From e2b93037df4610c7aef9dc00ec51f1c0a73cf084 Mon Sep 17 00:00:00 2001 From: KsmoinO <99479-KsmoinO@users.noreply.framagit.org> Date: Sat, 26 Nov 2022 23:00:34 +0100 Subject: [PATCH] Init vaultwarden --- podman-vaultwarden/.gitlab-ci.yml | 26 ++++++++++++++ podman-vaultwarden/00_status.sh | 1 + podman-vaultwarden/05_freshinstall.sh | 34 ++++++++++++++++++ podman-vaultwarden/10_install.sh | 52 +++++++++++++++++++++++++++ podman-vaultwarden/20_enable.sh | 1 + podman-vaultwarden/30_start.sh | 1 + podman-vaultwarden/40_stop.sh | 1 + podman-vaultwarden/70_disable.sh | 1 + podman-vaultwarden/80_destroy.sh | 1 + podman-vaultwarden/90_prune.sh | 1 + podman-vaultwarden/ci_build-images.sh | 30 ++++++++++++++++ podman-vaultwarden/docker-compose.yml | 46 ++++++++++++++++++++++++ podman-vaultwarden/vars.sh | 25 +++++++++++++ 13 files changed, 220 insertions(+) create mode 100644 podman-vaultwarden/.gitlab-ci.yml create mode 120000 podman-vaultwarden/00_status.sh create mode 100755 podman-vaultwarden/05_freshinstall.sh create mode 100755 podman-vaultwarden/10_install.sh create mode 120000 podman-vaultwarden/20_enable.sh create mode 120000 podman-vaultwarden/30_start.sh create mode 120000 podman-vaultwarden/40_stop.sh create mode 120000 podman-vaultwarden/70_disable.sh create mode 120000 podman-vaultwarden/80_destroy.sh create mode 120000 podman-vaultwarden/90_prune.sh create mode 100755 podman-vaultwarden/ci_build-images.sh create mode 100644 podman-vaultwarden/docker-compose.yml create mode 100644 podman-vaultwarden/vars.sh diff --git a/podman-vaultwarden/.gitlab-ci.yml b/podman-vaultwarden/.gitlab-ci.yml new file mode 100644 index 0000000..ba37ae2 --- /dev/null +++ b/podman-vaultwarden/.gitlab-ci.yml @@ -0,0 +1,26 @@ +# Si besoin d'executer le before_script manuellement : +# sed -n 's/^ - \(.*\)$/\1/p' .gitlab-ci.yml | bash +before_script: + - podman pod exists pod_podman-vaultwarden && podman pod rm --force pod_podman-vaultwarden + - rm -f ~/.config/systemd/user/pod-podman-vaultwarden.service && systemctl --user daemon-reload + - podman volume exists podman-vaultwarden_data && podman volume rm podman-vaultwarden_data + - podman volume exists podman-vaultwarden_database && podman volume rm podman-vaultwarden_database + +vaultwarden: + stage: test + script: + - cd podman-vaultwarden + - ./ci_build-images.sh + - GARBAYE_HEDGEDOC_DATABASE_PASSWORD=ChohNiephuD1nec6 GARBAYE_HEDGEDOC_DOMAIN=qlf-vaultwarden.garbaye.fr ./05_freshinstall.sh + - ./20_enable.sh + - ./30_start.sh && sleep 10 + - ./40_stop.sh + - ./70_disable.sh + - ./80_destroy.sh + - podman volume rm podman-vaultwarden_data + - podman volume rm podman-vaultwarden_database + tags: + - garbaye + - compute + - podman + - x86_64 diff --git a/podman-vaultwarden/00_status.sh b/podman-vaultwarden/00_status.sh new file mode 120000 index 0000000..91862c3 --- /dev/null +++ b/podman-vaultwarden/00_status.sh @@ -0,0 +1 @@ +../_podman-common/00_status_pod.sh \ No newline at end of file diff --git a/podman-vaultwarden/05_freshinstall.sh b/podman-vaultwarden/05_freshinstall.sh new file mode 100755 index 0000000..96954b4 --- /dev/null +++ b/podman-vaultwarden/05_freshinstall.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +ABSDIR="$( dirname "$(readlink -f -- "$0")" )" +source ${ABSDIR}/../functions.sh +source ${ABSDIR}/vars.sh + +ensure_pwd_is_scriptdir +ensure_not_root + +ensure_variables_are_defined "$envvars" + +if podman volume exists ${dbvolume} ; then + echo "Error : DB volume ${dbvolume} already exists." + echo "Please remove it before a freshinstall, or continue with a standard installation." + exit 1 +fi + +if podman volume exists ${datavolume} ; then + echo "Error : DATA volume ${datavolume} already exists." + echo "Please remove it before a freshinstall, or continue with a standard installation." + exit 1 +fi + +#if podman volume exists ${uploadsvolume} ; then +# echo "Error : UPLOADS volume ${uploadsvolume} already exists." +# echo "Please remove it before a freshinstall, or continue with a standard installation." +# exit 1 +#fi + +podman volume create ${dbvolume} +podman volume create ${datavolume} #&& podman unshare chmod 0777 `get_podman_volume_path ${datavolume}` +#podman volume create ${uploadsvolume} && podman unshare chmod 0777 `get_podman_volume_path ${uploadsvolume}` + +${ABSDIR}/10_install.sh diff --git a/podman-vaultwarden/10_install.sh b/podman-vaultwarden/10_install.sh new file mode 100755 index 0000000..f45a363 --- /dev/null +++ b/podman-vaultwarden/10_install.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +ABSDIR="$( dirname "$(readlink -f -- "$0")" )" +source ${ABSDIR}/../functions.sh +source ${ABSDIR}/vars.sh + +ensure_pwd_is_scriptdir +ensure_not_root + +ensure_pod_not_exists ${pod_name} +ensure_variables_are_defined "$envvars" + +if ! podman volume exists ${dbvolume} ; then + echo "Error : DB volume ${dbvolume} does not exists. Consider running 05_freshinstall.sh if this is the first install." + exit 1 +fi + +if ! podman volume exists ${datavolume} ; then + echo "Error : DATA volume ${datavolume} does not exists. Consider running 05_freshinstall.sh if this is the first install." + exit 1 +fi + +cat < .env +# vaultwarden +DATABASE_URL=postgresql://vaultwarden:${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}@database:${database_port}/vaultwarden +# PostgreSQL +POSTGRES_DB=vaultwarden +POSTGRES_PASSWORD=${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD} +POSTGRES_USER=vaultwarden +EOT + +export vaultwarden_image +export vaultwarden_version +export database_image +export database_version +export database_path +export container_name +export db_container_name + +if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then + podman image pull ${vaultwarden_image}:${vaultwarden_version} || exit 1 +fi +if ! podman image exists ${database_image}:${database_version}; then + podman image pull ${database_image}:${database_version} || exit 1 +fi +podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d && +echo -n "Waiting for vaultwarden to finish starting " && +( podman logs -f ${container_name} 2>&1 & ) | grep -q 'HTTP Server listening at ' && +echo "OK" && +podman pod stop ${pod_name} && +echo Pod built and stopped. && +shred -u .env diff --git a/podman-vaultwarden/20_enable.sh b/podman-vaultwarden/20_enable.sh new file mode 120000 index 0000000..ea522ac --- /dev/null +++ b/podman-vaultwarden/20_enable.sh @@ -0,0 +1 @@ +../_podman-common/20_enable_pod.sh \ No newline at end of file diff --git a/podman-vaultwarden/30_start.sh b/podman-vaultwarden/30_start.sh new file mode 120000 index 0000000..29ddbe3 --- /dev/null +++ b/podman-vaultwarden/30_start.sh @@ -0,0 +1 @@ +../_podman-common/30_start_pod.sh \ No newline at end of file diff --git a/podman-vaultwarden/40_stop.sh b/podman-vaultwarden/40_stop.sh new file mode 120000 index 0000000..7e51cf5 --- /dev/null +++ b/podman-vaultwarden/40_stop.sh @@ -0,0 +1 @@ +../_podman-common/40_stop_pod.sh \ No newline at end of file diff --git a/podman-vaultwarden/70_disable.sh b/podman-vaultwarden/70_disable.sh new file mode 120000 index 0000000..10a944b --- /dev/null +++ b/podman-vaultwarden/70_disable.sh @@ -0,0 +1 @@ +../_podman-common/70_disable_pod.sh \ No newline at end of file diff --git a/podman-vaultwarden/80_destroy.sh b/podman-vaultwarden/80_destroy.sh new file mode 120000 index 0000000..1b8a370 --- /dev/null +++ b/podman-vaultwarden/80_destroy.sh @@ -0,0 +1 @@ +../_podman-common/80_destroy_pod.sh \ No newline at end of file diff --git a/podman-vaultwarden/90_prune.sh b/podman-vaultwarden/90_prune.sh new file mode 120000 index 0000000..5fed91e --- /dev/null +++ b/podman-vaultwarden/90_prune.sh @@ -0,0 +1 @@ +../_podman-common/90_prune_pod.sh \ No newline at end of file diff --git a/podman-vaultwarden/ci_build-images.sh b/podman-vaultwarden/ci_build-images.sh new file mode 100755 index 0000000..a40a239 --- /dev/null +++ b/podman-vaultwarden/ci_build-images.