container/vaultwarden
1
0
Fork 0
Code Issues 1 Pull Requests 1 Releases 54 Activity

Compare commits

base: container:main
Branches Tags
container:main
container:renovate/vaultwarden-packages
container:v1.30.5+1
container:v1.30.3+1
container:v1.30.1+4
container:v1.30.1+3
container:v1.30.1+2
container:v1.30.1+1
container:1.29.2+2
container:1.29.2+1
container:v1.29.1+1
container:1.29.0+1
container:v1.28.1+2
container:v1.28.1-1
container:v1.27.0-1
container:v1.26.0-1
container:v1.25.2-2
container:v1.25.2-1
container:v1.25.1-1
container:v1.25.0-3
container:v1.25.0-2
container:v1.25.0-1
container:v1.24.0-3
container:v1.24.0-2
container:v1.24.0-1
container:v1.23.1-3
container:v1.23.1-2
container:v1.23.1-1
container:v1.23.0-1
container:v1.22.2-4
container:v1.22.2-3
container:v1.22.2-2
container:v1.22.2-1
container:v1.22.1-1
container:v1.21.0-1
container:v1.20.0-1
container:v1.19.0-2
container:v1.19.0-1
container:v1.18.0-2
container:v1.18.0-1
container:v1.17.0-3
container:v1.17.0-2
container:v1.17.0-1
container:v1.16.3-3
container:v1.16.3-2
container:v1.16.3-1
container:v1.16.1-1
container:v1.16.0-1
container:v1.15.1-1
container:v1.14.2-2
container:v1.14.2-1
container:v1.14.1-1
container:v1.13.1-4
container:v1.13.1-3
container:v1.13.1-2
container:v1.13.1-1
..
compare: container:v1.19.0-1
Branches Tags
container:main
container:renovate/vaultwarden-packages
container:v1.30.5+1
container:v1.30.3+1
container:v1.30.1+4
container:v1.30.1+3
container:v1.30.1+2
container:v1.30.1+1
container:1.29.2+2
container:1.29.2+1
container:v1.29.1+1
container:1.29.0+1
container:v1.28.1+2
container:v1.28.1-1
container:v1.27.0-1
container:v1.26.0-1
container:v1.25.2-2
container:v1.25.2-1
container:v1.25.1-1
container:v1.25.0-3
container:v1.25.0-2
container:v1.25.0-1
container:v1.24.0-3
container:v1.24.0-2
container:v1.24.0-1
container:v1.23.1-3
container:v1.23.1-2
container:v1.23.1-1
container:v1.23.0-1
container:v1.22.2-4
container:v1.22.2-3
container:v1.22.2-2
container:v1.22.2-1
container:v1.22.1-1
container:v1.21.0-1
container:v1.20.0-1
container:v1.19.0-2
container:v1.19.0-1
container:v1.18.0-2
container:v1.18.0-1
container:v1.17.0-3
container:v1.17.0-2
container:v1.17.0-1
container:v1.16.3-3
container:v1.16.3-2
container:v1.16.3-1
container:v1.16.1-1
container:v1.16.0-1
container:v1.15.1-1
container:v1.14.2-2
container:v1.14.2-1
container:v1.14.1-1
container:v1.13.1-4
container:v1.13.1-3
container:v1.13.1-2
container:v1.13.1-1

No commits in common. "main" and "v1.19.0-1" have entirely different histories.
main ... v1.19.0-1

22 changed files with 539 additions and 323 deletions
Show Stats Expand all files Collapse all files

23
.chglog/CHANGELOG.tpl.md Executable file
View File

@ -0,0 +1,23 @@
# Changelog
{{ range .Versions -}}
## {{ if .Tag.Previous }}[{{ .Tag.Name }}]({{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}){{ else }}{{ .Tag.Name }}{{ end }} ({{ datetime "2006-01-02" .Tag.Date }})
{{ range .CommitGroups -}}
### {{ .Title }}
{{ range .Commits -}}
- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
{{ end }}
{{ end -}}
{{- if .NoteGroups -}}
{{ range .NoteGroups -}}
### {{ .Title }}
{{ range .Notes }}
{{ .Body }}
{{ end }}
{{ end -}}
{{ end -}}
{{ end -}}

