Garbaye/services-garbaye
3
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

vaultwarden : switch to sqlite

Browse source
This commit is contained in:
Gitouche 2024-06-10 19:55:46 +02:00
parent 1671bde4a5
commit 3f97b3c1d5
6 changed files with 6 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
podman-vaultwarden/.gitlab-ci.yml
View file

@ -4,21 +4,19 @@ before_script:
- podman pod rm --force pod_podman-vaultwarden - podman pod rm --force pod_podman-vaultwarden
- rm -f ~/.config/systemd/user/pod-podman-vaultwarden.service && systemctl --user daemon-reload - rm -f ~/.config/systemd/user/pod-podman-vaultwarden.service && systemctl --user daemon-reload
- podman volume rm --force podman-vaultwarden_data - podman volume rm --force podman-vaultwarden_data
- podman volume rm --force podman-vaultwarden_database
vaultwarden: vaultwarden:
stage: test stage: test
script: script:
- cd podman-vaultwarden - cd podman-vaultwarden
- ./ci_build-images.sh - ./ci_build-images.sh
- GARBAYE_VAULTWARDEN_ENV_LISTENPORT=18090 GARBAYE_VAULTWARDEN_DATABASE_PASSWORD=z1NnqbjdpBOreGdzHzmcDldL GARBAYE_VAULTWARDEN_ADMIN_PASSWORD='$argon2id$v=19$m=65540,t=3,p=4$TW5OdGJKY1JRbUZlYVVLZU9JSUNlM0U3UWUvY1J1ZUNrdVhkTDRmYjlPVT0$aFGMAuj4UwaXVF3QRGIDbo/g/Fh/BQOnsRI0FTooij4' ./05_freshinstall.sh - GARBAYE_VAULTWARDEN_ENV_LISTENPORT=18090 GARBAYE_VAULTWARDEN_ADMIN_PASSWORD='$argon2id$v=19$m=65540,t=3,p=4$TW5OdGJKY1JRbUZlYVVLZU9JSUNlM0U3UWUvY1J1ZUNrdVhkTDRmYjlPVT0$aFGMAuj4UwaXVF3QRGIDbo/g/Fh/BQOnsRI0FTooij4' ./05_freshinstall.sh
- ./20_enable.sh - ./20_enable.sh
- ./30_start.sh && sleep 10 - ./30_start.sh && sleep 10
- ./40_stop.sh - ./40_stop.sh
- ./70_disable.sh - ./70_disable.sh
- ./80_destroy.sh - ./80_destroy.sh
- podman volume rm podman-vaultwarden_data - podman volume rm podman-vaultwarden_data
- podman volume rm podman-vaultwarden_database
tags: tags:
- garbaye - garbaye
- compute - compute

14
podman-vaultwarden/05_freshinstall.sh
View file

@ -9,26 +9,12 @@ ensure_not_root
ensure_variables_are_defined "$envvars" ensure_variables_are_defined "$envvars"
if podman volume exists ${dbvolume} ; then
echo "Error : DB volume ${dbvolume} already exists."
echo "Please remove it before a freshinstall, or continue with a standard installation."
exit 1
fi
if podman volume exists ${datavolume} ; then if podman volume exists ${datavolume} ; then
echo "Error : DATA volume ${datavolume} already exists." echo "Error : DATA volume ${datavolume} already exists."
echo "Please remove it before a freshinstall, or continue with a standard installation." echo "Please remove it before a freshinstall, or continue with a standard installation."
exit 1 exit 1
fi fi
#if podman volume exists ${uploadsvolume} ; then
# echo "Error : UPLOADS volume ${uploadsvolume} already exists."
# echo "Please remove it before a freshinstall, or continue with a standard installation."
# exit 1
#fi
podman volume create ${dbvolume}
podman volume create ${datavolume} #&& podman unshare chmod 0777 `get_podman_volume_path ${datavolume}` podman volume create ${datavolume} #&& podman unshare chmod 0777 `get_podman_volume_path ${datavolume}`
#podman volume create ${uploadsvolume} && podman unshare chmod 0777 `get_podman_volume_path ${uploadsvolume}`
${ABSDIR}/10_install.sh ${ABSDIR}/10_install.sh

19
podman-vaultwarden/10_install.sh
View file

@ -10,11 +10,6 @@ ensure_not_root
ensure_pod_not_exists ${pod_name} ensure_pod_not_exists ${pod_name}
ensure_variables_are_defined "$envvars" ensure_variables_are_defined "$envvars"
if ! podman volume exists ${dbvolume} ; then
echo "Error : DB volume ${dbvolume} does not exists. Consider running 05_freshinstall.sh if this is the first install."
exit 1
fi
if ! podman volume exists ${datavolume} ; then if ! podman volume exists ${datavolume} ; then
echo "Error : DATA volume ${datavolume} does not exists. Consider running 05_freshinstall.sh if this is the first install." echo "Error : DATA volume ${datavolume} does not exists. Consider running 05_freshinstall.sh if this is the first install."
exit 1 exit 1
@ -22,19 +17,14 @@ fi
cat <<EOT > .env cat <<EOT > .env
# vaultwarden # vaultwarden
DATABASE_URL=postgresql://vaultwarden:${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}@database:${database_port}/vaultwarden
ADMIN_TOKEN=${GARBAYE_VAULTWARDEN_ADMIN_PASSWORD} ADMIN_TOKEN=${GARBAYE_VAULTWARDEN_ADMIN_PASSWORD}
DOMAIN=${GARBAYE_VAULTWARDEN_DOMAIN} DOMAIN=${GARBAYE_VAULTWARDEN_DOMAIN}
SENDS_ALLOWED=false SENDS_ALLOWED=false
# PostgreSQL
POSTGRES_DB=vaultwarden
POSTGRES_PASSWORD=${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}
POSTGRES_USER=vaultwarden
# Signups # Signups
SIGNUPS_ALLOWED=true SIGNUPS_ALLOWED=true
SIGNUPS_VERIFY=true SIGNUPS_VERIFY=true
# SMTP # SMTP
SMTP_HOST=${GARBAYE_SEAFILE_SMTP_SERVER} SMTP_HOST=${GARBAYE_SMTP_SERVER}
SMTP_FROM=vaultwarden@garbaye.fr SMTP_FROM=vaultwarden@garbaye.fr
SMTP_FROM_NAME=Vaultwarden SMTP_FROM_NAME=Vaultwarden
SMTP_SECURITY=off SMTP_SECURITY=off
@ -43,20 +33,13 @@ EOT
export service_image export service_image
export service_version export service_version
export database_image
export database_version
export database_path
export container_name export container_name
export db_container_name
export listen_if export listen_if
export listen_port export listen_port
if ! podman image exists ${service_image}:${service_version}; then if ! podman image exists ${service_image}:${service_version}; then
podman image pull ${service_image}:${service_version} || exit 1 podman image pull ${service_image}:${service_version} || exit 1
fi fi
if ! podman image exists ${database_image}:${database_version}; then
podman image pull ${database_image}:${database_version} || exit 1
fi
podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d && podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
echo -n "Waiting for vaultwarden to finish starting " && echo -n "Waiting for vaultwarden to finish starting " &&
( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'Rocket has launched from ' && ( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'Rocket has launched from ' &&

2
podman-vaultwarden/ci_build-images.sh
View file

@ -17,7 +17,7 @@ if ! podman image exists ${service_image}:${service_version}; then
install -v ${vaultwardenlangfrfolder}/email/* ${buildfolder}/src/static/templates/email/ install -v ${vaultwardenlangfrfolder}/email/* ${buildfolder}/src/static/templates/email/
fi fi
rm -rf ${vaultwardenlangfrfolder} rm -rf ${vaultwardenlangfrfolder}
TMPDIR=${HOME} DB='postgresql,enable_mimalloc' CONTAINER_REGISTRIES='git.garbaye.fr/garbaye/vaultwarden' BASE_TAGS=${service_version%%-*} ${buildfolder}/docker/podman-bake.sh || retval=false TMPDIR=${HOME} DB='sqlite' CONTAINER_REGISTRIES='git.garbaye.fr/garbaye/vaultwarden' BASE_TAGS=${service_version%%-*} ${buildfolder}/docker/podman-bake.sh || retval=false
podman image prune -a -f --filter dangling=true podman image prune -a -f --filter dangling=true
podman image prune -a -f --filter intermediate=true podman image prune -a -f --filter intermediate=true
podman image rm -f $(podman image list -a -q -- docker.io/vaultwarden/web-vault) podman image rm -f $(podman image list -a -q -- docker.io/vaultwarden/web-vault)

15
podman-vaultwarden/container-compose.yml
View file

@ -1,17 +1,5 @@
version: '3' version: '3'
services: services:
database:
container_name: ${db_container_name}
image: ${database_image}:${database_version}
volumes:
- database:${database_path}:Z
healthcheck:
test: ["CMD-SHELL", "pg_isready -U vaultwarden"]
interval: 60s
timeout: 10s
retries: 3
start_period: 5s
app: app:
container_name: ${container_name} container_name: ${container_name}
image: ${service_image}:${service_version} image: ${service_image}:${service_version}
@ -25,9 +13,6 @@ services:
timeout: 10s timeout: 10s
retries: 3 retries: 3
start_period: 5s start_period: 5s
depends_on:
- ${db_container_name}
volumes: volumes:
database:
data: data:

18
podman-vaultwarden/vars.sh
View file

@ -2,29 +2,17 @@
## vars ## vars
service_image="git.garbaye.fr/garbaye/vaultwarden" service_image="git.garbaye.fr/garbaye/vaultwarden"
service_version='1.30.5-amd64' service_version='1.30.5-amd64'
database_image="docker.io/library/postgres"
database_version='14-alpine'
database_path="/var/lib/postgresql/data"
database_dialect=postgres
database_port=5432
#database_image="docker.io/library/mariadb"
#database_version='10'
#database_path="/var/lib/mysql"
#database_dialect=mysql
#database_port=3306
## default vars : override with ENV var ## default vars : override with ENV var
GARBAYE_VAULTWARDEN_DOMAIN="${GARBAYE_VAULTWARDEN_ENV_DOMAIN:-http://localhost}" GARBAYE_VAULTWARDEN_DOMAIN="${GARBAYE_VAULTWARDEN_ENV_DOMAIN:-http://localhost}"
listen_if="${GARBAYE_VAULTWARDEN_ENV_LISTENIF:-127.0.0.1}" listen_if="${GARBAYE_VAULTWARDEN_ENV_LISTENIF:-127.0.0.1}"
listen_port="${GARBAYE_VAULTWARDEN_ENV_LISTENPORT:-8090}" listen_port="${GARBAYE_VAULTWARDEN_ENV_LISTENPORT:-8090}"
## mandatory ENV vars ## mandatory ENV vars
envvars='GARBAYE_VAULTWARDEN_ADMIN_PASSWORD GARBAYE_VAULTWARDEN_DATABASE_PASSWORD' envvars='GARBAYE_VAULTWARDEN_ADMIN_PASSWORD'
## internal vars : do not touch ## internal vars : do not touch
project_name=${PWD##*/} project_name=${PWD##*/}
pod_name="pod_${project_name}" pod_name="pod_${project_name}"
service_name="pod-${pod_name}.service" service_name="pod-${pod_name}.service"
upstream_images="${service_image} ${database_image}" upstream_images="${service_image}"
datavolume="${project_name}_data" datavolume="${project_name}_data"
dbvolume="${project_name}_database"
container_name="${project_name}_app" container_name="${project_name}_app"
db_container_name="${project_name}_database" get_default_iface_ipv4 GARBAYE_SMTP_SERVER
get_default_iface_ipv4 GARBAYE_SEAFILE_SMTP_SERVER