Init vaultwarden

podman-vaultwarden/.gitlab-ci.yml

@@ -0,0 +1,26 @@
+# Si besoin d'executer le before_script manuellement :
+# sed -n 's/^  - \(.*\)$/\1/p' .gitlab-ci.yml | bash
+before_script:
+  - podman pod exists pod_podman-vaultwarden && podman pod rm --force pod_podman-vaultwarden
+  - rm -f ~/.config/systemd/user/pod-podman-vaultwarden.service && systemctl --user daemon-reload
+  - podman volume exists podman-vaultwarden_data && podman volume rm podman-vaultwarden_data
+  - podman volume exists podman-vaultwarden_database && podman volume rm podman-vaultwarden_database
+
+vaultwarden:
+  stage: test
+  script:
+    - cd podman-vaultwarden
+    - ./ci_build-images.sh
+    - GARBAYE_HEDGEDOC_DATABASE_PASSWORD=ChohNiephuD1nec6 GARBAYE_HEDGEDOC_DOMAIN=qlf-vaultwarden.garbaye.fr ./05_freshinstall.sh
+    - ./20_enable.sh
+    - ./30_start.sh && sleep 10
+    - ./40_stop.sh
+    - ./70_disable.sh
+    - ./80_destroy.sh
+    - podman volume rm podman-vaultwarden_data
+    - podman volume rm podman-vaultwarden_database
+  tags:
+    - garbaye
+    - compute
+    - podman
+    - x86_64

podman-vaultwarden/00_status.sh

@@ -0,0 +1 @@
+../_podman-common/00_status_pod.sh

podman-vaultwarden/05_freshinstall.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
+source ${ABSDIR}/../functions.sh
+source ${ABSDIR}/vars.sh
+
+ensure_pwd_is_scriptdir
+ensure_not_root
+
+ensure_variables_are_defined "$envvars"
+
+if podman volume exists ${dbvolume} ; then
+    echo "Error : DB volume ${dbvolume} already exists."
+    echo "Please remove it before a freshinstall, or continue with a standard installation."
+    exit 1
+fi
+
+if podman volume exists ${datavolume} ; then
+    echo "Error : DATA volume ${datavolume} already exists."
+    echo "Please remove it before a freshinstall, or continue with a standard installation."
+    exit 1
+fi
+
+#if podman volume exists ${uploadsvolume} ; then
+#    echo "Error : UPLOADS volume ${uploadsvolume} already exists."
+#    echo "Please remove it before a freshinstall, or continue with a standard installation."
+#    exit 1
+#fi
+
+podman volume create ${dbvolume}
+podman volume create ${datavolume} #&& podman unshare chmod 0777 `get_podman_volume_path ${datavolume}`
+#podman volume create ${uploadsvolume} && podman unshare chmod 0777 `get_podman_volume_path ${uploadsvolume}`
+
+${ABSDIR}/10_install.sh

podman-vaultwarden/10_install.sh

@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+
+ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
+source ${ABSDIR}/../functions.sh
+source ${ABSDIR}/vars.sh
+
+ensure_pwd_is_scriptdir
+ensure_not_root
+
+ensure_pod_not_exists ${pod_name}
+ensure_variables_are_defined "$envvars"
+
+if ! podman volume exists ${dbvolume} ; then
+    echo "Error : DB volume ${dbvolume} does not exists. Consider running 05_freshinstall.sh if this is the first install."
+    exit 1
+fi
+
+if ! podman volume exists ${datavolume} ; then
+    echo "Error : DATA volume ${datavolume} does not exists. Consider running 05_freshinstall.sh if this is the first install."
+    exit 1
+fi
+
+cat <<EOT > .env
+# vaultwarden
+DATABASE_URL=postgresql://vaultwarden:${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}@database:${database_port}/vaultwarden
+# PostgreSQL
+POSTGRES_DB=vaultwarden
+POSTGRES_PASSWORD=${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}
+POSTGRES_USER=vaultwarden
+EOT
+
+export vaultwarden_image
+export vaultwarden_version
+export database_image
+export database_version
+export database_path
+export container_name
+export db_container_name
+
+if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then
+    podman image pull ${vaultwarden_image}:${vaultwarden_version} || exit 1
+fi
+if ! podman image exists ${database_image}:${database_version}; then
+    podman image pull ${database_image}:${database_version} || exit 1
+fi
+podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
+echo -n "Waiting for vaultwarden to finish starting " &&
+( podman logs -f ${container_name} 2>&1 & ) | grep -q 'HTTP Server listening at ' &&
+echo "OK" &&
+podman pod stop ${pod_name} &&
+echo Pod built and stopped. &&
+shred -u .env