22
.chglog/config.yml Executable file
View File

@ -0,0 +1,22 @@
style: github
template: CHANGELOG.tpl.md
info:
title: CHANGELOG
repository_url: https://gitea.rknet.org/docker/bitwardenrs
options:
commit_groups:
title_maps:
feat: Features
fix: Bug Fixes
perf: Performance Improvements
refactor: Code Refactoring
chore: Others
header:
pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
pattern_maps:
- Type
- Scope
- Subject
notes:
keywords:
- BREAKING CHANGE

2
.dictionary
View File

@ -1,2 +0,0 @@
(V|v)aultwarden
Bitwarden

202
.drone.yml Normal file
View File

@ -0,0 +1,202 @@
---
kind: pipeline
name: test
platform:
os: linux
arch: amd64
steps:
- name: markdownlint
image: thegeeklab/markdownlint-cli
commands:
- markdownlint 'README.md'
trigger:
ref:
- refs/heads/main
- refs/pull/**
- refs/tags/**
---
kind: pipeline
name: build-container
platform:
os: linux
arch: amd64
steps:
- name: binary
image: clux/muslrust:nightly-2020-10-02
commands:
- apt-get -qq update && apt-get install -yqq --no-install-recommends libpq-dev
- make build
environment:
BUILD_VERSION: ${DRONE_TAG%-*}
- name: verify
image: alpine
commands:
- src/target/x86_64-unknown-linux-musl/release/bitwarden_rs --help
- src/target/x86_64-unknown-linux-musl/release/bitwarden_rs --version
depends_on:
- binary
- name: dryrun
image: thegeeklab/drone-docker-buildx:20
settings:
dockerfile: Dockerfile
dry_run: true
password:
from_secret: docker_password
repo: thegeeklab/${DRONE_REPO_NAME}
username:
from_secret: docker_username
when:
ref:
- refs/pull/**
depends_on:
- verify
- name: tags
image: thegeeklab/docker-autotag
environment:
DOCKER_AUTOTAG_FORCE_LATEST: True
DOCKER_AUTOTAG_IGNORE_PRERELEASE: True
DOCKER_AUTOTAG_OUTPUT_FILE: .tags
DOCKER_AUTOTAG_VERSION: ${DRONE_TAG}
when:
ref:
- refs/heads/main
- refs/tags/**
depends_on:
- dryrun
- name: publish-dockerhub
image: thegeeklab/drone-docker-buildx:20
settings:
dockerfile: Dockerfile
password:
from_secret: docker_password
repo: thegeeklab/${DRONE_REPO_NAME}
username:
from_secret: docker_username
when:
ref:
- refs/heads/main
- refs/tags/**
depends_on:
- tags
- name: publish-quay
image: thegeeklab/drone-docker-buildx:20
settings:
dockerfile: Dockerfile
password:
from_secret: quay_password
registry: quay.io
repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
username:
from_secret: quay_username
when:
ref:
- refs/heads/main
- refs/tags/**
depends_on:
- tags
- name: publish-gitea
image: plugins/gitea-release
settings:
api_key:
from_secret: gitea_token
base_url: https://gitea.rknet.org
note: CHANGELOG.md
overwrite: true
title: ${DRONE_TAG}
when:
ref:
- refs/tags/**
depends_on:
- publish-dockerhub
- publish-quay
trigger:
ref:
- refs/heads/main
- refs/pull/**
- refs/tags/**
depends_on:
- test
---
kind: pipeline
name: notifications
platform:
os: linux
arch: amd64
steps:
- name: pushrm-dockerhub
pull: always
image: chko/docker-pushrm:1
environment:
DOCKER_PASS:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
PUSHRM_FILE: README.md
PUSHRM_SHORT: Custom image for BitwardenRS password manager
PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
when:
status:
- success
- name: pushrm-quay
pull: always
image: chko/docker-pushrm:1
environment:
APIKEY__QUAY_IO:
from_secret: quay_token
PUSHRM_FILE: README.md
PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
when:
status:
- success
- name: matrix
image: plugins/matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
username:
from_secret: matrix_username
when:
status:
- success
- failure
trigger:
ref:
- refs/heads/main
- refs/tags/**
status:
- success
- failure
depends_on:
- build-container
---
kind: signature
hmac: f10893b34850c8b1edcb705709f1bcd661a1674b55deb31cf6799298b379b957
...

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
env*
test/
source/
CHANGELOG.md

47
.gitsv/config.yml
View File

@ -1,47 +0,0 @@
---
version: "1.1"
versioning:
update-major: []
update-minor: [feat]
update-patch: [fix, perf, refactor, chore, test, ci, docs]
tag:
pattern: "v%d.%d.%d"
release-notes:
sections:
- name: Features
commit-types: [feat]
section-type: commits
- name: Bug Fixes
commit-types: [fix]
section-type: commits
- name: Performance Improvements
commit-types: [perf]
section-type: commits
- name: Code Refactoring
commit-types: [refactor]
section-type: commits
- name: Others
commit-types: [chore]
section-type: commits
- name: Testing
commit-types: [test]
section-type: commits
- name: CI Pipeline
commit-types: [ci]
section-type: commits
- name: Documentation
commit-types: [docs]
section-type: commits
- name: BREAKING CHANGES
section-type: breaking-changes
commit-message:
footer:
issue:
key: issue
add-value-prefix: "#"
issue:
regex: "#?[0-9]+"

3
.prettierignore
View File

@ -1,2 +1 @@
*.tpl.md
LICENSE
.drone.yml

68
.woodpecker/build-container.yml
View File

@ -1,68 +0,0 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: security-build
image: quay.io/thegeeklab/wp-docker-buildx:4
settings:
containerfile: Containerfile
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
repo: thegeeklab/${CI_REPO_NAME}
cache_to: type=local,dest=oci/cache/${CI_REPO_NAME},mode=max
- name: security-scan
image: ghcr.io/aquasecurity/trivy
commands:
- trivy -v
- trivy image --input oci/${CI_REPO_NAME}
environment:
TRIVY_EXIT_CODE: "1"
TRIVY_IGNORE_UNFIXED: "true"
TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
- name: publish-dockerhub
image: quay.io/thegeeklab/wp-docker-buildx:4
group: container
settings:
auto_tag: true
containerfile: Containerfile
password:
from_secret: docker_password
provenance: false
repo: thegeeklab/${CI_REPO_NAME}
username:
from_secret: docker_username
cache_from:
- 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
- name: publish-quay
image: quay.io/thegeeklab/wp-docker-buildx:4
group: container
settings:
auto_tag: true
containerfile: Containerfile
password:
from_secret: quay_password
provenance: false
registry: quay.io
repo: quay.io/thegeeklab/${CI_REPO_NAME}
username:
from_secret: quay_username
cache_from:
- 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}

25
.woodpecker/build-package.yml
View File

@ -1,25 +0,0 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: changelog
image: quay.io/thegeeklab/git-sv
commands:
- git sv current-version
- git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
- cat CHANGELOG.md
- name: publish-gitea
image: quay.io/thegeeklab/wp-gitea-release
settings:
api_key:
from_secret: gitea_token
base_url: https://gitea.rknet.org
note: CHANGELOG.md
title: ${CI_COMMIT_TAG}
when:
- event: [tag]

62
.woodpecker/docs.yml
View File

@ -1,62 +0,0 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: markdownlint
image: quay.io/thegeeklab/markdownlint-cli
group: test
commands:
- markdownlint 'README.md'
- name: spellcheck
image: quay.io/thegeeklab/alpine-tools
group: test
commands:
- spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
environment:
FORCE_COLOR: "true"
- name: link-validation
image: docker.io/lycheeverse/lychee
group: test
commands:
- lychee --no-progress --format detailed README.md
- name: pushrm-dockerhub
image: docker.io/chko/docker-pushrm:1
secrets:
- source: docker_password
target: DOCKER_PASS
- source: docker_username
target: DOCKER_USER
environment:
PUSHRM_FILE: README.md
PUSHRM_SHORT: Custom image for Vaultwarden password manager
PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
status: [success]
- name: pushrm-quay
image: docker.io/chko/docker-pushrm:1
secrets:
- source: quay_token
target: APIKEY__QUAY_IO
environment:
PUSHRM_FILE: README.md
PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
status: [success]
depends_on:
- build-package
- build-container