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +ABSDIR="$( dirname "$(readlink -f -- "$0")" )" +source ${ABSDIR}/../functions.sh +source ${ABSDIR}/vars.sh + +ensure_pwd_is_scriptdir +ensure_not_root + +buildfolder=/tmp/vaultwarden-$$ + +if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then + mkdir ${buildfolder} && + git clone --depth=1 --branch=${vaultwarden_version} https://github.com/dani-garcia/vaultwarden.git ${buildfolder}/ && { + sed_in_place "^FROM vaultwarden/web-vault" "FROM docker.io/vaultwarden/web-vault" ${buildfolderdocker/amd64/Dockerfile.alpine + sed_in_place "^FROM blackdex/rust-musl" "FROM docker.io/blackdex/rust-musl" ${buildfolderdocker/amd64/Dockerfile.alpine + sed_in_place "^FROM alpine" "FROM docker.io/library/alpine" ${buildfolderdocker/amd64/Dockerfile.alpine + TMPDIR=${HOME} podman image build -t ${vaultwarden_image}:${vaultwarden_version} -f ${buildfolderdocker/amd64/Dockerfile.alpine ${buildfolder} + } + rm -rf ${buildfolder} + podman image prune -a -f --filter dangling=true + podman image prune -a -f --filter intermediate=true + podman image rm -f $(podman images -a -q -- vaultwarden/web-vault) + podman image rm -f $(podman images -a -q -- docker.io/blackdex/rust-musl) + podman image rm -f $(podman images -a -q -- dockerio/library/alpine) +else + echo "Image ${vaultwarden_image}:${vaultwarden_version} already built" +fi + +oci_push_to_registry ${vaultwarden_image}:${vaultwarden_version} diff --git a/podman-vaultwarden/docker-compose.yml b/podman-vaultwarden/docker-compose.yml new file mode 100644 index 0000000..5ca975c --- /dev/null +++ b/podman-vaultwarden/docker-compose.yml @@ -0,0 +1,46 @@ +version: '3' +services: + database: + container_name: ${db_container_name} + # Don't upgrade PostgreSQL by simply changing the version number + # You need to migrate the Database to the new PostgreSQL version + image: ${database_image}:${database_version} + #mem_limit: 256mb # version 2 only + #memswap_limit: 512mb # version 2 only + #read_only: true # not supported in swarm mode please enable along with tmpfs + #tmpfs: + # - /run/postgresql:size=512K + # - /tmp:size=256K + #environment: + # - POSTGRES_USER=vaultwarden + # - POSTGRES_PASSWORD= + # - POSTGRES_DB=vaultwarden + volumes: + - database:${database_path} + networks: + backend: + #restart: always + + app: + container_name: ${container_name} + image: ${vaultwarden_image}:${vaultwarden_version} + volumes: + - data:/data + ports: + - "127.0.0.1:8090:80" + - "127.0.0.1:9090:3012" + networks: + backend: + depends_on: + - ${db_container_name} + +# Define networks to allow best isolation +networks: + # Internal network for communication with PostgreSQL/MySQL + backend: + +# Define named volumes so data stays in place +volumes: + # Volume for PostgreSQL/MySQL database + database: + data: diff --git a/podman-vaultwarden/vars.sh b/podman-vaultwarden/vars.sh new file mode 100644 index 0000000..dcbfef7 --- /dev/null +++ b/podman-vaultwarden/vars.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +## vars +vaultwarden_image="git.garbaye.fr/garbaye/vaultwarden" +vaultwarden_version='1.9.6-alpine' +database_image="docker.io/library/postgres" +database_version='14.5-alpine' +database_path="/var/lib/postgresql/data" +database_dialect=postgres +database_port=5432 +#database_image="docker.io/library/mariadb" +#database_version='10' +#database_path="/var/lib/mysql" +#database_dialect=mysql +#database_port=3306 +## mandatory ENV vars +envvars='GARBAYE_VAULTWARDEN_DATABASE_PASSWORD GARBAYE_VAULTWARDEN_DOMAIN' +## internal vars : do not touch +project_name=${PWD##*/} +pod_name="pod_${project_name}" +service_name="pod-${pod_name}.service" +upstream_images="${vaultwarden_image} ${postgres_image}" +datavolume="${project_name}_data" +dbvolume="${project_name}_database" +container_name="${project_name}_app" +db_container_name="${project_name}_database"