podman-vaultwarden/20_enable.sh

@@ -0,0 +1 @@
+../_podman-common/20_enable_pod.sh

podman-vaultwarden/30_start.sh

@@ -0,0 +1 @@
+../_podman-common/30_start_pod.sh

podman-vaultwarden/40_stop.sh

@@ -0,0 +1 @@
+../_podman-common/40_stop_pod.sh

podman-vaultwarden/70_disable.sh

@@ -0,0 +1 @@
+../_podman-common/70_disable_pod.sh

podman-vaultwarden/80_destroy.sh

@@ -0,0 +1 @@
+../_podman-common/80_destroy_pod.sh

podman-vaultwarden/90_prune.sh

@@ -0,0 +1 @@
+../_podman-common/90_prune_pod.sh

podman-vaultwarden/ci_build-images.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
+source ${ABSDIR}/../functions.sh
+source ${ABSDIR}/vars.sh
+
+ensure_pwd_is_scriptdir
+ensure_not_root
+
+buildfolder=/tmp/vaultwarden-$$
+
+if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then
+    mkdir ${buildfolder} &&
+        git clone --depth=1 --branch=${vaultwarden_version} https://github.com/dani-garcia/vaultwarden.git ${buildfolder}/ && {
+	sed_in_place "^FROM vaultwarden/web-vault" "FROM docker.io/vaultwarden/web-vault" ${buildfolderdocker/amd64/Dockerfile.alpine
+	sed_in_place "^FROM blackdex/rust-musl" "FROM docker.io/blackdex/rust-musl" ${buildfolderdocker/amd64/Dockerfile.alpine
+	sed_in_place "^FROM alpine" "FROM docker.io/library/alpine" ${buildfolderdocker/amd64/Dockerfile.alpine
+	TMPDIR=${HOME} podman image build -t ${vaultwarden_image}:${vaultwarden_version} -f ${buildfolderdocker/amd64/Dockerfile.alpine ${buildfolder}
+    }
+    rm -rf ${buildfolder}
+    podman image prune -a -f --filter dangling=true
+    podman image prune -a -f --filter intermediate=true
+    podman image rm -f $(podman images -a -q -- vaultwarden/web-vault)
+    podman image rm -f $(podman images -a -q -- docker.io/blackdex/rust-musl)
+    podman image rm -f $(podman images -a -q -- dockerio/library/alpine)
+else
+    echo "Image ${vaultwarden_image}:${vaultwarden_version} already built"
+fi
+
+oci_push_to_registry ${vaultwarden_image}:${vaultwarden_version}

podman-vaultwarden/docker-compose.yml

@@ -0,0 +1,46 @@
+version: '3'
+services:
+  database:
+    container_name: ${db_container_name}
+    # Don't upgrade PostgreSQL by simply changing the version number
+    # You need to migrate the Database to the new PostgreSQL version
+    image: ${database_image}:${database_version}
+    #mem_limit: 256mb         # version 2 only
+    #memswap_limit: 512mb     # version 2 only
+    #read_only: true          # not supported in swarm mode please enable along with tmpfs
+    #tmpfs:
+    #  - /run/postgresql:size=512K
+    #  - /tmp:size=256K
+    #environment:
+    #  - POSTGRES_USER=vaultwarden
+    #  - POSTGRES_PASSWORD=
+    #  - POSTGRES_DB=vaultwarden
+    volumes:
+      - database:${database_path}
+    networks:
+      backend:
+    #restart: always
+
+  app:
+    container_name: ${container_name}
+    image: ${vaultwarden_image}:${vaultwarden_version}
+    volumes:
+      - data:/data
+    ports:
+      - "127.0.0.1:8090:80"
+      - "127.0.0.1:9090:3012"
+    networks:
+      backend:
+    depends_on:
+      - ${db_container_name}
+
+# Define networks to allow best isolation
+networks:
+  # Internal network for communication with PostgreSQL/MySQL
+  backend:
+
+# Define named volumes so data stays in place
+volumes:
+  # Volume for PostgreSQL/MySQL database
+  database:
+  data:

podman-vaultwarden/vars.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+## vars
+vaultwarden_image="git.garbaye.fr/garbaye/vaultwarden"
+vaultwarden_version='1.9.6-alpine'
+database_image="docker.io/library/postgres"
+database_version='14.5-alpine'
+database_path="/var/lib/postgresql/data"
+database_dialect=postgres
+database_port=5432
+#database_image="docker.io/library/mariadb"
+#database_version='10'
+#database_path="/var/lib/mysql"
+#database_dialect=mysql
+#database_port=3306
+## mandatory ENV vars
+envvars='GARBAYE_VAULTWARDEN_DATABASE_PASSWORD GARBAYE_VAULTWARDEN_DOMAIN'
+## internal vars : do not touch
+project_name=${PWD##*/}
+pod_name="pod_${project_name}"
+service_name="pod-${pod_name}.service"
+upstream_images="${vaultwarden_image} ${postgres_image}"
+datavolume="${project_name}_data"
+dbvolume="${project_name}_database"
+container_name="${project_name}_app"
+db_container_name="${project_name}_database"