26
.woodpecker/notify.yml
View File

@ -1,26 +0,0 @@
---
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
runs_on: [success, failure]
steps:
- name: matrix
image: quay.io/thegeeklab/wp-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
username:
from_secret: matrix_username
when:
- status: [success, failure]
depends_on:
- docs

9
CHANGELOG.md Normal file
View File

@ -0,0 +1,9 @@
# Changelog
## [v1.19.0-1](https://gitea.rknet.org/docker/bitwardenrs/compare/v1.18.0-2...v1.19.0-1) (2021-02-07)
### Others
- **deps:** update dependency dani-garcia/bitwarden_rs to v1.19.0 ([#23](https://gitea.rknet.org/docker/bitwardenrs/issues/23))
- **deps:** update thegeeklab/alpine:latest docker digest to 58bffcf

73
Containerfile
View File

@ -1,73 +0,0 @@
FROM docker.io/clux/muslrust:1.78.0-stable@sha256:f1a3636c322c49f7eb2976cc2ebbfe8a0c69c21d40e3eaa6c312c0bb4c218000 as build
ARG WEBVAULT_VERSION
ARG VAULTWARDEN_VERSION
ARG DEBIAN_FRONTEND=noninteractive
ARG LANG=C.UTF-8
ARG TZ=UTC
ARG RUSTFLAGS="-C link-arg=-s"
ARG DB=sqlite,postgresql
ARG TARGETPLATFORM
# renovate: datasource=github-releases depName=dani-garcia/bw_web_builds versioning=loose
ENV WEBVAULT_VERSION="${WEBVAULT_VERSION:-v2024.3.1}"
# renovate: datasource=github-releases depName=dani-garcia/vaultwarden
ENV VAULTWARDEN_VERSION="${VAULTWARDEN_VERSION:-1.30.5}"
WORKDIR /src
RUN apt-get update && apt-get install -y --no-install-recommends && \
mkdir -p /release/web-vault && \
mkdir -p /data
RUN echo "Using Vaultwarden version '${VAULTWARDEN_VERSION##v}'" && \
curl -sSL "https://github.com/dani-garcia/vaultwarden/archive/${VAULTWARDEN_VERSION##v}.tar.gz" | \
tar xz --strip-components=1 && \
echo "Using Web Vault version '${WEBVAULT_VERSION##v}'" && \
curl -SsfL "https://github.com/dani-garcia/bw_web_builds/releases/download/${WEBVAULT_VERSION}/bw_web_${WEBVAULT_VERSION}.tar.gz" | \
tar xz -C /release
RUN echo "Building for platform '$TARGETPLATFORM'" && \
case "$TARGETPLATFORM" in \
"linux/amd64") echo x86_64-unknown-linux-musl > rust_target ;; \
"linux/arm64") echo aarch64-unknown-linux-musl > rust_target ;; \
*) exit 1 ;; \
esac
RUN rustup set profile minimal && \
rustup target add $(cat rust_target) && \
VW_VERSION="${VAULTWARDEN_VERSION##v}" cargo build -j 4 --features "$DB" --target $(cat rust_target) --release
RUN ldd target/$(cat rust_target)/release/vaultwarden && \
target/$(cat rust_target)/release/vaultwarden --help && \
target/$(cat rust_target)/release/vaultwarden --version
FROM docker.io/alpine:3.20@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.title="Vaultwarden"
LABEL org.opencontainers.image.url="https://gitea.rknet.org/container/vaultwarden"
LABEL org.opencontainers.image.source="https://gitea.rknet.org/container/vaultwarden"
LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/container/vaultwarden"
ENV DATA_FOLDER=/data
ENV ROCKET_ADDRESS=0.0.0.0
ENV ROCKET_PORT=8000
ENV WEBSOCKET_ADDRESS=0.0.0.0
ENV WEBSOCKET_PORT=3012
COPY --from=build --chown=65532:65532 /data /data
COPY --from=build /release/web-vault /web-vault
COPY --from=build /src/target/**/release/vaultwarden /bin/vaultwarden
EXPOSE 8000
EXPOSE 3012
STOPSIGNAL SIGTERM
USER 65532
CMD ["/bin/vaultwarden"]

