-
Notifications
You must be signed in to change notification settings - Fork 7
/
bitwarden
141 lines (118 loc) · 4.86 KB
/
bitwarden
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/bin/bash
############# https://github.com/plexguide/PlexGuide.com/graphs/contributors ###
bitwarden () {
container_reset
# VARIABLES ####################################################################
pgrole="bitwarden"
port_inside01="80"
port_outside01="6423"
traefik_extport="6423"
container_path /pg/data/$pgrole /data
container_path /pg/data/$pgrole/env /.env
container_permissions PUID 1000
container_permissions PGID 1000
# IMAGES EXPORT - 1ST IS DEFAULT ###############################################
cat <<- EOF > "/pg/images/$pgrole.images"
bitwardenrs/server:latest
EOF
# CONFIG FILE ##################################################################
common_fcreate_silent /pg/data/$pgrole/env
if [[ ! -e "/pg/data/$pgrole/env/.env" ]]; then
# MISC TASKS ###################################################################
securekey=$(/usr/bin/openssl rand -base64 48)
traefik_menu_start_setup
common_main /pg/data/$pgrole/cname.traefik "$app" cname_fill
# ENV EXPORT ###################################################################
cat <<- EOF > "/pg/data/$pgrole/env/.env"
## Bitwarden_RS Configuration File
## Uncomment any of the following lines to change the defaults
## Main data folder
# DATA_FOLDER=data
## Individual folders, these override %DATA_FOLDER%
# DATABASE_URL=data/db.sqlite3
# RSA_KEY_FILENAME=data/rsa_key
# ICON_CACHE_FOLDER=data/icon_cache
# ATTACHMENTS_FOLDER=data/attachments
## Cache time-to-live for successfully obtained icons, in seconds (0 is "forever")
# ICON_CACHE_TTL=2592000
## Cache time-to-live for icons which weren't available, in seconds (0 is "forever")
# ICON_CACHE_NEGTTL=259200
## Web vault settings
# WEB_VAULT_FOLDER=web-vault/
# WEB_VAULT_ENABLED=true
## Controls the WebSocket server address and port
# WEBSOCKET_ADDRESS=0.0.0.0
# WEBSOCKET_PORT=3012
# WEBSOCKET_ENABLED=true
## Enable extended logging
## This shows timestamps and allows logging to file and to syslog
### To enable logging to file, use the LOG_FILE env variable
### To enable syslog, you need to compile with 'cargo build --features=enable_syslog'
# EXTENDED_LOGGING=true
## Logging to file
## This requires extended logging
## It's recommended to also set 'ROCKET_CLI_COLORS=off'
# LOG_FILE=/path/to/log
## Use a local favicon extractor
## Set to false to use bitwarden's official icon servers
## Set to true to use the local version, which is not as smart,
## but it doesn't send the cipher domains to bitwarden's servers
# LOCAL_ICON_EXTRACTOR=false
## Controls if new users can register
SIGNUPS_ALLOWED=true
## Token for the admin interface, preferably use a long random string
## One option is to use 'openssl rand -base64 48'
## If not set, the admin panel is disabled
ADMIN_TOKEN=${securekey}
## Invitations org admins to invite users, even when signups are disabled
INVITATIONS_ALLOWED=true
## Controls the PBBKDF password iterations to apply on the server
## The change only applies when the password is changed
# PASSWORD_ITERATIONS=100000
## Whether password hint should be sent into the error response when the client request it
# SHOW_PASSWORD_HINT=true
## Domain settings
## The domain must match the address from where you access the server
## Unless you are using U2F, or having problems with attachments not downloading, there is no need to change this
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
DOMAIN=https://${cname_fill}.${domain}
## Yubico (Yubikey) Settings
## Set your Client ID and Secret Key for Yubikey OTP
## You can generate it here: https://upgrade.yubico.com/getapikey/
## You can optionally specify a custom OTP server
# YUBICO_CLIENT_ID=11111
# YUBICO_SECRET_KEY=AAAAAAAAAAAAAAAAAAAAAAAA
# YUBICO_SERVER=http://yourdomain.com/wsapi/2.0/verify
## Rocket specific settings, check Rocket documentation to learn more
# ROCKET_ENV=staging
# ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app
# ROCKET_PORT=8000
# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
# SMTP_HOST=smtp.domain.tld
# SMTP_PORT=587
# SMTP_SSL=true
# SMTP_USERNAME=username
# SMTP_PASSWORD=password
EOF
fi
# YML EXPORT ###################################################################
container_core
cat <<- EOF > "/pg/apps/$pgrole.yml"
$container_header
### ALIGN WITH THE A ################################## START - EXTRAS #########
####### ALIGN WITH THE A ############################## CORE ###################
$container_start
published_ports:
- '${portcheck_add}${port_outside01}:${port_inside01}'
env:
$container_permissions
labels:
$container_traefik
$container_oddball
$container_ending
### ALIGN WITH THE A ################################## END - EXTRAS ###########
EOF
}