASSWORD = env.PW" | \
|
||||||
|
PORT=$exposedPort yq -y "$portKey = env.PORT" | \
|
||||||
|
sudo tee "$config" >/dev/null
|
||||||
|
end
|
||||||
|
|
||||||
|
function configureSW -V dir -V config -V nginxConfig -V portKey -V portPattern
|
||||||
|
set port (yq --raw-output "$portKey" "$config" | sed "s/$portPattern/\2/")
|
||||||
|
cat "$dir/$(basename "$nginxConfig")" | sed "s/\(proxy_pass \)\(.\+:\)\?[[:digit:]]\+\(;\)/\1\2$port\3/" | sudo tee "$nginxConfig"
|
||||||
|
sudo systemctl restart nginx
|
||||||
|
end
|
||||||
|
|
||||||
|
function getBackupArgs -V root
|
||||||
|
printf "%s\n" --hidden --no-ignore . --exclude "docker-compose.yml" "$root"
|
||||||
|
end
|
||||||
|
|
||||||
|
runInstaller --force $argv
|
||||||
|
end
|
|
@ -0,0 +1,12 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name passwords.nuth.ch;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:1337;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue