Compare commits
No commits in common. "main" and "v1.20.0-1" have entirely different histories.
23
.chglog/CHANGELOG.tpl.md
Executable file
23
.chglog/CHANGELOG.tpl.md
Executable file
@ -0,0 +1,23 @@
|
||||
# Changelog
|
||||
|
||||
{{ range .Versions -}}
|
||||
## {{ if .Tag.Previous }}[{{ .Tag.Name }}]({{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}){{ else }}{{ .Tag.Name }}{{ end }} ({{ datetime "2006-01-02" .Tag.Date }})
|
||||
|
||||
{{ range .CommitGroups -}}
|
||||
### {{ .Title }}
|
||||
|
||||
{{ range .Commits -}}
|
||||
- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
|
||||
{{ end }}
|
||||
{{ end -}}
|
||||
|
||||
{{- if .NoteGroups -}}
|
||||
{{ range .NoteGroups -}}
|
||||
### {{ .Title }}
|
||||
|
||||
{{ range .Notes }}
|
||||
{{ .Body }}
|
||||
{{ end }}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
25
.chglog/config.yml
Executable file
25
.chglog/config.yml
Executable file
@ -0,0 +1,25 @@
|
||||
style: github
|
||||
template: CHANGELOG.tpl.md
|
||||
info:
|
||||
title: CHANGELOG
|
||||
repository_url: https://gitea.rknet.org/docker/bitwardenrs
|
||||
options:
|
||||
commit_groups:
|
||||
title_maps:
|
||||
feat: Features
|
||||
fix: Bug Fixes
|
||||
perf: Performance Improvements
|
||||
refactor: Code Refactoring
|
||||
chore: Others
|
||||
test: Testing
|
||||
ci: CI Pipeline
|
||||
docs: Documentation
|
||||
header:
|
||||
pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
|
||||
pattern_maps:
|
||||
- Type
|
||||
- Scope
|
||||
- Subject
|
||||
notes:
|
||||
keywords:
|
||||
- BREAKING CHANGE
|
@ -1,2 +0,0 @@
|
||||
(V|v)aultwarden
|
||||
Bitwarden
|
211
.drone.yml
Normal file
211
.drone.yml
Normal file
@ -0,0 +1,211 @@
|
||||
---
|
||||
kind: pipeline
|
||||
name: test
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: markdownlint
|
||||
image: thegeeklab/markdownlint-cli
|
||||
commands:
|
||||
- markdownlint 'README.md'
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/pull/**
|
||||
- refs/tags/**
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: build-container
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: binary
|
||||
image: clux/muslrust:nightly-2020-10-02
|
||||
commands:
|
||||
- apt-get -qq update && apt-get install -yqq --no-install-recommends libpq-dev
|
||||
- make build
|
||||
environment:
|
||||
BUILD_VERSION: ${DRONE_TAG%-*}
|
||||
|
||||
- name: verify
|
||||
image: alpine
|
||||
commands:
|
||||
- src/target/x86_64-unknown-linux-musl/release/bitwarden_rs --help
|
||||
- src/target/x86_64-unknown-linux-musl/release/bitwarden_rs --version
|
||||
depends_on:
|
||||
- binary
|
||||
|
||||
- name: dryrun
|
||||
image: thegeeklab/drone-docker-buildx:20
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
dry_run: true
|
||||
password:
|
||||
from_secret: docker_password
|
||||
repo: thegeeklab/${DRONE_REPO_NAME}
|
||||
username:
|
||||
from_secret: docker_username
|
||||
when:
|
||||
ref:
|
||||
- refs/pull/**
|
||||
depends_on:
|
||||
- verify
|
||||
|
||||
- name: tags
|
||||
image: thegeeklab/docker-autotag
|
||||
environment:
|
||||
DOCKER_AUTOTAG_FORCE_LATEST: True
|
||||
DOCKER_AUTOTAG_IGNORE_PRERELEASE: True
|
||||
DOCKER_AUTOTAG_OUTPUT_FILE: .tags
|
||||
DOCKER_AUTOTAG_VERSION: ${DRONE_TAG}
|
||||
when:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
depends_on:
|
||||
- dryrun
|
||||
|
||||
- name: changelog
|
||||
image: thegeeklab/git-chglog
|
||||
commands:
|
||||
- git fetch -tq
|
||||
- git-chglog --no-color --no-emoji ${DRONE_TAG:---next-tag unreleased unreleased}
|
||||
- git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
|
||||
depends_on:
|
||||
- tags
|
||||
|
||||
- name: publish-dockerhub
|
||||
image: thegeeklab/drone-docker-buildx:20
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
password:
|
||||
from_secret: docker_password
|
||||
repo: thegeeklab/${DRONE_REPO_NAME}
|
||||
username:
|
||||
from_secret: docker_username
|
||||
when:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
depends_on:
|
||||
- changelog
|
||||
|
||||
- name: publish-quay
|
||||
image: thegeeklab/drone-docker-buildx:20
