2022-12-31 11:24:33 -05:00
|
|
|
#!/usr/bin/env bash
|
2023-02-07 12:15:22 -05:00
|
|
|
|
2025-01-01 13:37:29 +01:00
|
|
|
# Copyright (c) 2021-2025 tteck
|
2023-02-07 12:15:22 -05:00
|
|
|
# Author: tteck (tteckster)
|
2025-03-04 17:54:20 +01:00
|
|
|
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
2025-03-13 10:42:49 +01:00
|
|
|
# Source: https://github.com/dani-garcia/vaultwarden
|
2023-02-07 12:15:22 -05:00
|
|
|
|
2023-04-09 23:47:27 -04:00
|
|
|
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
2023-03-22 20:48:20 -04:00
|
|
|
color
|
|
|
|
|
verb_ip6
|
|
|
|
|
catch_errors
|
|
|
|
|
setting_up_container
|
|
|
|
|
network_check
|
|
|
|
|
update_os
|
2022-12-31 11:24:33 -05:00
|
|
|
|
|
|
|
|
msg_info "Installing Dependencies"
|
2025-10-07 21:40:31 +02:00
|
|
|
$STD apt install -y git \
|
2022-12-31 11:24:33 -05:00
|
|
|
build-essential \
|
|
|
|
|
pkgconf \
|
|
|
|
|
libssl-dev \
|
|
|
|
|
libmariadb-dev-compat \
|
|
|
|
|
libpq-dev \
|
2025-05-03 14:48:55 +02:00
|
|
|
argon2 \
|
|
|
|
|
ssl-cert
|
2022-12-31 11:24:33 -05:00
|
|
|
msg_ok "Installed Dependencies"
|
|
|
|
|
|
2025-05-03 14:48:55 +02:00
|
|
|
WEBVAULT=$(curl -fsSL https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }')
|
|
|
|
|
VAULT=$(curl -fsSL https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }')
|
2022-12-31 11:24:33 -05:00
|
|
|
|
|
|
|
|
msg_info "Installing Rust"
|
2025-04-01 11:38:52 +02:00
|
|
|
curl -fsSL https://sh.rustup.rs -o rustup-init.sh
|
|
|
|
|
$STD bash rustup-init.sh -y --profile minimal
|
2025-05-03 14:48:55 +02:00
|
|
|
echo 'export PATH="$HOME/.cargo/bin:$PATH"' >>~/.bashrc
|
2025-04-01 11:38:52 +02:00
|
|
|
export PATH="$HOME/.cargo/bin:$PATH"
|
|
|
|
|
rm rustup-init.sh
|
2022-12-31 11:24:33 -05:00
|
|
|
msg_ok "Installed Rust"
|
|
|
|
|
|
|
|
|
|
msg_info "Building Vaultwarden ${VAULT} (Patience)"
|
|
|
|
|
$STD git clone https://github.com/dani-garcia/vaultwarden
|
2025-10-07 21:40:31 +02:00
|
|
|
cd vaultwarden || exit
|
2022-12-31 11:24:33 -05:00
|
|
|
$STD cargo build --features "sqlite,mysql,postgresql" --release
|
|
|
|
|
msg_ok "Built Vaultwarden ${VAULT}"
|
|
|
|
|
|
|
|
|
|
$STD addgroup --system vaultwarden
|
|
|
|
|
$STD adduser --system --home /opt/vaultwarden --shell /usr/sbin/nologin --no-create-home --gecos 'vaultwarden' --ingroup vaultwarden --disabled-login --disabled-password vaultwarden
|
|
|
|
|
mkdir -p /opt/vaultwarden/bin
|
|
|
|
|
mkdir -p /opt/vaultwarden/data
|
|
|
|
|
cp target/release/vaultwarden /opt/vaultwarden/bin/
|
|
|
|
|
|
|
|
|
|
msg_info "Downloading Web-Vault ${WEBVAULT}"
|
2025-05-03 14:48:55 +02:00
|
|
|
$STD curl -fsSLO https://github.com/dani-garcia/bw_web_builds/releases/download/"$WEBVAULT"/bw_web_"$WEBVAULT".tar.gz
|
|
|
|
|
