Init vaultwarden
This commit is contained in:
parent
83a2f75c8f
commit
e2b93037df
26
podman-vaultwarden/.gitlab-ci.yml
Normal file
26
podman-vaultwarden/.gitlab-ci.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
# Si besoin d'executer le before_script manuellement :
|
||||
# sed -n 's/^ - \(.*\)$/\1/p' .gitlab-ci.yml | bash
|
||||
before_script:
|
||||
- podman pod exists pod_podman-vaultwarden && podman pod rm --force pod_podman-vaultwarden
|
||||
- rm -f ~/.config/systemd/user/pod-podman-vaultwarden.service && systemctl --user daemon-reload
|
||||
- podman volume exists podman-vaultwarden_data && podman volume rm podman-vaultwarden_data
|
||||
- podman volume exists podman-vaultwarden_database && podman volume rm podman-vaultwarden_database
|
||||
|
||||
vaultwarden:
|
||||
stage: test
|
||||
script:
|
||||
- cd podman-vaultwarden
|
||||
- ./ci_build-images.sh
|
||||
- GARBAYE_HEDGEDOC_DATABASE_PASSWORD=ChohNiephuD1nec6 GARBAYE_HEDGEDOC_DOMAIN=qlf-vaultwarden.garbaye.fr ./05_freshinstall.sh
|
||||
- ./20_enable.sh
|
||||
- ./30_start.sh && sleep 10
|
||||
- ./40_stop.sh
|
||||
- ./70_disable.sh
|
||||
- ./80_destroy.sh
|
||||
- podman volume rm podman-vaultwarden_data
|
||||
- podman volume rm podman-vaultwarden_database
|
||||
tags:
|
||||
- garbaye
|
||||
- compute
|
||||
- podman
|
||||
- x86_64
|
1
podman-vaultwarden/00_status.sh
Symbolic link
1
podman-vaultwarden/00_status.sh
Symbolic link
|
@ -0,0 +1 @@
|
|||
../_podman-common/00_status_pod.sh
|
34
podman-vaultwarden/05_freshinstall.sh
Executable file
34
podman-vaultwarden/05_freshinstall.sh
Executable file
|
@ -0,0 +1,34 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
|
||||
source ${ABSDIR}/../functions.sh
|
||||
source ${ABSDIR}/vars.sh
|
||||
|
||||
ensure_pwd_is_scriptdir
|
||||
ensure_not_root
|
||||
|
||||
ensure_variables_are_defined "$envvars"
|
||||
|
||||
if podman volume exists ${dbvolume} ; then
|
||||
echo "Error : DB volume ${dbvolume} already exists."
|
||||
echo "Please remove it before a freshinstall, or continue with a standard installation."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if podman volume exists ${datavolume} ; then
|
||||
echo "Error : DATA volume ${datavolume} already exists."
|
||||
echo "Please remove it before a freshinstall, or continue with a standard installation."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#if podman volume exists ${uploadsvolume} ; then
|
||||
# echo "Error : UPLOADS volume ${uploadsvolume} already exists."
|
||||
# echo "Please remove it before a freshinstall, or continue with a standard installation."
|
||||
# exit 1
|
||||
#fi
|
||||
|
||||
podman volume create ${dbvolume}
|
||||
podman volume create ${datavolume} #&& podman unshare chmod 0777 `get_podman_volume_path ${datavolume}`
|
||||
#podman volume create ${uploadsvolume} && podman unshare chmod 0777 `get_podman_volume_path ${uploadsvolume}`
|
||||
|
||||
${ABSDIR}/10_install.sh
|
52
podman-vaultwarden/10_install.sh
Executable file
52
podman-vaultwarden/10_install.sh
Executable file
|
@ -0,0 +1,52 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
|
||||
source ${ABSDIR}/../functions.sh
|
||||
source ${ABSDIR}/vars.sh
|
||||
|
||||
ensure_pwd_is_scriptdir
|
||||
ensure_not_root
|
||||
|
||||
ensure_pod_not_exists ${pod_name}
|
||||
ensure_variables_are_defined "$envvars"
|
||||
|
||||
if ! podman volume exists ${dbvolume} ; then
|
||||
echo "Error : DB volume ${dbvolume} does not exists. Consider running 05_freshinstall.sh if this is the first install."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! podman volume exists ${datavolume} ; then
|
||||
echo "Error : DATA volume ${datavolume} does not exists. Consider running 05_freshinstall.sh if this is the first install."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cat <<EOT > .env