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
password:
|
||||
from_secret: quay_password
|
||||
registry: quay.io
|
||||
repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
|
||||
username:
|
||||
from_secret: quay_username
|
||||
when:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
depends_on:
|
||||
- changelog
|
||||
|
||||
- name: publish-gitea
|
||||
image: plugins/gitea-release
|
||||
settings:
|
||||
api_key:
|
||||
from_secret: gitea_token
|
||||
base_url: https://gitea.rknet.org
|
||||
note: CHANGELOG.md
|
||||
overwrite: true
|
||||
title: ${DRONE_TAG}
|
||||
when:
|
||||
ref:
|
||||
- refs/tags/**
|
||||
depends_on:
|
||||
- publish-dockerhub
|
||||
- publish-quay
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/pull/**
|
||||
- refs/tags/**
|
||||
|
||||
depends_on:
|
||||
- test
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: notifications
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: pushrm-dockerhub
|
||||
pull: always
|
||||
image: chko/docker-pushrm:1
|
||||
environment:
|
||||
DOCKER_PASS:
|
||||
from_secret: docker_password
|
||||
DOCKER_USER:
|
||||
from_secret: docker_username
|
||||
PUSHRM_FILE: README.md
|
||||
PUSHRM_SHORT: Custom image for BitwardenRS password manager
|
||||
PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
|
||||
when:
|
||||
status:
|
||||
- success
|
||||
|
||||
- name: pushrm-quay
|
||||
pull: always
|
||||
image: chko/docker-pushrm:1
|
||||
environment:
|
||||
APIKEY__QUAY_IO:
|
||||
from_secret: quay_token
|
||||
PUSHRM_FILE: README.md
|
||||
PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
|
||||
when:
|
||||
status:
|
||||
- success
|
||||
|
||||
- name: matrix
|
||||
image: plugins/matrix
|
||||
settings:
|
||||
homeserver:
|
||||
from_secret: matrix_homeserver
|
||||
password:
|
||||
from_secret: matrix_password
|
||||
roomid:
|
||||
from_secret: matrix_roomid
|
||||
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
|
||||
username:
|
||||
from_secret: matrix_username
|
||||
when:
|
||||
status:
|
||||
- success
|
||||
- failure
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
status:
|
||||
- success
|
||||
- failure
|
||||
|
||||
depends_on:
|
||||
- build-container
|
||||
|
||||
---
|
||||
kind: signature
|
||||
hmac: 657e5b191f868dcd0863820de29c25538a4e1d0e3a1ff2db9ed182f9a27397a5
|
||||
|
||||
...
|
@ -1,47 +0,0 @@
|
||||
---
|
||||
version: "1.1"
|
||||
|
||||
versioning:
|
||||
update-major: []
|
||||
update-minor: [feat]
|
||||
update-patch: [fix, perf, refactor, chore, test, ci, docs]
|
||||
|
||||
tag:
|
||||
pattern: "v%d.%d.%d"
|
||||
|
||||
release-notes:
|
||||
sections:
|
||||
- name: Features
|
||||
commit-types: [feat]
|
||||
section-type: commits
|
||||
- name: Bug Fixes
|
||||
commit-types: [fix]
|
||||
section-type: commits
|
||||
- name: Performance Improvements
|
||||
commit-types: [perf]
|
||||
section-type: commits
|
||||
- name: Code Refactoring
|
||||
commit-types: [refactor]
|
||||
section-type: commits
|
||||
- name: Others
|
||||
commit-types: [chore]
|
||||
section-type: commits
|
||||
- name: Testing
|
||||
commit-types: [test]
|
||||
section-type: commits
|
||||
- name: CI Pipeline
|
||||
commit-types: [ci]
|
||||
section-type: commits
|
||||
- name: Documentation
|
||||
commit-types: [docs]
|
||||
section-type: commits
|
||||
- name: BREAKING CHANGES
|
||||
section-type: breaking-changes
|
||||
|
||||
commit-message:
|
||||
footer:
|
||||
issue:
|
||||
key: issue
|
||||
add-value-prefix: "#"
|
||||
issue:
|
||||
regex: "#?[0-9]+"
|
@ -1,2 +1 @@
|
||||
*.tpl.md
|
||||
LICENSE
|
||||
.drone.yml
|
||||
|
@ -1,72 +0,0 @@
|
||||
---
|
||||
when:
|
||||
- event: [pull_request, tag]
|
||||
- event: [push, manual]
|
||||
branch:
|
||||
- ${CI_REPO_DEFAULT_BRANCH}
|
||||
|
||||
steps:
|
||||
- name: security-build
|
||||
image: quay.io/thegeeklab/wp-docker-buildx:5
|
||||
settings:
|
||||
containerfile: Containerfile
|
||||
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
|
||||
repo: thegeeklab/${CI_REPO_NAME}
|
||||
cache_to: type=local,dest=oci/cache/${CI_REPO_NAME},mode=max
|
||||
registry_config:
|
||||
from_secret: DOCKER_REGISTRY_CONFIG_PULL
|
||||
|
||||
- name: security-scan
|
||||
image: docker.io/aquasec/trivy
|
||||
depends_on: security-build
|
||||
commands:
|
||||
- trivy -v
|
||||
- trivy image --input oci/${CI_REPO_NAME}
|
||||
environment:
|
||||
TRIVY_EXIT_CODE: "1"
|
||||
TRIVY_IGNORE_UNFIXED: "true"
|
||||
TRIVY_NO_PROGRESS: "true"
|
||||
TRIVY_SEVERITY: HIGH,CRITICAL
|
||||
TRIVY_TIMEOUT: 1m
|
||||
TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
|
||||
|
||||
- name: publish-dockerhub
|
||||
image: quay.io/thegeeklab/wp-docker-buildx:5
|
||||
depends_on: security-scan
|
||||
settings:
|
||||
auto_tag: true
|
||||
containerfile: Containerfile
|
||||
password:
|
||||
from_secret: docker_password
|
||||
provenance: false
|
||||
repo: thegeeklab/${CI_REPO_NAME}
|
||||
username:
|
||||
from_secret: docker_username
|
||||
cache_from:
|
||||
- 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
|
||||
when:
|
||||
- event: [tag]
|
||||
- event: [push, manual]
|
||||
branch:
|
||||
- ${CI_REPO_DEFAULT_BRANCH}
|
||||
|
||||
- name: publish-quay
|
||||
image: quay.io/thegeeklab/wp-docker-buildx:5
|
||||
depends_on: security-scan
|
||||
settings:
|
||||
auto_tag: true
|
||||
containerfile: Containerfile
|
||||
password:
|
||||
from_secret: quay_password
|
||||
provenance: false
|
||||
registry: quay.io
|
||||
repo: quay.io/thegeeklab/${CI_REPO_NAME}
|
||||
username:
|
||||
from_secret: quay_username
|
||||
cache_from:
|
||||
- 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
|
||||
when:
|
||||
- event: [tag]
|
||||
- event: [push, manual]
|
||||
branch:
|
||||
- ${CI_REPO_DEFAULT_BRANCH}
|
@ -1,25 +0,0 @@
|
||||
---
|
||||
when:
|
||||
- event: [pull_request, tag]
|
||||
- event: [push, manual]
|
||||
branch:
|
||||
- ${CI_REPO_DEFAULT_BRANCH}
|
||||
|
||||
steps:
|
||||
- name: changelog
|
||||
image: quay.io/thegeeklab/git-sv
|
||||
commands:
|
||||
- git sv current-version
|
||||
- git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
|
||||
- cat CHANGELOG.md
|
||||
|
||||
- name: publish-gitea
|
||||
image: quay.io/thegeeklab/wp-gitea-release
|
||||
settings:
|
||||
api_key:
|
||||
from_secret: gitea_token
|
||||
base_url: https://gitea.rknet.org
|
||||
note: CHANGELOG.md
|
||||
title: ${CI_COMMIT_TAG}
|
||||
when:
|
||||
- event: [tag]
|
@ -1,59 +0,0 @@
|
||||
---
|
||||
when:
|
||||
- event: [pull_request, tag]
|
||||
- event: [push, manual]
|
||||
branch:
|
||||
- ${CI_REPO_DEFAULT_BRANCH}
|
||||
|
||||
steps:
|
||||
- name: markdownlint
|
||||
image: quay.io/thegeeklab/markdownlint-cli
|
||||
commands:
|
||||
- markdownlint 'README.md'
|
||||
|
||||
- name: spellcheck
|
||||
image: quay.io/thegeeklab/alpine-tools
|
||||
commands:
|
||||
- spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
|
||||
environment:
|
||||
FORCE_COLOR: "true"
|
||||
|
||||
- name: link-validation
|
||||
image: docker.io/lycheeverse/lychee
|
||||
commands:
|
||||
- lychee --no-progress --format detailed README.md
|
||||
|
||||
- name: pushrm-dockerhub
|
||||
image: docker.io/chko/docker-pushrm:1
|
||||
depends_on: [markdownlint, spellcheck, link-validation]
|
||||
environment:
|
||||
DOCKER_PASS:
|
||||
from_secret: docker_password
|
||||
DOCKER_USER:
|
||||
from_secret: docker_username
|
||||
PUSHRM_FILE: README.md
|
||||
PUSHRM_SHORT: Custom image for Vaultwarden password manager
|
||||
PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
|
||||
when:
|
||||
- event: [push, manual]
|
||||
branch:
|
||||
- ${CI_REPO_DEFAULT_BRANCH}
|
||||
status: [success]
|
||||
|
||||
- name: pushrm-quay
|
||||
image: docker.io/chko/docker-pushrm:1
|
||||
depends_on: [markdownlint, spellcheck, link-validation]
|
||||
environment:
|
||||
APIKEY__QUAY_IO:
|
||||
from_secret: quay_token
|
||||
PUSHRM_FILE: README.md
|
||||
PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
|
||||
when:
|
||||
- event: [push, manual]
|
||||
branch:
|
||||
- ${CI_REPO_DEFAULT_BRANCH}
|
||||
status: [success]
|
||||
|
||||
depends_on:
|
||||
- build-package
|
||||
- build-container