42
Dockerfile Normal file
View File

@ -0,0 +1,42 @@
FROM thegeeklab/alpine:latest@sha256:58bffcff0cb1124cd0489a0168c56e097637919422edd111b1e96220ed631c28
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.title="bitwardenrs"
LABEL org.opencontainers.image.url="https://gitea.rknet.org/docker/bitwardenrs"
LABEL org.opencontainers.image.source="https://gitea.rknet.org/docker/bitwardenrs"
LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/bitwardenrs"
ARG VAULT_VERSION
# renovate: datasource=github-releases depName=dani-garcia/bw_web_builds
ENV VAULT_VERSION="${VAULT_VERSION:-v2.18.1}"
ADD overlay/ /
RUN apk --update add --virtual .build-deps tar curl && \
apk --update add openssl postgresql-libs sqlite ca-certificates && \
mkdir -p /app/web-vault /app/data && \
echo "Using Web Vault version '${VAULT_VERSION##v}' ..." && \
curl -SsL "https://github.com/dani-garcia/bw_web_builds/releases/download/${VAULT_VERSION}/bw_web_${VAULT_VERSION}.tar.gz" | \
tar xz -C /app && \
apk del .build-deps && \
rm -rf /var/cache/apk/* && \
rm -rf /tmp/* && \
chown -R app:app /app
ADD src/Rocket.toml /app
ADD src/target/x86_64-unknown-linux-musl/release/bitwarden_rs /app
VOLUME /app/data
EXPOSE 8080
EXPOSE 3012
USER app
STOPSIGNAL SIGTERM
ENTRYPOINT ["/usr/local/bin/entrypoint"]
HEALTHCHECK --interval=10s --timeout=3s --retries=3 CMD /usr/local/bin/healthcheck
WORKDIR /app
CMD []

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
Copyright (c) 2021 Robert Kaussow <mail@thegeeklab.de>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

29
Makefile Normal file
View File

@ -0,0 +1,29 @@
# renovate: datasource=github-releases depName=dani-garcia/bitwarden_rs
export BUILD_VERSION ?= 1.19.0
export DEBIAN_FRONTEND ?= noninteractive
export LANG ?= C.UTF-8
export TZ ?= UTC
DB ?= sqlite,postgresql
SRC := src
.PHONY: all
all: build
.PHONY: build
build: build-src build-bin
.PHONY: build-src
build-src:
mkdir -p $(SRC); \
curl -sSL "https://github.com/dani-garcia/bitwarden_rs/archive/$${BUILD_VERSION##v}.tar.gz" | tar xz -C $(SRC) --strip-components=1
.PHONY: build-bin
build-bin:
rustup set profile minimal && \
cd $(SRC) && \
rustup target add x86_64-unknown-linux-musl && \
BWRS_VERSION="$${BUILD_VERSION##v}" cargo build -j 8 --features $(DB) --release
.PHONY: clean
clean:
rm -rf $(SRC)

80
README.md
View File

@ -1,25 +1,79 @@
# vaultwarden
# bitwardenrs
Custom image for Vaultwarden password manager
Custom image for BitwardenRS password manager
<!-- spellchecker-disable -->
[![Build Status](https://img.shields.io/drone/build/docker/bitwardenrs?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/bitwardenrs)
[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/bitwardenrs)
[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/bitwardenrs)
[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/bitwardenrs)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/bitwardenrs/src/branch/main/LICENSE)
[![Build Status](https://ci.rknet.org/api/badges/container/vaultwarden/status.svg)](https://ci.rknet.org/repos/container/vaultwarden)
[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/vaultwarden)
[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/vaultwarden)
[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/container/vaultwarden)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/container/vaultwarden/src/branch/main/LICENSE)
This is a rootless custom Docker image for [bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs). Bitwarden_rs is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
<!-- spellchecker-enable -->
> **WARNING**: This build supports SQLite and PostgreSQL database backend only.
Custom rootless container image for [Vaultwarden](https://github.com/dani-garcia/vaultwarden). Vaultwarden is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients.
## Usage
> **WARNING**: This version only supports SQLite and PostgreSQL databases.
### Docker Compose
Please take a look at the [example](https://gitea.rknet.org/docker/bitwardenrs/src/branch/main/docker-compose.yml) compose file from the git repo.
## Configuration
In Vaultwarden the configuration can be done either via environment variables or the admin page. A complete list of all environment variables can be found in the [Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden/blob/main/.env.template).
```Shell
BITWARDENRS_DATABASE_URL=
BITWARDENRS_TEMPLATES_FOLDER=
BITWARDENRS_RELOAD_TEMPLATES=False
BITWARDENRS_IP_HEADER=X-Client-IP
BITWARDENRS_ICON_CACHE_TTL=2592000
BITWARDENRS_ICON_CACHE_NEGTTL=259200
BITWARDENRS_WEB_VAULT_ENABLED=True
BITWARDENRS_WEBSOCKET_ENABLED=False
BITWARDENRS_EXTENDED_LOGGING=True
BITWARDENRS_LOG_LEVEL=Info
BITWARDENRS_DISABLE_ICON_DOWNLOAD=False
BITWARDENRS_ICON_DOWNLOAD_TIMEOUT=10
BITWARDENRS_ICON_BLACKLIST_REGEXL=
BITWARDENRS_ICON_BLACKLIST_NON_GLOBAL_IPS=True
BITWARDENRS_DISABLE_2FA_REMEMBER=False
BITWARDENRS_SIGNUPS_ALLOWED=True
BITWARDENRS_SIGNUPS_VERIFY=False
BITWARDENRS_SIGNUPS_VERIFY_RESEND_TIME=3600
BITWARDENRS_SIGNUPS_VERIFY_RESEND_LIMIT=6
BITWARDENRS_SIGNUPS_DOMAINS_WHITELIST=
BITWARDENRS_INVITATIONS_ALLOWED=True
# Set an indicidual admin token to enable the admin UI
BITWARDENRS_ADMIN_TOKEN=
BITWARDENRS_PASSWORD_ITERATIONS=100000
BITWARDENRS_SHOW_PASSWORD_HINT=True
BITWARDENRS_DOMAIN=http://localhost/
BITWARDENRS_AUTHENTICATOR_DISABLE_TIME_DRIFT=False
# If you dont set a smtp host, all other smpt settings will be ignored
BITWARDENRS_SMTP_HOST=
BITWARDENRS_SMTP_FROM=
BITWARDENRS_SMTP_FROM_NAME=Bitwarden_RS
BITWARDENRS_SMTP_PORT=587
BITWARDENRS_SMTP_SSL=True
BITWARDENRS_SMTP_USERNAME=
BITWARDENRS_SMTP_PASSWORD=
BITWARDENRS_SMTP_AUTH_MECHANISM=Plain
BITWARDENRS_SMTP_TIMEOUT=15
BITWARDENRS_ROCKET_WORKERS=
```
## License
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/container/vaultwarden/src/branch/main/LICENSE) file for details.
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/bitwardenrs/src/branch/main/LICENSE) file for details.

28
docker-compose.yml Normal file
View File

@ -0,0 +1,28 @@
---
version: "3"
services:
postgres:
container_name: postgres
image: postgres
environment:
POSTGRES_DB: bitwarden
POSTGRES_PASSWORD: pass
POSTGRES_USER: user
bitwardenrs:
container_name: bitwardenrs
image: thegeeklab/bitwardenrs
depends_on:
- postgres
ports:
- "80:8080"
volumes:
- data:/app/data
environment:
BITWARDENRS_DATABASE_URL: postgresql://user:pass@bitwardenrs_postgres:5432/bitwarden
BITWARDENRS_ADMIN_TOKEN: test
volumes:
data:
driver: local

85
overlay/etc/templates/env.tmpl Normal file
View File

@ -0,0 +1,85 @@
## Bitwarden_RS Configuration File
DATA_FOLDER=/app/data
RSA_KEY_FILENAME=/app/data/rsa_key
ICON_CACHE_FOLDER=/app/data/icon_cache
ATTACHMENTS_FOLDER=/app/data/attachments
{{ if (getenv "BITWARDENRS_DATABASE_URL") -}}
DATABASE_URL={{ getenv "BITWARDENRS_DATABASE_URL" }}
{{ end -}}
USER_ATTACHMENT_LIMIT={{ getenv "BITWARDENRS_USER_ATTACHMENT_LIMIT" "1024" }}
ORG_ATTACHMENT_LIMIT={{ getenv "BITWARDENRS_ORG_ATTACHMENT_LIMIT" "1024" }}
{{ if (getenv "BITWARDENRS_TEMPLATES_FOLDER") -}}
TEMPLATES_FOLDER={{ getenv "BITWARDENRS_TEMPLATES_FOLDER" }}
{{ end -}}
RELOAD_TEMPLATES={{ getenv "BITWARDENRS_RELOAD_TEMPLATES" "false" | conv.Bool }}
IP_HEADER={{ getenv "BITWARDENRS_IP_HEADER" "X-Client-IP" }}
ICON_CACHE_TTL={{ getenv "BITWARDENRS_ICON_CACHE_TTL" "2592000" }}
ICON_CACHE_NEGTTL={{ getenv "BITWARDENRS_ICON_CACHE_NEGTTL" "259200" }}
WEB_VAULT_FOLDER=/app/web-vault/
WEB_VAULT_ENABLED={{ getenv "BITWARDENRS_WEB_VAULT_ENABLED" "true" | conv.Bool }}
WEBSOCKET_ENABLED={{ getenv "BITWARDENRS_WEBSOCKET_ENABLED" "false" | conv.Bool }}
WEBSOCKET_ADDRESS=0.0.0.0
WEBSOCKET_PORT=3012
EXTENDED_LOGGING={{ getenv "BITWARDENRS_EXTENDED_LOGGING" "true" | conv.Bool }}
LOG_LEVEL={{ getenv "BITWARDENRS_LOG_LEVEL" "Info" }}
ENABLE_DB_WAL=true
DISABLE_ICON_DOWNLOAD={{ getenv "BITWARDENRS_DISABLE_ICON_DOWNLOAD" "false" | conv.Bool }}
ICON_DOWNLOAD_TIMEOUT={{ getenv "BITWARDENRS_ICON_DOWNLOAD_TIMEOUT" "10" }}
{{ if (getenv "BITWARDENRS_ICON_BLACKLIST_REGEXL") -}}
ICON_BLACKLIST_REGEX={{ getenv "BITWARDENRS_ICON_BLACKLIST_REGEXL" }}
{{ end -}}
ICON_BLACKLIST_NON_GLOBAL_IPS={{ getenv "BITWARDENRS_ICON_BLACKLIST_NON_GLOBAL_IPS" "true" | conv.Bool }}
DISABLE_2FA_REMEMBER={{ getenv "BITWARDENRS_DISABLE_2FA_REMEMBER" "false" | conv.Bool }}
SIGNUPS_ALLOWED={{ getenv "BITWARDENRS_SIGNUPS_ALLOWED" "true" | conv.Bool }}
SIGNUPS_VERIFY={{ getenv "BITWARDENRS_SIGNUPS_VERIFY" "false" | conv.Bool }}
SIGNUPS_VERIFY_RESEND_TIME={{ getenv "BITWARDENRS_SIGNUPS_VERIFY_RESEND_TIME" "3600" }}
SIGNUPS_VERIFY_RESEND_LIMIT={{ getenv "BITWARDENRS_SIGNUPS_VERIFY_RESEND_LIMIT" "6" }}
{{ if (getenv "BITWARDENRS_SIGNUPS_DOMAINS_WHITELIST") -}}
SIGNUPS_DOMAINS_WHITELIST={{ getenv "BITWARDENRS_SIGNUPS_DOMAINS_WHITELIST" }}
{{ end -}}
INVITATIONS_ALLOWED={{ getenv "BITWARDENRS_INVITATIONS_ALLOWED" "true" | conv.Bool }}
INVITATION_ORG_NAME={{ getenv "BITWARDENRS_INVITATION_ORG_NAME" "Bitwarden_RS" }}
{{ if (getenv "BITWARDENRS_ADMIN_TOKEN") -}}
ADMIN_TOKEN={{ getenv "BITWARDENRS_ADMIN_TOKEN" }}
{{ end -}}
DISABLE_ADMIN_TOKEN=false
PASSWORD_ITERATIONS={{ getenv "BITWARDENRS_PASSWORD_ITERATIONS" "100000" }}
SHOW_PASSWORD_HINT={{ getenv "BITWARDENRS_SHOW_PASSWORD_HINT" "true" | conv.Bool }}
DOMAIN={{ getenv "BITWARDENRS_DOMAIN" "http://localhost/" }}
AUTHENTICATOR_DISABLE_TIME_DRIFT={{ getenv "BITWARDENRS_AUTHENTICATOR_DISABLE_TIME_DRIFT" "false" | conv.Bool }}
ROCKET_ADDRESS=0.0.0.0
ROCKET_PORT=8080
{{ if (getenv "BITWARDENRS_ROCKET_WORKERS") -}}
ROCKET_WORKERS={{ getenv "BITWARDENRS_ROCKET_WORKERS" }}
{{ end -}}
{{ if (getenv "BITWARDENRS_SMTP_HOST") -}}
SMTP_HOST={{ getenv "BITWARDENRS_SMTP_HOST" }}
SMTP_FROM={{ getenv "BITWARDENRS_SMTP_FROM" }}
SMTP_FROM_NAME={{ getenv "BITWARDENRS_SMTP_FROM_NAME" "Bitwarden_RS" }}
SMTP_PORT={{ getenv "BITWARDENRS_SMTP_PORT" "587" }}
SMTP_SSL={{ getenv "BITWARDENRS_SMTP_SSL" "true" | conv.Bool }}
{{ if (getenv "BITWARDENRS_SMTP_USERNAME") -}}
SMTP_USERNAME={{ getenv "BITWARDENRS_SMTP_USERNAME" }}
SMTP_PASSWORD={{ getenv "BITWARDENRS_SMTP_PASSWORD" }}
{{ end -}}
SMTP_AUTH_MECHANISM={{ getenv "BITWARDENRS_SMTP_AUTH_MECHANISM" "Plain" }}
SMTP_TIMEOUT={{ getenv "BITWARDENRS_SMTP_TIMEOUT" "15" }}
{{ end -}}

17
overlay/usr/local/bin/entrypoint Executable file
View File

@ -0,0 +1,17 @@
#!/usr/bin/env sh
set -eo pipefail
/usr/local/bin/gomplate -o /app/.env -f /etc/templates/env.tmpl
if [ -n "$BITWARDENRS_DATABASE_URL" ]
then
WAITFOR_HOST=$(/usr/local/bin/url-parser host --url "$BITWARDENRS_DATABASE_URL")
WAITFOR_PORT=$(/usr/local/bin/url-parser port --url "$BITWARDENRS_DATABASE_URL")
printf "Wait for database server on '%s:%s' ...\n" "${WAITFOR_HOST}" "${WAITFOR_PORT:-5432}"
/usr/local/bin/wait-for "${WAITFOR_HOST}":"${WAITFOR_PORT:-5432}"
fi
printf "Start Bitwarden Server ...\n"
exec /app/bitwarden_rs

10
overlay/usr/local/bin/healthcheck Executable file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env sh
set -eo pipefail
URL=http://127.0.0.1:8080/alive
wget --quiet --tries=1 --spider ${URL}
[ $? -ne 0 ] && exit 1
exit 0

6
renovate.json
View File

@ -3,9 +3,9 @@
"extends": ["github>thegeeklab/renovate-presets:docker"],
"packageRules": [
{
"groupName": "vaultwarden packages",
"matchDatasources": ["github-releases"],
"matchPackagePatterns": ["^dani-garcia"]
"datasources": ["github-releases"],
"groupName": "Bitwarden RS packages",
"packagePatterns": ["^dani-garcia"]
}
]
}