Add a script for setting up vaultwarden

This commit is contained in:
Manuel Thalmann 2024-11-03 03:14:47 +01:00
parent d9285c029c
commit 339569df2f
4 changed files with 98 additions and 0 deletions

View file

@ -0,0 +1,11 @@
services:
vaultwarden:
environment:
DATABASE_URL: mysql://vaultwarden:pw@db/vault
ports:
- 127.0.0.1:1337:80
db:
environment:
MARIADB_USER: vaultwarden
MARIADB_PASSWORD: pw
MARIADB_DATABASE: vault

View file

@ -0,0 +1,35 @@
services:
vaultwarden:
image: vaultwarden/server
restart: unless-stopped
extends:
file: docker-compose.secrets.yml
service: vaultwarden
volumes:
- ./data:/data
- /etc/localtime:/etc/localtime:ro
environment:
DOMAIN: https://passwords.nuth.ch
SMTP_HOST: bridge
SMTP_FROM: no-reply@nuth.ch
SMTP_FROM_VALUE: vaultwarden
SMTP_PORT: 25
SMTP_ACCEPT_INVALID_CERTS: "true"
SIGNUPS_ALLOWED: "false"
SIGNUPS_VERIFY: "true"
db:
image: mariadb
restart: unless-stopped
extends:
file: docker-compose.secrets.yml
service: db
volumes:
- ./db:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
environment:
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
bridge:
image: shenxn/protonmail-bridge
restart: unless-stopped
volumes:
- ./bridge:/root

View file

@ -0,0 +1,40 @@
#!/bin/env fish
begin
set -l dir (status dirname)
set -l root "/usr/local/lib/vaultwarden"
set -l source "$dir/docker-compose.secrets.yml"
set -l config "$root/"(basename "$source")
set -l nginxRoot "/etc/nginx/conf.d"
set -l nginxConfig "$nginxRoot/vaultwarden.conf"
set -l portKey ".services.vaultwarden.ports[0]"
set -l portPattern "^\([.[:digit:]]\+:\)\([[:digit:]]\+\)\(:[[:digit:]]\+\)"
source "$dir/../../../../../lib/software.fish"
function installSW -V dir -V root -V source -V config -V nginxRoot -V nginxConfig -V portKey -V portPattern
set -l pw (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32")
set -l dbKey ".services.vaultwarden.environment.DATABASE_URL"
set -l dbUrl (yq "$dbKey" "$source" --raw-output | sed "s/^\(.*:\/\/.*:\).*\(@.*\/.*\)\$/\1$pw\2/")
set -l port (random 49152 65535)
set -l exposedPort (yq --raw-output "$portKey" "$source" | sed "s/$portPattern/\1$port\3/")
sudo mkdir -p "$root"
sudo mkdir -p "$nginxRoot"
sudo cp "$dir/docker-compose.yml" "$root"
URL=$dbUrl yq "$dbKey = env.URL" "$source" | \
PW=$pw yq ".services.db.environment.MARIADB_PASSWORD = env.PW" | \
PORT=$exposedPort yq -y "$portKey = env.PORT" | \
sudo tee "$config" >/dev/null
end
function configureSW -V dir -V config -V nginxConfig -V portKey -V portPattern
set port (yq --raw-output "$portKey" "$config" | sed "s/$portPattern/\2/")
cat "$dir/$(basename "$nginxConfig")" | sed "s/\(proxy_pass \)\(.\+:\)\?[[:digit:]]\+\(;\)/\1\2$port\3/" | sudo tee "$nginxConfig"
sudo systemctl restart nginx
end
function getBackupArgs -V root
printf "%s\n" --hidden --no-ignore . --exclude "docker-compose.yml" "$root"
end
runInstaller --force $argv
end

View file

@ -0,0 +1,12 @@
server {
listen 80;
server_name passwords.nuth.ch;
location / {
proxy_pass http://127.0.0.1:1337;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}