|
@ -1,26 +0,0 @@
|
||||
---
|
||||
when:
|
||||
- event: [tag]
|
||||
- event: [push, manual]
|
||||
branch:
|
||||
- ${CI_REPO_DEFAULT_BRANCH}
|
||||
|
||||
runs_on: [success, failure]
|
||||
|
||||
steps:
|
||||
- name: matrix
|
||||
image: quay.io/thegeeklab/wp-matrix
|
||||
settings:
|
||||
homeserver:
|
||||
from_secret: matrix_homeserver
|
||||
room_id:
|
||||
from_secret: matrix_room_id
|
||||
user_id:
|
||||
from_secret: matrix_user_id
|
||||
access_token:
|
||||
from_secret: matrix_access_token
|
||||
when:
|
||||
- status: [success, failure]
|
||||
|
||||
depends_on:
|
||||
- docs
|
@ -1,75 +0,0 @@
|
||||
FROM docker.io/clux/muslrust:1.82.0-stable@sha256:30938544fe77218583d8fcf96f5e6c0c8a29e87abc0a5f1a6943e3bba607f8ae AS build
|
||||
|
||||
ARG WEBVAULT_VERSION
|
||||
ARG VAULTWARDEN_VERSION
|
||||
|
||||
ARG DEBIAN_FRONTEND=noninteractive
|
||||
ARG LANG=C.UTF-8
|
||||
ARG TZ=UTC
|
||||
ARG RUSTFLAGS="-C link-arg=-s"
|
||||
ARG DB=sqlite,postgresql
|
||||
|
||||
ARG TARGETPLATFORM
|
||||
|
||||
# renovate: datasource=github-releases depName=dani-garcia/bw_web_builds versioning=loose
|
||||
ENV WEBVAULT_VERSION="${WEBVAULT_VERSION:-v2024.6.2}"
|
||||
# renovate: datasource=github-releases depName=dani-garcia/vaultwarden
|
||||
ENV VAULTWARDEN_VERSION="${VAULTWARDEN_VERSION:-1.32.4}"
|
||||
|
||||
ENV DATA_FOLDER=/tmp
|
||||
|
||||
WORKDIR /src
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends && \
|
||||
mkdir -p /release/web-vault && \
|
||||
mkdir -p /data
|
||||
|
||||
RUN echo "Using Vaultwarden version '${VAULTWARDEN_VERSION##v}'" && \
|
||||
curl -sSL "https://github.com/dani-garcia/vaultwarden/archive/${VAULTWARDEN_VERSION##v}.tar.gz" | \
|
||||
tar xz --strip-components=1 && \
|
||||
echo "Using Web Vault version '${WEBVAULT_VERSION##v}'" && \
|
||||
curl -SsfL "https://github.com/dani-garcia/bw_web_builds/releases/download/${WEBVAULT_VERSION}/bw_web_${WEBVAULT_VERSION}.tar.gz" | \
|
||||
tar xz -C /release
|
||||
|
||||
RUN echo "Building for platform '$TARGETPLATFORM'" && \
|
||||
case "$TARGETPLATFORM" in \
|
||||
"linux/amd64") echo x86_64-unknown-linux-musl > rust_target ;; \
|
||||
"linux/arm64") echo aarch64-unknown-linux-musl > rust_target ;; \
|
||||
*) exit 1 ;; \
|
||||
esac
|
||||
|
||||
RUN rustup set profile minimal && \
|
||||
rustup target add $(cat rust_target) && \
|
||||
VW_VERSION="${VAULTWARDEN_VERSION##v}" cargo build -j 4 --features "$DB" --target $(cat rust_target) --release
|
||||
|
||||
RUN ldd target/$(cat rust_target)/release/vaultwarden && \
|
||||
target/$(cat rust_target)/release/vaultwarden --help && \
|
||||
target/$(cat rust_target)/release/vaultwarden --version
|
||||
|
||||
FROM docker.io/alpine:3.20@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
|
||||
|
||||
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
|
||||
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
|
||||
LABEL org.opencontainers.image.title="Vaultwarden"
|
||||
LABEL org.opencontainers.image.url="https://gitea.rknet.org/container/vaultwarden"
|
||||
LABEL org.opencontainers.image.source="https://gitea.rknet.org/container/vaultwarden"
|
||||
LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/container/vaultwarden"
|
||||
|
||||
ENV DATA_FOLDER=/data
|
||||
ENV ROCKET_ADDRESS=0.0.0.0
|
||||
ENV ROCKET_PORT=8000
|
||||
ENV WEBSOCKET_ADDRESS=0.0.0.0
|
||||
ENV WEBSOCKET_PORT=3012
|
||||
|
||||
COPY --from=build --chown=65532:65532 /data /data
|
||||
COPY --from=build /release/web-vault /web-vault
|
||||
COPY --from=build /src/target/**/release/vaultwarden /bin/vaultwarden
|
||||
|
||||
EXPOSE 8000
|
||||
EXPOSE 3012
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
USER 65532
|
||||
|
||||
CMD ["/bin/vaultwarden"]
|
42
Dockerfile
Normal file
42
Dockerfile
Normal file
@ -0,0 +1,42 @@
|
||||
FROM thegeeklab/alpine:latest@sha256:1bdc9a2deafb98491215b54701bcd5e2dc59c171b445425afeba232f5aae2b84
|
||||
|
||||
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
|
||||
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
|
||||
LABEL org.opencontainers.image.title="bitwardenrs"
