Init vaultwarden

This commit is contained in:
KsmoinO 2022-11-26 23:00:34 +01:00
parent 83a2f75c8f
commit e2b93037df
13 changed files with 220 additions and 0 deletions

View file

@ -0,0 +1,26 @@
# Si besoin d'executer le before_script manuellement :
# sed -n 's/^ - \(.*\)$/\1/p' .gitlab-ci.yml | bash
before_script:
- podman pod exists pod_podman-vaultwarden && podman pod rm --force pod_podman-vaultwarden
- rm -f ~/.config/systemd/user/pod-podman-vaultwarden.service && systemctl --user daemon-reload
- podman volume exists podman-vaultwarden_data && podman volume rm podman-vaultwarden_data
- podman volume exists podman-vaultwarden_database && podman volume rm podman-vaultwarden_database
vaultwarden:
stage: test
script:
- cd podman-vaultwarden
- ./ci_build-images.sh
- GARBAYE_HEDGEDOC_DATABASE_PASSWORD=ChohNiephuD1nec6 GARBAYE_HEDGEDOC_DOMAIN=qlf-vaultwarden.garbaye.fr ./05_freshinstall.sh
- ./20_enable.sh
- ./30_start.sh && sleep 10
- ./40_stop.sh
- ./70_disable.sh
- ./80_destroy.sh
- podman volume rm podman-vaultwarden_data
- podman volume rm podman-vaultwarden_database
tags:
- garbaye
- compute
- podman
- x86_64

View file

@ -0,0 +1 @@
../_podman-common/00_status_pod.sh

View file

@ -0,0 +1,34 @@
#!/usr/bin/env bash
ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
source ${ABSDIR}/../functions.sh
source ${ABSDIR}/vars.sh
ensure_pwd_is_scriptdir
ensure_not_root
ensure_variables_are_defined "$envvars"
if podman volume exists ${dbvolume} ; then
echo "Error : DB volume ${dbvolume} already exists."
echo "Please remove it before a freshinstall, or continue with a standard installation."
exit 1
fi
if podman volume exists ${datavolume} ; then
echo "Error : DATA volume ${datavolume} already exists."
echo "Please remove it before a freshinstall, or continue with a standard installation."
exit 1
fi
#if podman volume exists ${uploadsvolume} ; then
# echo "Error : UPLOADS volume ${uploadsvolume} already exists."
# echo "Please remove it before a freshinstall, or continue with a standard installation."
# exit 1
#fi
podman volume create ${dbvolume}
podman volume create ${datavolume} #&& podman unshare chmod 0777 `get_podman_volume_path ${datavolume}`
#podman volume create ${uploadsvolume} && podman unshare chmod 0777 `get_podman_volume_path ${uploadsvolume}`
${ABSDIR}/10_install.sh

View file

@ -0,0 +1,52 @@
#!/usr/bin/env bash
ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
source ${ABSDIR}/../functions.sh
source ${ABSDIR}/vars.sh
ensure_pwd_is_scriptdir
ensure_not_root
ensure_pod_not_exists ${pod_name}
ensure_variables_are_defined "$envvars"
if ! podman volume exists ${dbvolume} ; then
echo "Error : DB volume ${dbvolume} does not exists. Consider running 05_freshinstall.sh if this is the first install."
exit 1
fi
if ! podman volume exists ${datavolume} ; then
echo "Error : DATA volume ${datavolume} does not exists. Consider running 05_freshinstall.sh if this is the first install."
exit 1
fi
cat <<EOT > .env
# vaultwarden
DATABASE_URL=postgresql://vaultwarden:${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}@database:${database_port}/vaultwarden
# PostgreSQL
POSTGRES_DB=vaultwarden
POSTGRES_PASSWORD=${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}
POSTGRES_USER=vaultwarden
EOT
export vaultwarden_image
export vaultwarden_version
export database_image
export database_version
export database_path
export container_name
export db_container_name
if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then
podman image pull ${vaultwarden_image}:${vaultwarden_version} || exit 1
fi
if ! podman image exists ${database_image}:${database_version}; then
podman image pull ${database_image}:${database_version} || exit 1
fi
podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
echo -n "Waiting for vaultwarden to finish starting " &&
( podman logs -f ${container_name} 2>&1 & ) | grep -q 'HTTP Server listening at ' &&
echo "OK" &&
podman pod stop ${pod_name} &&
echo Pod built and stopped. &&
shred -u .env

