commit
2274223a2b
3 changed files with 334 additions and 0 deletions
25
README.md
25
README.md
|
@ -770,3 +770,28 @@ bash /etc/webmin/uninstall.sh
|
|||
___________________________________________________________________________________________
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary markdown="span">Vaultwarden LXC</summary>
|
||||
|
||||
<p align="center"><img src="https://avatars1.githubusercontent.com/u/15990069?s=200&v=4" width="100" height="100"/></p>
|
||||
|
||||
<h1 align="center" id="heading"> Vaultwarden LXC </h1>
|
||||
|
||||
To create a new Proxmox Vaultwarden LXC, run the following in the Proxmox web shell.
|
||||
|
||||
```
|
||||
bash -c "$(wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/main/ct/vault_container.sh)"
|
||||
```
|
||||
It builds from source, which takes time and resources. After the installation, resources can be set to Normal Settings. I've left most of the installation process viewable since the rust install needs user input (requires a "enter" key press), and the lengthy time to complete the full installation.
|
||||
<h3 align="center" id="heading">⚡ Normal Settings: 512Mib RAM - 8GB Storage - 1vCPU ⚡</h3>
|
||||
|
||||
Be Patient, let the script do it's work. Hopefully, you'll eventually see "Successfully created a Vaultwarden LXC Container"
|
||||
|
||||
|
||||
|
||||
**Vaultwarden Interface - IP:8000**
|
||||
|
||||
____________________________________________________________________________________________
|
||||
|
||||
</details>
|
||||
|
|
162
ct/vault_container.sh
Normal file
162
ct/vault_container.sh
Normal file
|
@ -0,0 +1,162 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
while true; do
|
||||
read -p "This will create a New Vaultwarden LXC Container. Proceed(y/n)?" yn
|
||||
case $yn in
|
||||
[Yy]* ) break;;
|
||||
[Nn]* ) exit;;
|
||||
* ) echo "Please answer yes or no.";;
|
||||
esac
|
||||
done
|
||||
|
||||
set -o errexit
|
||||
set -o errtrace
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
shopt -s expand_aliases
|
||||
alias die='EXIT=$? LINE=$LINENO error_exit'
|
||||
CHECKMARK='\033[0;32m\xE2\x9C\x94\033[0m'
|
||||
trap die ERR
|
||||
trap cleanup EXIT
|
||||
|
||||
function error_exit() {
|
||||
trap - ERR
|
||||
local DEFAULT='Unknown failure occured.'
|
||||
local REASON="\e[97m${1:-$DEFAULT}\e[39m"
|
||||
local FLAG="\e[91m[ERROR] \e[93m$EXIT@$LINE"
|
||||
msg "$FLAG $REASON"
|
||||
[ ! -z ${CTID-} ] && cleanup_ctid
|
||||
exit $EXIT
|
||||
}
|
||||
function warn() {
|
||||
local REASON="\e[97m$1\e[39m"
|
||||
local FLAG="\e[93m[WARNING]\e[39m"
|
||||
msg "$FLAG $REASON"
|
||||
}
|
||||
function info() {
|
||||
local REASON="$1"
|
||||
local FLAG="\e[36m[INFO]\e[39m"
|
||||
msg "$FLAG $REASON"
|
||||
}
|
||||
function msg() {
|
||||
local TEXT="$1"
|
||||
echo -e "$TEXT"
|
||||
}
|
||||
function cleanup_ctid() {
|
||||
if [ ! -z ${MOUNT+x} ]; then
|
||||
pct unmount $CTID
|
||||
fi
|
||||
if $(pct status $CTID &>/dev/null); then
|
||||
if [ "$(pct status $CTID | awk '{print $2}')" == "running" ]; then
|
||||
pct stop $CTID
|
||||
fi
|
||||
pct destroy $CTID
|
||||
elif [ "$(pvesm list $STORAGE --vmid $CTID)" != "" ]; then
|
||||
pvesm free $ROOTFS
|
||||
fi
|
||||
}
|
||||
function cleanup() {
|
||||
popd >/dev/null
|
||||
rm -rf $TEMP_DIR
|
||||
}
|
||||
function load_module() {
|
||||
if ! $(lsmod | grep -Fq $1); then
|
||||
modprobe $1 &>/dev/null || \
|
||||
die "Failed to load '$1' module."