|
||||
LABEL org.opencontainers.image.url="https://gitea.rknet.org/docker/bitwardenrs"
|
||||
LABEL org.opencontainers.image.source="https://gitea.rknet.org/docker/bitwardenrs"
|
||||
LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/bitwardenrs"
|
||||
|
||||
ARG VAULT_VERSION
|
||||
# renovate: datasource=github-releases depName=dani-garcia/bw_web_builds
|
||||
ENV VAULT_VERSION="${VAULT_VERSION:-v2.19.0}"
|
||||
|
||||
ADD overlay/ /
|
||||
|
||||
RUN apk --update add --virtual .build-deps tar curl && \
|
||||
apk --update add openssl postgresql-libs sqlite ca-certificates && \
|
||||
mkdir -p /app/web-vault /app/data && \
|
||||
echo "Using Web Vault version '${VAULT_VERSION##v}' ..." && \
|
||||
curl -SsL "https://github.com/dani-garcia/bw_web_builds/releases/download/${VAULT_VERSION}/bw_web_${VAULT_VERSION}.tar.gz" | \
|
||||
tar xz -C /app && \
|
||||
apk del .build-deps && \
|
||||
rm -rf /var/cache/apk/* && \
|
||||
rm -rf /tmp/* && \
|
||||
chown -R app:app /app
|
||||
|
||||
ADD src/Rocket.toml /app
|
||||
ADD src/target/x86_64-unknown-linux-musl/release/bitwarden_rs /app
|
||||
|
||||
VOLUME /app/data
|
||||
|
||||
EXPOSE 8080
|
||||
EXPOSE 3012
|
||||
|
||||
USER app
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
||||
HEALTHCHECK --interval=10s --timeout=3s --retries=3 CMD /usr/local/bin/healthcheck
|
||||
WORKDIR /app
|
||||
CMD []
|
2
LICENSE
2
LICENSE
@ -1,6 +1,6 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
||||
Copyright (c) 2021 Robert Kaussow <mail@thegeeklab.de>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
29
Makefile
Normal file
29
Makefile
Normal file
@ -0,0 +1,29 @@
|
||||
# renovate: datasource=github-releases depName=dani-garcia/bitwarden_rs
|
||||
export BUILD_VERSION ?= 1.20.0
|
||||
export DEBIAN_FRONTEND ?= noninteractive
|
||||
export LANG ?= C.UTF-8
|
||||
export TZ ?= UTC
|
||||
DB ?= sqlite,postgresql
|
||||
SRC := src
|
||||
|
||||
.PHONY: all
|
||||
all: build
|
||||
|
||||
.PHONY: build
|
||||
build: build-src build-bin
|
||||
|
||||
.PHONY: build-src
|
||||
build-src:
|
||||
mkdir -p $(SRC); \
|
||||
curl -sSL "https://github.com/dani-garcia/bitwarden_rs/archive/$${BUILD_VERSION##v}.tar.gz" | tar xz -C $(SRC) --strip-components=1
|
||||
|
||||
.PHONY: build-bin
|
||||
build-bin:
|
||||
rustup set profile minimal && \
|
||||
cd $(SRC) && \
|
||||
rustup target add x86_64-unknown-linux-musl && \
|
||||
BWRS_VERSION="$${BUILD_VERSION##v}" cargo build -j 8 --features $(DB) --release
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf $(SRC)
|
80
README.md
80
README.md
@ -1,25 +1,79 @@
|
||||
# vaultwarden
|
||||
# bitwardenrs
|
||||
|
||||
Custom image for Vaultwarden password manager
|
||||
Custom image for BitwardenRS password manager
|
||||
|
||||
<!-- spellchecker-disable -->
|
||||
[![Build Status](https://img.shields.io/drone/build/docker/bitwardenrs?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/bitwardenrs)
|
||||
[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/bitwardenrs)
|
||||
[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/bitwardenrs)
|
||||
[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/bitwardenrs)
|
||||
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/bitwardenrs/src/branch/main/LICENSE)
|
||||
|
||||
[![Build Status](https://ci.rknet.org/api/badges/container/vaultwarden/status.svg)](https://ci.rknet.org/repos/container/vaultwarden)
|
||||
[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/vaultwarden)
|
||||
[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/vaultwarden)
|
||||
[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/container/vaultwarden)
|
||||
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/container/vaultwarden/src/branch/main/LICENSE)
|
||||
This is a rootless custom Docker image for [bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs). Bitwarden_rs is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
|
||||
|
||||
<!-- spellchecker-enable -->
|
||||
> **WARNING**: This build supports SQLite and PostgreSQL database backend only.
|
||||
|
||||
Custom rootless container image for [Vaultwarden](https://github.com/dani-garcia/vaultwarden). Vaultwarden is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients.
|
||||
## Usage
|
||||
|
||||
> **WARNING**: This version only supports SQLite and PostgreSQL databases.
|
||||
### Docker Compose
|
||||
|
||||
Please take a look at the [example](https://gitea.rknet.org/docker/bitwardenrs/src/branch/main/docker-compose.yml) compose file from the git repo.
|
||||
|
||||
## Configuration
|
||||
|
||||
In Vaultwarden the configuration can be done either via environment variables or the admin page. A complete list of all environment variables can be found in the [Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden/blob/main/.env.template).
|
||||
```Shell
|
||||
BITWARDENRS_DATABASE_URL=
|
||||
|
||||
BITWARDENRS_TEMPLATES_FOLDER=
|
||||
BITWARDENRS_RELOAD_TEMPLATES=False
|
||||
|
||||
BITWARDENRS_IP_HEADER=X-Client-IP
|
||||
|
||||
BITWARDENRS_ICON_CACHE_TTL=2592000
|
||||
BITWARDENRS_ICON_CACHE_NEGTTL=259200
|
||||
|
||||
BITWARDENRS_WEB_VAULT_ENABLED=True
|
||||
BITWARDENRS_WEBSOCKET_ENABLED=False
|
||||
|
||||
BITWARDENRS_EXTENDED_LOGGING=True
|
||||
BITWARDENRS_LOG_LEVEL=Info
|
||||
|
||||
BITWARDENRS_DISABLE_ICON_DOWNLOAD=False
|
||||
BITWARDENRS_ICON_DOWNLOAD_TIMEOUT=10
|
||||
BITWARDENRS_ICON_BLACKLIST_REGEXL=
|
||||
BITWARDENRS_ICON_BLACKLIST_NON_GLOBAL_IPS=True
|
||||
|
||||
BITWARDENRS_DISABLE_2FA_REMEMBER=False
|
||||
BITWARDENRS_SIGNUPS_ALLOWED=True
|
||||
BITWARDENRS_SIGNUPS_VERIFY=False
|
||||
BITWARDENRS_SIGNUPS_VERIFY_RESEND_TIME=3600
|
||||
BITWARDENRS_SIGNUPS_VERIFY_RESEND_LIMIT=6
|
||||
BITWARDENRS_SIGNUPS_DOMAINS_WHITELIST=
|
||||
|
||||
BITWARDENRS_INVITATIONS_ALLOWED=True
|
||||
|
||||
# Set an indicidual admin token to enable the admin UI
|
||||
BITWARDENRS_ADMIN_TOKEN=
|
||||
|
||||
BITWARDENRS_PASSWORD_ITERATIONS=100000
|
||||
BITWARDENRS_SHOW_PASSWORD_HINT=True
|
||||
BITWARDENRS_DOMAIN=http://localhost/
|
||||
|
||||
BITWARDENRS_AUTHENTICATOR_DISABLE_TIME_DRIFT=False
|
||||
|
||||
# If you dont set a smtp host, all other smpt settings will be ignored
|
||||
BITWARDENRS_SMTP_HOST=
|
||||
BITWARDENRS_SMTP_FROM=
|
||||
BITWARDENRS_SMTP_FROM_NAME=Bitwarden_RS
|
||||
BITWARDENRS_SMTP_PORT=587
|
||||
BITWARDENRS_SMTP_SSL=True
|
||||
BITWARDENRS_SMTP_USERNAME=
|
||||
BITWARDENRS_SMTP_PASSWORD=
|
||||
BITWARDENRS_SMTP_AUTH_MECHANISM=Plain
|
||||
BITWARDENRS_SMTP_TIMEOUT=15
|
||||
|
||||
BITWARDENRS_ROCKET_WORKERS=
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/container/vaultwarden/src/branch/main/LICENSE) file for details.
|
||||
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/bitwardenrs/src/branch/main/LICENSE) file for details.
|
||||
|
28
docker-compose.yml
Normal file
28
docker-compose.yml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
postgres:
|
||||
container_name: postgres
|
||||
image: postgres
|
||||
environment:
|
||||
POSTGRES_DB: bitwarden
|
||||
POSTGRES_PASSWORD: pass
|
||||
POSTGRES_USER: user
|
||||
|
||||
bitwardenrs:
|
||||
container_name: bitwardenrs
|
||||
image: thegeeklab/bitwardenrs
|
||||
depends_on:
|
||||
- postgres
|
||||
ports:
|
||||
- "80:8080"
|
||||
volumes:
|
||||
- data:/app/data
|
||||
environment:
|
||||
BITWARDENRS_DATABASE_URL: postgresql://user:pass@bitwardenrs_postgres:5432/bitwarden
|
||||
BITWARDENRS_ADMIN_TOKEN: test
|
||||
|
||||
volumes:
|
||||
data:
|
||||
driver: local
|
85
overlay/etc/templates/env.tmpl
Normal file
85
overlay/etc/templates/env.tmpl
Normal file
@ -0,0 +1,85 @@
|
||||
## Bitwarden_RS Configuration File
|
||||
DATA_FOLDER=/app/data
|
||||
RSA_KEY_FILENAME=/app/data/rsa_key
|
||||
ICON_CACHE_FOLDER=/app/data/icon_cache
|
||||
ATTACHMENTS_FOLDER=/app/data/attachments
|
||||
|
||||
{{ if (getenv "BITWARDENRS_DATABASE_URL") -}}
|
||||
DATABASE_URL={{ getenv "BITWARDENRS_DATABASE_URL" }}
|
||||
{{ end -}}
|
||||
|
||||
USER_ATTACHMENT_LIMIT={{ getenv "BITWARDENRS_USER_ATTACHMENT_LIMIT" "1024" }}
|
||||
ORG_ATTACHMENT_LIMIT={{ getenv "BITWARDENRS_ORG_ATTACHMENT_LIMIT" "1024" }}
|
||||
|
||||
{{ if (getenv "BITWARDENRS_TEMPLATES_FOLDER") -}}
|
||||
TEMPLATES_FOLDER={{ getenv "BITWARDENRS_TEMPLATES_FOLDER" }}
|
||||
{{ end -}}
|
||||
RELOAD_TEMPLATES={{ getenv "BITWARDENRS_RELOAD_TEMPLATES" "false" | conv.Bool }}
|
||||
|
||||
IP_HEADER={{ getenv "BITWARDENRS_IP_HEADER" "X-Client-IP" }}
|
||||
|
||||
ICON_CACHE_TTL={{ getenv "BITWARDENRS_ICON_CACHE_TTL" "2592000" }}
|
||||
ICON_CACHE_NEGTTL={{ getenv "BITWARDENRS_ICON_CACHE_NEGTTL" "259200" }}
|
||||
|
||||
WEB_VAULT_FOLDER=/app/web-vault/
|
||||
WEB_VAULT_ENABLED={{ getenv "BITWARDENRS_WEB_VAULT_ENABLED" "true" | conv.Bool }}
|
||||
|
||||
WEBSOCKET_ENABLED={{ getenv "BITWARDENRS_WEBSOCKET_ENABLED" "false" | conv.Bool }}
|
||||
WEBSOCKET_ADDRESS=0.0.0.0
|
||||
WEBSOCKET_PORT=3012
|
||||
|
||||
EXTENDED_LOGGING={{ getenv "BITWARDENRS_EXTENDED_LOGGING" "true" | conv.Bool }}
|
||||
LOG_LEVEL={{ getenv "BITWARDENRS_LOG_LEVEL" "Info" }}
|
||||
|
||||
ENABLE_DB_WAL=true
|
||||
|
||||
DISABLE_ICON_DOWNLOAD={{ getenv "BITWARDENRS_DISABLE_ICON_DOWNLOAD" "false" | conv.Bool }}
|
||||
ICON_DOWNLOAD_TIMEOUT={{ getenv "BITWARDENRS_ICON_DOWNLOAD_TIMEOUT" "10" }}
|
||||
{{ if (getenv "BITWARDENRS_ICON_BLACKLIST_REGEXL") -}}
|
||||
ICON_BLACKLIST_REGEX={{ getenv "BITWARDENRS_ICON_BLACKLIST_REGEXL" }}
|
||||
{{ end -}}
|
||||
ICON_BLACKLIST_NON_GLOBAL_IPS={{ getenv "BITWARDENRS_ICON_BLACKLIST_NON_GLOBAL_IPS" "true" | conv.Bool }}
|
||||
|
||||
DISABLE_2FA_REMEMBER={{ getenv "BITWARDENRS_DISABLE_2FA_REMEMBER" "false" | conv.Bool }}
|
||||
|
||||
SIGNUPS_ALLOWED={{ getenv "BITWARDENRS_SIGNUPS_ALLOWED" "true" | conv.Bool }}
|
||||
SIGNUPS_VERIFY={{ getenv "BITWARDENRS_SIGNUPS_VERIFY" "false" | conv.Bool }}
|
||||
SIGNUPS_VERIFY_RESEND_TIME={{ getenv "BITWARDENRS_SIGNUPS_VERIFY_RESEND_TIME" "3600" }}
|
||||
SIGNUPS_VERIFY_RESEND_LIMIT={{ getenv "BITWARDENRS_SIGNUPS_VERIFY_RESEND_LIMIT" "6" }}
|
||||
