From 4368610561e478aacc80e628b260d60fddd2d4e0 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Sun, 3 Nov 2024 03:14:47 +0100 Subject: [PATCH] Add a script for setting up vaultwarden --- .../vaultwarden/docker-compose.secrets.yml | 11 +++++ .../services/vaultwarden/docker-compose.yml | 35 ++++++++++++++++ .../docker/services/vaultwarden/main.fish | 40 +++++++++++++++++++ .../services/vaultwarden/vaultwarden.conf | 12 ++++++ 4 files changed, 98 insertions(+) create mode 100644 scripts/Common/Software/docker/services/vaultwarden/docker-compose.secrets.yml create mode 100644 scripts/Common/Software/docker/services/vaultwarden/docker-compose.yml create mode 100644 scripts/Common/Software/docker/services/vaultwarden/main.fish create mode 100644 scripts/Common/Software/docker/services/vaultwarden/vaultwarden.conf diff --git a/scripts/Common/Software/docker/services/vaultwarden/docker-compose.secrets.yml b/scripts/Common/Software/docker/services/vaultwarden/docker-compose.secrets.yml new file mode 100644 index 00000000..a53cc9e6 --- /dev/null +++ b/scripts/Common/Software/docker/services/vaultwarden/docker-compose.secrets.yml @@ -0,0 +1,11 @@ +services: + vaultwarden: + environment: + DATABASE_URL: mysql://vaultwarden:pw@db/vault + ports: + - 127.0.0.1:1337:80 + db: + environment: + MARIADB_USER: vaultwarden + MARIADB_PASSWORD: pw + MARIADB_DATABASE: vault diff --git a/scripts/Common/Software/docker/services/vaultwarden/docker-compose.yml b/scripts/Common/Software/docker/services/vaultwarden/docker-compose.yml new file mode 100644 index 00000000..a7b43080 --- /dev/null +++ b/scripts/Common/Software/docker/services/vaultwarden/docker-compose.yml @@ -0,0 +1,35 @@ +services: + vaultwarden: + image: vaultwarden/server + restart: unless-stopped + extends: + file: docker-compose.secrets.yml + service: vaultwarden + volumes: + - ./data:/data + - /etc/localtime:/etc/localtime:ro + environment: + DOMAIN: https://passwords.nuth.ch + SMTP_HOST: bridge + SMTP_FROM: no-reply@nuth.ch + SMTP_FROM_VALUE: vaultwarden + SMTP_PORT: 25 + SMTP_ACCEPT_INVALID_CERTS: "true" + SIGNUPS_ALLOWED: "false" + SIGNUPS_VERIFY: "true" + db: + image: mariadb + restart: unless-stopped + extends: + file: docker-compose.secrets.yml + service: db + volumes: + - ./db:/var/lib/mysql + - /etc/localtime:/etc/localtime:ro + environment: + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + bridge: + image: shenxn/protonmail-bridge + restart: unless-stopped + volumes: + - ./bridge:/root diff --git a/scripts/Common/Software/docker/services/vaultwarden/main.fish b/scripts/Common/Software/docker/services/vaultwarden/main.fish new file mode 100644 index 00000000..c7a0156d --- /dev/null +++ b/scripts/Common/Software/docker/services/vaultwarden/main.fish @@ -0,0 +1,40 @@ +#!/bin/env fish +begin + set -l dir (status dirname) + set -l root "/usr/local/lib/vaultwarden" + set -l source "$dir/docker-compose.secrets.yml" + set -l config "$root/"(basename "$source") + set -l nginxRoot "/etc/nginx/conf.d" + set -l nginxConfig "$nginxRoot/vaultwarden.conf" + set -l portKey ".services.vaultwarden.ports[0]" + set -l portPattern "^\([.[:digit:]]\+:\)\([[:digit:]]\+\)\(:[[:digit:]]\+\)" + source "$dir/../../../../../lib/software.fish" + + function installSW -V dir -V root -V source -V config -V nginxRoot -V nginxConfig -V portKey -V portPattern + set -l pw (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32") + set -l dbKey ".services.vaultwarden.environment.DATABASE_URL" + set -l dbUrl (yq "$dbKey" "$source" --raw-output | sed "s/^\(.*:\/\/.*:\).*\(@.*\/.*\)\$/\1$pw\2/") + set -l port (random 49152 65535) + set -l exposedPort (yq --raw-output "$portKey" "$source" | sed "s/$portPattern/\1$port\3/") + sudo mkdir -p "$root" + sudo mkdir -p "$nginxRoot" + sudo cp "$dir/docker-compose.yml" "$root" + + URL=$dbUrl yq "$dbKey = env.URL" "$source" | \ + PW=$pw yq ".services.db.environment.MARIADB_PASSWORD = env.PW" | \ + PORT=$exposedPort yq -y "$portKey = env.PORT" | \ + sudo tee "$config" >/dev/null + end + + function configureSW -V dir -V config -V nginxConfig -V portKey -V portPattern + set port (yq --raw-output "$portKey" "$config" | sed "s/$portPattern/\2/") + cat "$dir/$(basename "$nginxConfig")" | sed "s/\(proxy_pass \)\(.\+:\)\?[[:digit:]]\+\(;\)/\1\2$port\3/" | sudo tee "$nginxConfig" + sudo systemctl restart nginx + end + + function getBackupArgs -V root + printf "%s\n" --hidden --no-ignore . --exclude "docker-compose.yml" "$root" + end + + runInstaller --force $argv +end diff --git a/scripts/Common/Software/docker/services/vaultwarden/vaultwarden.conf b/scripts/Common/Software/docker/services/vaultwarden/vaultwarden.conf new file mode 100644 index 00000000..ac540702 --- /dev/null +++ b/scripts/Common/Software/docker/services/vaultwarden/vaultwarden.conf @@ -0,0 +1,12 @@ +server { + listen 80; + server_name passwords.nuth.ch; + + location / { + proxy_pass http://127.0.0.1:1337; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +}