-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrun.sh
executable file
·176 lines (138 loc) · 5.37 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
err_report() {
echo "An error occurded on line $1 of this script."
}
trap 'err_report $LINENO' ERR
# install git to make the version lookup succeed
dpkg -s git 2>/dev/null >/dev/null || univention-install git
APP="bitwarden-rs"
# get latest tagged image
VERSION=$(git ls-remote --refs --tags https://github.com/dani-garcia/bitwarden_rs.git | sort -t '/' -k 3 -V | awk -F/ '{ print $3 }' | tail -1)
docker_name="vaultwarden/server:$VERSION"
#docker_name="vaultwarden/server:latest"
data_dir="/var/lib/bitwarden_rs"
eval "$(ucr shell hostname domainname)"
if [ ! -e ./env ]; then
cat <<-EOF >"./env"
## please consult https://github.com/dani-garcia/bitwarden_rs/wiki and
## https://github.com/dani-garcia/bitwarden_rs/blob/master/.env.template
## for possible configuration values and their impact
DOMAIN=https://bitwarden."$hostname"."$domainname"
WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=true
#INVITATIONS_ALLOWED=false
#SMTP_HOST=$hostname.$domainname
#SMTP_PORT=465
#SMTP_SSL=true
#SMTP_USERNAME=<username>
#SMTP_PASSWORD=<password>
#SMTP_FROM=bitwarden@$domainname
#SHOW_PASSWORD_HINT=false
# admin page, see https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
ADMIN_TOKEN=$(openssl rand -base64 48)
EOF
fi
mkdir -p "$data_dir"
docker pull "$docker_name"
docker rm -f "$APP" || true
docker run -d --name="$APP" --restart=unless-stopped \
-v "$data_dir":/data/ \
-v /etc/localtime:/etc/localtime:ro \
--env-file ./env \
-p 127.0.0.1:9080:80 \
-p 127.0.0.1:3012:3012 \
"$docker_name"
if [ ! -z "$(ucr get apache2/ssl/certificate)" ]; then
echo "using ucr defined certificate"
SSLCERTIFICATE=$(ucr get apache2/ssl/certificate)
else
echo "using ucs default certificate"
SSLCERTIFICATE="/etc/univention/ssl/${hostname}.${domainname}/cert.pem"
fi
if [ ! -z "$(ucr get apache2/ssl/key)" ]; then
echo "using ucr defined private key"
SSLKEY=$(ucr get apache2/ssl/key)
else
echo "using ucs default privat key"
SSLKEY="/etc/univention/ssl/${hostname}.${domainname}/private.key"
fi
if [ ! -z "$(ucr get apache2/ssl/ca)" ]; then
echo "using ucr defined ca"
SSLCA=$(ucr get apache2/ssl/ca)
else
echo "using ucs default ca"
SSLCA="/etc/univention/ssl/ucsCA/CAcert.pem"
fi
if [ ! -z "$(ucr get apache2/ssl/certificatechain)" ]; then
echo "using ucr defined chain"
SSLCHAIN="SSLCertificateChainFile $(ucr get apache2/ssl/certificatechain)"
else
SSLCHAIN=""
fi
cat <<-EOF >"/etc/apache2/sites-available/bitwarden_rs.conf"
###################################################################
# generated by bitwarden_rs app join script, do not edit manually #
###################################################################
<VirtualHost *:80>
ServerName bitwarden.$hostname.$domainname
ErrorLog \${APACHE_LOG_DIR}/bitwarden-error.log
CustomLog \${APACHE_LOG_DIR}/bitwarden-access.log combined
# Enforce HTTPS:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://bitwarden.$hostname.$domainname/\$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
ServerName bitwarden.$hostname.$domainname
SSLCertificateFile ${SSLCERTIFICATE}
SSLCertificateKeyFile ${SSLKEY}
SSLCACertificateFile ${SSLCA}
${SSLCHAIN}
ErrorLog \${APACHE_LOG_DIR}/bitwarden-error.log
CustomLog \${APACHE_LOG_DIR}/bitwarden-access.log combined
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:3012/\$1 [P,L]
ProxyPass / http://127.0.0.1:9080/
ProxyPreserveHost On
ProxyRequests Off
</VirtualHost>
EOF
cat <<-EOF >"/etc/apache2/ucs-sites.conf.d/bitwarden_rs.conf"
###################################################################
# generated by bitwarden_rs app join script, do not edit manually #
###################################################################
Redirect 303 /bitwarden_rs https://bitwarden.$hostname.$domainname
EOF
a2ensite bitwarden_rs || true
invoke-rc.d apache2 reload
if [ ! -e /usr/share/univention-web/js/dijit/themes/umc/icons/50x50/bitwarden.png ]; then
wget -O /usr/share/univention-web/js/dijit/themes/umc/icons/50x50/bitwarden.png \
https://raw.githubusercontent.com/bitwarden/brand/master/icons/128x128.png
fi
# create a link in the Univention portal
P="ucs/web/overview/entries/service"
ucr set \
"$P"/"$APP"/description="Open source password management solutions for individuals, teams, and business organizations." \
"$P"/"$APP"/icon="/univention-management-console/js/dijit/themes/umc/icons/50x50/bitwarden.png" \
"$P"/"$APP"/label="Bitwarden" \
"$P"/"$APP"/link="https://bitwarden.$hostname.$domainname/"
# setting up automatic backup
# installing sqlite3 if not already present
dpkg -s sqlite3 2>/dev/null >/dev/null || univention-install sqlite3
cat <<-EOF >"/etc/cron.daily/bitwarden_rs-backup"
#!/bin/sh
###################################################################
# generated by bitwarden_rs app join script, do not edit manually #
###################################################################
cd "$data_dir"
sqlite3 db.sqlite3 ".backup db-backup.sqlite3"
EOF
chmod +x /etc/cron.daily/bitwarden_rs-backup
echo
echo "Setup succesful!"
echo "Go to https://bitwarden.$hostname.$domainname to access Bitwarden on your system and create your user."