{{ if (getenv "BITWARDENRS_SIGNUPS_DOMAINS_WHITELIST") -}}
|
||||
SIGNUPS_DOMAINS_WHITELIST={{ getenv "BITWARDENRS_SIGNUPS_DOMAINS_WHITELIST" }}
|
||||
{{ end -}}
|
||||
|
||||
INVITATIONS_ALLOWED={{ getenv "BITWARDENRS_INVITATIONS_ALLOWED" "true" | conv.Bool }}
|
||||
INVITATION_ORG_NAME={{ getenv "BITWARDENRS_INVITATION_ORG_NAME" "Bitwarden_RS" }}
|
||||
|
||||
{{ if (getenv "BITWARDENRS_ADMIN_TOKEN") -}}
|
||||
ADMIN_TOKEN={{ getenv "BITWARDENRS_ADMIN_TOKEN" }}
|
||||
{{ end -}}
|
||||
DISABLE_ADMIN_TOKEN=false
|
||||
|
||||
PASSWORD_ITERATIONS={{ getenv "BITWARDENRS_PASSWORD_ITERATIONS" "100000" }}
|
||||
SHOW_PASSWORD_HINT={{ getenv "BITWARDENRS_SHOW_PASSWORD_HINT" "true" | conv.Bool }}
|
||||
DOMAIN={{ getenv "BITWARDENRS_DOMAIN" "http://localhost/" }}
|
||||
|
||||
AUTHENTICATOR_DISABLE_TIME_DRIFT={{ getenv "BITWARDENRS_AUTHENTICATOR_DISABLE_TIME_DRIFT" "false" | conv.Bool }}
|
||||
|
||||
ROCKET_ADDRESS=0.0.0.0
|
||||
ROCKET_PORT=8080
|
||||
{{ if (getenv "BITWARDENRS_ROCKET_WORKERS") -}}
|
||||
ROCKET_WORKERS={{ getenv "BITWARDENRS_ROCKET_WORKERS" }}
|
||||
{{ end -}}
|
||||
|
||||
{{ if (getenv "BITWARDENRS_SMTP_HOST") -}}
|
||||
SMTP_HOST={{ getenv "BITWARDENRS_SMTP_HOST" }}
|
||||
SMTP_FROM={{ getenv "BITWARDENRS_SMTP_FROM" }}
|
||||
SMTP_FROM_NAME={{ getenv "BITWARDENRS_SMTP_FROM_NAME" "Bitwarden_RS" }}
|
||||
SMTP_PORT={{ getenv "BITWARDENRS_SMTP_PORT" "587" }}
|
||||
SMTP_SSL={{ getenv "BITWARDENRS_SMTP_SSL" "true" | conv.Bool }}
|
||||
{{ if (getenv "BITWARDENRS_SMTP_USERNAME") -}}
|
||||
SMTP_USERNAME={{ getenv "BITWARDENRS_SMTP_USERNAME" }}
|
||||
SMTP_PASSWORD={{ getenv "BITWARDENRS_SMTP_PASSWORD" }}
|
||||
{{ end -}}
|
||||
SMTP_AUTH_MECHANISM={{ getenv "BITWARDENRS_SMTP_AUTH_MECHANISM" "Plain" }}
|
||||
SMTP_TIMEOUT={{ getenv "BITWARDENRS_SMTP_TIMEOUT" "15" }}
|
||||
{{ end -}}
|
17
overlay/usr/local/bin/entrypoint
Executable file
17
overlay/usr/local/bin/entrypoint
Executable file
@ -0,0 +1,17 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
/usr/local/bin/gomplate -o /app/.env -f /etc/templates/env.tmpl
|
||||
|
||||
if [ -n "$BITWARDENRS_DATABASE_URL" ]
|
||||
then
|
||||
WAITFOR_HOST=$(/usr/local/bin/url-parser host --url "$BITWARDENRS_DATABASE_URL")
|
||||
WAITFOR_PORT=$(/usr/local/bin/url-parser port --url "$BITWARDENRS_DATABASE_URL")
|
||||
|
||||
printf "Wait for database server on '%s:%s' ...\n" "${WAITFOR_HOST}" "${WAITFOR_PORT:-5432}"
|
||||
/usr/local/bin/wait-for "${WAITFOR_HOST}":"${WAITFOR_PORT:-5432}"
|
||||
fi
|
||||
|
||||
printf "Start Bitwarden Server ...\n"
|
||||
exec /app/bitwarden_rs
|
10
overlay/usr/local/bin/healthcheck
Executable file
10
overlay/usr/local/bin/healthcheck
Executable file
@ -0,0 +1,10 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
URL=http://127.0.0.1:8080/alive
|
||||
|
||||
wget --quiet --tries=1 --spider ${URL}
|
||||
[ $? -ne 0 ] && exit 1
|
||||
|
||||
exit 0
|
@ -3,7 +3,7 @@
|
||||
"extends": ["github>thegeeklab/renovate-presets:docker"],
|
||||
"packageRules": [
|
||||
{
|
||||
"groupName": "vaultwarden packages",
|
||||
"groupName": "bitwarden packages",
|
||||
"matchDatasources": ["github-releases"],
|
||||
"matchPackagePatterns": ["^dani-garcia"]
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user