View file

@ -0,0 +1 @@
../_podman-common/20_enable_pod.sh

View file

@ -0,0 +1 @@
../_podman-common/30_start_pod.sh

View file

@ -0,0 +1 @@
../_podman-common/40_stop_pod.sh

View file

@ -0,0 +1 @@
../_podman-common/70_disable_pod.sh

View file

@ -0,0 +1 @@
../_podman-common/80_destroy_pod.sh

View file

@ -0,0 +1 @@
../_podman-common/90_prune_pod.sh

View file

@ -0,0 +1,30 @@
#!/usr/bin/env bash
ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
source ${ABSDIR}/../functions.sh
source ${ABSDIR}/vars.sh
ensure_pwd_is_scriptdir
ensure_not_root
buildfolder=/tmp/vaultwarden-$$
if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then
mkdir ${buildfolder} &&
git clone --depth=1 --branch=${vaultwarden_version} https://github.com/dani-garcia/vaultwarden.git ${buildfolder}/ && {
sed_in_place "^FROM vaultwarden/web-vault" "FROM docker.io/vaultwarden/web-vault" ${buildfolderdocker/amd64/Dockerfile.alpine
sed_in_place "^FROM blackdex/rust-musl" "FROM docker.io/blackdex/rust-musl" ${buildfolderdocker/amd64/Dockerfile.alpine
sed_in_place "^FROM alpine" "FROM docker.io/library/alpine" ${buildfolderdocker/amd64/Dockerfile.alpine
TMPDIR=${HOME} podman image build -t ${vaultwarden_image}:${vaultwarden_version} -f ${buildfolderdocker/amd64/Dockerfile.alpine ${buildfolder}
}
rm -rf ${buildfolder}
podman image prune -a -f --filter dangling=true
podman image prune -a -f --filter intermediate=true
podman image rm -f $(podman images -a -q -- vaultwarden/web-vault)
podman image rm -f $(podman images -a -q -- docker.io/blackdex/rust-musl)
podman image rm -f $(podman images -a -q -- dockerio/library/alpine)
else
echo "Image ${vaultwarden_image}:${vaultwarden_version} already built"
fi
oci_push_to_registry ${vaultwarden_image}:${vaultwarden_version}

View file

@ -0,0 +1,46 @@
version: '3'
services:
database:
container_name: ${db_container_name}
# Don't upgrade PostgreSQL by simply changing the version number
# You need to migrate the Database to the new PostgreSQL version
image: ${database_image}:${database_version}
#mem_limit: 256mb # version 2 only
#memswap_limit: 512mb # version 2 only
#read_only: true # not supported in swarm mode please enable along with tmpfs
#tmpfs:
# - /run/postgresql:size=512K
# - /tmp:size=256K
#environment:
# - POSTGRES_USER=vaultwarden
# - POSTGRES_PASSWORD=
# - POSTGRES_DB=vaultwarden
volumes:
- database:${database_path}
networks:
backend:
#restart: always
app:
container_name: ${container_name}
image: ${vaultwarden_image}:${vaultwarden_version}
volumes:
- data:/data
ports:
- "127.0.0.1:8090:80"
- "127.0.0.1:9090:3012"
networks:
backend:
depends_on:
- ${db_container_name}
# Define networks to allow best isolation
networks:
# Internal network for communication with PostgreSQL/MySQL
backend:
# Define named volumes so data stays in place
volumes:
# Volume for PostgreSQL/MySQL database
database:
data:

View file

@ -0,0 +1,25 @@
#!/usr/bin/env bash
## vars
vaultwarden_image="git.garbaye.fr/garbaye/vaultwarden"
vaultwarden_version='1.9.6-alpine'
database_image="docker.io/library/postgres"
database_version='14.5-alpine'
database_path="/var/lib/postgresql/data"
database_dialect=postgres
database_port=5432
#database_image="docker.io/library/mariadb"
#database_version='10'
#database_path="/var/lib/mysql"
#database_dialect=mysql
#database_port=3306
## mandatory ENV vars
envvars='GARBAYE_VAULTWARDEN_DATABASE_PASSWORD GARBAYE_VAULTWARDEN_DOMAIN'
## internal vars : do not touch
project_name=${PWD##*/}
pod_name="pod_${project_name}"
service_name="pod-${pod_name}.service"
upstream_images="${vaultwarden_image} ${postgres_image}"
datavolume="${project_name}_data"
dbvolume="${project_name}_database"
container_name="${project_name}_app"
db_container_name="${project_name}_database"