$STD tar -xzf bw_web_"$WEBVAULT".tar.gz -C /opt/vaultwarden/
|
2022-12-31 11:24:33 -05:00
|
|
|
msg_ok "Downloaded Web-Vault ${WEBVAULT}"
|
|
|
|
|
|
|
|
|
|
cat <<EOF >/opt/vaultwarden/.env
|
2023-04-09 23:47:27 -04:00
|
|
|
ADMIN_TOKEN=''
|
2022-12-31 11:24:33 -05:00
|
|
|
ROCKET_ADDRESS=0.0.0.0
|
2025-05-03 14:48:55 +02:00
|
|
|
ROCKET_TLS='{certs="/opt/vaultwarden/ssl-cert-snakeoil.pem",key="/opt/vaultwarden/ssl-cert-snakeoil.key"}'
|
2022-12-31 11:24:33 -05:00
|
|
|
DATA_FOLDER=/opt/vaultwarden/data
|
|
|
|
|
DATABASE_MAX_CONNS=10
|
|
|
|
|
WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
|
|
|
|
|
WEB_VAULT_ENABLED=true
|
|
|
|
|
EOF
|
|
|
|
|
|
2025-05-03 14:48:55 +02:00
|
|
|
mv /etc/ssl/certs/ssl-cert-snakeoil.pem /opt/vaultwarden/
|
|
|
|
|
mv /etc/ssl/private/ssl-cert-snakeoil.key /opt/vaultwarden/
|
|
|
|
|
|
2022-12-31 11:24:33 -05:00
|
|
|
msg_info "Creating Service"
|
|
|
|
|
chown -R vaultwarden:vaultwarden /opt/vaultwarden/
|
|
|
|
|
chown root:root /opt/vaultwarden/bin/vaultwarden
|
|
|
|
|
chmod +x /opt/vaultwarden/bin/vaultwarden
|
|
|
|
|
chown -R root:root /opt/vaultwarden/web-vault/
|
|
|
|
|
chmod +r /opt/vaultwarden/.env
|
|
|
|
|
|
|
|
|
|
service_path="/etc/systemd/system/vaultwarden.service"
|
|
|
|
|
echo "[Unit]
|
|
|
|
|
Description=Bitwarden Server (Powered by Vaultwarden)
|
|
|
|
|
Documentation=https://github.com/dani-garcia/vaultwarden
|
|
|
|
|
After=network.target
|
|
|
|
|
[Service]
|
|
|
|
|
User=vaultwarden
|
|
|
|
|
Group=vaultwarden
|
|
|
|
|
EnvironmentFile=-/opt/vaultwarden/.env
|
|
|
|
|
ExecStart=/opt/vaultwarden/bin/vaultwarden
|
|
|
|
|
LimitNOFILE=65535
|
|
|
|
|
LimitNPROC=4096
|
|
|
|
|
PrivateTmp=true
|
|
|
|
|
PrivateDevices=true
|
|
|
|
|
ProtectHome=true
|
|
|
|
|
ProtectSystem=strict
|
|
|
|
|
DevicePolicy=closed
|
|
|
|
|
ProtectControlGroups=yes
|
|
|
|
|
ProtectKernelModules=yes
|
|
|
|
|
ProtectKernelTunables=yes
|
|
|
|
|
RestrictNamespaces=yes
|
|
|
|
|
RestrictRealtime=yes
|
|
|
|
|
MemoryDenyWriteExecute=yes
|
|
|
|
|
LockPersonality=yes
|
|
|
|
|
WorkingDirectory=/opt/vaultwarden
|
|
|
|
|
ReadWriteDirectories=/opt/vaultwarden/data
|
|
|
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
|
|
|
[Install]
|
|
|
|
|
WantedBy=multi-user.target" >$service_path
|
|
|
|
|
systemctl daemon-reload
|
2025-04-01 20:22:40 +02:00
|
|
|
$STD systemctl enable --now vaultwarden
|
2022-12-31 11:24:33 -05:00
|
|
|
msg_ok "Created Service"
|
|
|
|
|
|
2023-03-22 20:48:20 -04:00
|
|
|
motd_ssh
|
2023-05-15 07:39:30 -04:00
|
|
|
customize
|
2022-12-31 11:24:33 -05:00
|
|
|
|
|
|
|
|
msg_info "Cleaning up"
|
2025-10-07 21:40:31 +02:00
|
|
|
$STD apt -y autoremove
|
|
|
|
|
$STD apt -y autoclean
|
|
|
|
|
$STD apt -y clean
|
2022-12-31 11:24:33 -05:00
|
|
|
msg_ok "Cleaned"
|