|
||||
fi
|
||||
MODULES_PATH=/etc/modules
|
||||
if ! $(grep -Fxq "$1" $MODULES_PATH); then
|
||||
echo "$1" >> $MODULES_PATH || \
|
||||
die "Failed to add '$1' module to load at boot."
|
||||
fi
|
||||
}
|
||||
TEMP_DIR=$(mktemp -d)
|
||||
pushd $TEMP_DIR >/dev/null
|
||||
|
||||
wget -qL https://raw.githubusercontent.com/tteck/Proxmox/main/setup/vault_setup.sh
|
||||
|
||||
load_module overlay
|
||||
|
||||
while read -r line; do
|
||||
TAG=$(echo $line | awk '{print $1}')
|
||||
TYPE=$(echo $line | awk '{printf "%-10s", $2}')
|
||||
FREE=$(echo $line | numfmt --field 4-6 --from-unit=K --to=iec --format %.2f | awk '{printf( "%9sB", $6)}')
|
||||
ITEM=" Type: $TYPE Free: $FREE "
|
||||
OFFSET=2
|
||||
if [[ $((${#ITEM} + $OFFSET)) -gt ${MSG_MAX_LENGTH:-} ]]; then
|
||||
MSG_MAX_LENGTH=$((${#ITEM} + $OFFSET))
|
||||
fi
|
||||
STORAGE_MENU+=( "$TAG" "$ITEM" "OFF" )
|
||||
done < <(pvesm status -content rootdir | awk 'NR>1')
|
||||
if [ $((${#STORAGE_MENU[@]}/3)) -eq 0 ]; then
|
||||
warn "'Container' needs to be selected for at least one storage location."
|
||||
die "Unable to detect valid storage location."
|
||||
elif [ $((${#STORAGE_MENU[@]}/3)) -eq 1 ]; then
|
||||
STORAGE=${STORAGE_MENU[0]}
|
||||
else
|
||||
while [ -z "${STORAGE:+x}" ]; do
|
||||
STORAGE=$(whiptail --title "Storage Pools" --radiolist \
|
||||
"Which storage pool you would like to use for the container?\n\n" \
|
||||
16 $(($MSG_MAX_LENGTH + 23)) 6 \
|
||||
"${STORAGE_MENU[@]}" 3>&1 1>&2 2>&3) || exit
|
||||
done
|
||||
fi
|
||||
info "Using '$STORAGE' for storage location."
|
||||
|
||||
CTID=$(pvesh get /cluster/nextid)
|
||||
info "Container ID is $CTID."
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Updating LXC Template List... \e[0m"
|
||||
pveam update >/dev/null
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Downloading LXC Template... \e[0m"
|
||||
OSTYPE=debian
|
||||
OSVERSION=${OSTYPE}-11
|
||||
mapfile -t TEMPLATES < <(pveam available -section system | sed -n "s/.*\($OSVERSION.*\)/\1/p" | sort -t - -k 2 -V)
|
||||
TEMPLATE="${TEMPLATES[-1]}"
|
||||
pveam download local $TEMPLATE >/dev/null ||
|
||||
die "A problem occured while downloading the LXC template."
|
||||
|
||||
STORAGE_TYPE=$(pvesm status -storage $STORAGE | awk 'NR>1 {print $2}')
|
||||
case $STORAGE_TYPE in
|
||||
dir|nfs)
|
||||
DISK_EXT=".raw"
|
||||
DISK_REF="$CTID/"
|
||||
;;
|
||||
zfspool)
|
||||
DISK_PREFIX="subvol"
|
||||
DISK_FORMAT="subvol"
|
||||
;;
|
||||
esac
|
||||
DISK=${DISK_PREFIX:-vm}-${CTID}-disk-0${DISK_EXT-}
|
||||
ROOTFS=${STORAGE}:${DISK_REF-}${DISK}
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Creating LXC Container... \e[0m"
|
||||
DISK_SIZE=8G
|
||||
pvesm alloc $STORAGE $CTID $DISK $DISK_SIZE --format ${DISK_FORMAT:-raw} >/dev/null
|
||||
if [ "$STORAGE_TYPE" == "zfspool" ]; then
|
||||
warn "Some containers may not work properly due to ZFS not supporting 'fallocate'."
|
||||
else
|
||||
mkfs.ext4 $(pvesm path $ROOTFS) &>/dev/null
|
||||
fi
|
||||
ARCH=$(dpkg --print-architecture)
|
||||
HOSTNAME=vaultwarden
|
||||
TEMPLATE_STRING="local:vztmpl/${TEMPLATE}"
|
||||
pct create $CTID $TEMPLATE_STRING -arch $ARCH -features nesting=1 \
|
||||
-hostname $HOSTNAME -net0 name=eth0,bridge=vmbr0,ip=dhcp -onboot 1 -cores 4 -memory 4096\
|
||||
-ostype $OSTYPE -rootfs $ROOTFS,size=$DISK_SIZE -storage $STORAGE >/dev/null
|
||||
|
||||
MOUNT=$(pct mount $CTID | cut -d"'" -f 2)
|
||||
ln -fs $(readlink /etc/localtime) ${MOUNT}/etc/localtime
|
||||
pct unmount $CTID && unset MOUNT
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Starting LXC Container... \e[0m"
|
||||
pct start $CTID
|
||||
pct push $CTID vault_setup.sh /vault_setup.sh -perms 755
|
||||
pct exec $CTID /vault_setup.sh
|
||||
|
||||
IP=$(pct exec $CTID ip a s dev eth0 | sed -n '/inet / s/\// /p' | awk '{print $2}')
|
||||
info "Successfully created a Vaultwarden LXC Container to $CTID"
|
||||
echo -e "\e[1;92m Vaultwarden should be reachable by going to the following URL.
|
||||
http://${IP}:8000
|
||||
\e[0m"
|
147
setup/vault_setup.sh
Normal file
147
setup/vault_setup.sh
Normal file
|
@ -0,0 +1,147 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -o errexit
|
||||
set -o errtrace
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
shopt -s expand_aliases
|
||||
alias die='EXIT=$? LINE=$LINENO error_exit'
|
||||
CROSS='\033[1;31m\xE2\x9D\x8C\033[0m'
|
||||
CHECKMARK='\033[0;32m\xE2\x9C\x94\033[0m'
|
||||
RETRY_NUM=5
|
||||
RETRY_EVERY=3
|
||||
NUM=$RETRY_NUM
|
||||
trap die ERR
|
||||
trap 'die "Script interrupted."' INT
|
||||
|
||||
function error_exit() {
|
||||
trap - ERR
|
||||
local DEFAULT='Unknown failure occured.'
|
||||
local REASON="\e[97m${1:-$DEFAULT}\e[39m"
|
||||
local FLAG="\e[91m[ERROR:LXC] \e[93m$EXIT@$LINE"
|
||||
msg "$FLAG $REASON"
|
||||
exit $EXIT
|
||||
}
|
||||
function msg() {
|
||||
local TEXT="$1"
|
||||
echo -e "$TEXT"
|
||||
}
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Setting up Container OS... \e[0m"
|
||||
sed -i "/$LANG/ s/\(^# \)//" /etc/locale.gen
|
||||
locale-gen >/dev/null
|
||||
while [ "$(hostname -I)" = "" ]; do
|
||||
1>&2 echo -e "${CROSS} \e[1;31m No Network: \e[0m $(date)"
|
||||
sleep $RETRY_EVERY
|
||||
((NUM--))
|
||||
if [ $NUM -eq 0 ]
|
||||
then
|
||||
1>&2 echo -e "${CROSS} \e[1;31m No Network After $RETRY_NUM Tries \e[0m"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
echo -e "${CHECKMARK} \e[1;92m Network Connected: \e[0m $(hostname -I)"
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Updating Container OS... \e[0m"
|
||||
apt-get update &>/dev/null
|
||||
apt-get -qqy upgrade &>/dev/null
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Installing Dependencies... \e[0m"
|
||||
apt-get update &>/dev/null
|
||||
apt-get -qqy install \
|
||||
git \
|
||||
nano \
|
||||
wget \
|
||||
htop \
|
||||
pkg-config \
|
||||
openssl \
|
||||
libssl1.1 \
|
||||
libssl-dev \
|
||||
curl \
|
||||
sudo &>/dev/null
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Installing Build Essentials... \e[0m"
|
||||
apt-get install -y build-essential &>/dev/null
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Installing Rust... \e[0m"
|
||||
curl https://sh.rustup.rs -sSf | sh
|
||||
echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc
|
||||
export PATH=~/.cargo/bin:$PATH
|
||||
which rustc &>/dev/null
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Installing Node.js... \e[0m"
|
||||
curl -fsSL https://deb.nodesource.com/setup_16.x | bash - &>/dev/null
|
||||
apt-get install -y nodejs &>/dev/null
|
||||
npm -g install npm@7 &>/dev/null
|
||||
which npm &>/dev/null
|
||||
npm i npm@latest -g &>/dev/null
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Building Vaultwarden... \e[0m"
|
||||
git clone https://github.com/dani-garcia/vaultwarden && pushd vaultwarden
|
||||
cargo clean && cargo build --features sqlite --release
|
||||
file target/release/vaultwarden
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Building Web-Vault... \e[0m"
|
||||
pushd target/release/
|
||||
git clone --recurse-submodules https://github.com/bitwarden/web.git web-vault.git && cd web-vault.git
|
||||
git checkout v2.25.1
|
||||
git submodule update --init --recursive
|
||||
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.25.0.patch
|
||||
git apply v2.25.0.patch
|
||||
npm ci --legacy-peer-deps && npm audit fix --legacy-peer-deps || true && npm run dist:oss:selfhost
|
||||
cp -a build ../web-vault
|
||||
cd ..
|
||||
mkdir data
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Create Systemd Service... \e[0m"
|
||||
cp ../../.env.template /etc/vaultwarden.env &>/dev/null
|
||||
cp vaultwarden /usr/bin/vaultwarden &>/dev/null
|
||||
chmod +x /usr/bin/vaultwarden &>/dev/null
|
||||
useradd -m -d /var/lib/vaultwarden vaultwarden &>/dev/null
|
||||
sudo cp -R data /var/lib/vaultwarden/ &>/dev/null
|
||||
cp -R web-vault /var/lib/vaultwarden/ &>/dev/null
|
||||
chown -R vaultwarden:vaultwarden /var/lib/vaultwarden &>/dev/null
|
||||
|
||||
service_path="/etc/systemd/system/vaultwarden.service" &>/dev/null
|
||||
|
||||
echo "[Unit]
|
||||
Description=Bitwarden Server (Powered by Vaultwarden)
|
||||
Documentation=https://github.com/dani-garcia/vaultwarden
|
||||
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=vaultwarden
|
||||
Group=vaultwarden
|
||||
EnvironmentFile=/etc/vaultwarden.env
|
||||
ExecStart=/usr/bin/vaultwarden
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=64
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=strict
|
||||
WorkingDirectory=/var/lib/vaultwarden
|
||||
ReadWriteDirectories=/var/lib/vaultwarden
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target" > $service_path
|
||||
|
||||
echo -e "${CHECKMARK} \e[1;92m Customizing Container... \e[0m"
|
||||
rm /etc/motd
|
||||
rm /etc/update-motd.d/10-uname
|
||||
touch ~/.hushlogin
|
||||
GETTY_OVERRIDE="/etc/systemd/system/container-getty@1.service.d/override.conf"
|
||||
mkdir -p $(dirname $GETTY_OVERRIDE)
|
||||
cat << EOF > $GETTY_OVERRIDE
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=-/sbin/agetty --autologin root --noclear --keep-baud tty%I 115200,38400,9600 \$TERM
|
||||
EOF
|
||||
systemctl daemon-reload
|
||||
systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//')
|
||||
systemctl enable vaultwarden.service &>/dev/null
|
||||
systemctl start vaultwarden.service &>/dev/null
|
||||
echo -e "${CHECKMARK} \e[1;92m Cleanup... \e[0m"
|
||||
rm -rf /vault_setup.sh /var/{cache,log}/* /var/lib/apt/lists/*
|
Loading…
Reference in a new issue