|
||||
# vaultwarden
|
||||
DATABASE_URL=postgresql://vaultwarden:${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}@database:${database_port}/vaultwarden
|
||||
# PostgreSQL
|
||||
POSTGRES_DB=vaultwarden
|
||||
POSTGRES_PASSWORD=${GARBAYE_VAULTWARDEN_DATABASE_PASSWORD}
|
||||
POSTGRES_USER=vaultwarden
|
||||
EOT
|
||||
|
||||
export vaultwarden_image
|
||||
export vaultwarden_version
|
||||
export database_image
|
||||
export database_version
|
||||
export database_path
|
||||
export container_name
|
||||
export db_container_name
|
||||
|
||||
if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then
|
||||
podman image pull ${vaultwarden_image}:${vaultwarden_version} || exit 1
|
||||
fi
|
||||
if ! podman image exists ${database_image}:${database_version}; then
|
||||
podman image pull ${database_image}:${database_version} || exit 1
|
||||
fi
|
||||
podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
|
||||
echo -n "Waiting for vaultwarden to finish starting " &&
|
||||
( podman logs -f ${container_name} 2>&1 & ) | grep -q 'HTTP Server listening at ' &&
|
||||
echo "OK" &&
|
||||
podman pod stop ${pod_name} &&
|
||||
echo Pod built and stopped. &&
|
||||
shred -u .env
|
1
podman-vaultwarden/20_enable.sh
Symbolic link
1
podman-vaultwarden/20_enable.sh
Symbolic link
|
@ -0,0 +1 @@
|
|||
../_podman-common/20_enable_pod.sh
|
1
podman-vaultwarden/30_start.sh
Symbolic link
1
podman-vaultwarden/30_start.sh
Symbolic link
|
@ -0,0 +1 @@
|
|||
../_podman-common/30_start_pod.sh
|
1
podman-vaultwarden/40_stop.sh
Symbolic link
1
podman-vaultwarden/40_stop.sh
Symbolic link
|
@ -0,0 +1 @@
|
|||
../_podman-common/40_stop_pod.sh
|
1
podman-vaultwarden/70_disable.sh
Symbolic link
1
podman-vaultwarden/70_disable.sh
Symbolic link
|
@ -0,0 +1 @@
|
|||
../_podman-common/70_disable_pod.sh
|
1
podman-vaultwarden/80_destroy.sh
Symbolic link
1
podman-vaultwarden/80_destroy.sh
Symbolic link
|
@ -0,0 +1 @@
|
|||
../_podman-common/80_destroy_pod.sh
|
1
podman-vaultwarden/90_prune.sh
Symbolic link
1
podman-vaultwarden/90_prune.sh
Symbolic link
|
@ -0,0 +1 @@
|
|||
../_podman-common/90_prune_pod.sh
|
30
podman-vaultwarden/ci_build-images.sh
Executable file
30
podman-vaultwarden/ci_build-images.sh
Executable file
|
@ -0,0 +1,30 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
ABSDIR="$( dirname "$(readlink -f -- "$0")" )"
|
||||
source ${ABSDIR}/../functions.sh
|
||||
source ${ABSDIR}/vars.sh
|
||||
|
||||
ensure_pwd_is_scriptdir
|
||||
ensure_not_root
|
||||
|
||||
buildfolder=/tmp/vaultwarden-$$
|
||||
|
||||
if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then
|
||||
mkdir ${buildfolder} &&
|
||||
git clone --depth=1 --branch=${vaultwarden_version} https://github.com/dani-garcia/vaultwarden.git ${buildfolder}/ && {
|
||||
sed_in_place "^FROM vaultwarden/web-vault" "FROM docker.io/vaultwarden/web-vault" ${buildfolderdocker/amd64/Dockerfile.alpine
|
||||
sed_in_place "^FROM blackdex/rust-musl" "FROM docker.io/blackdex/rust-musl" ${buildfolderdocker/amd64/Dockerfile.alpine
|
||||
sed_in_place "^FROM alpine" "FROM docker.io/library/alpine" ${buildfolderdocker/amd64/Dockerfile.alpine
|
||||
TMPDIR=${HOME} podman image build -t ${vaultwarden_image}:${vaultwarden_version} -f ${buildfolderdocker/amd64/Dockerfile.alpine ${buildfolder}
|
||||
}
|
||||
rm -rf ${buildfolder}
|
||||
podman image prune -a -f --filter dangling=true
|
||||
podman image prune -a -f --filter intermediate=true
|
||||
podman image rm -f $(podman images -a -q -- vaultwarden/web-vault)
|
||||
podman image rm -f $(podman images -a -q -- docker.io/blackdex/rust-musl)
|
||||
podman image rm -f $(podman images -a -q -- dockerio/library/alpine)
|
||||
else
|
||||
echo "Image ${vaultwarden_image}:${vaultwarden_version} already built"
|
||||
fi
|
||||
|
||||
oci_push_to_registry ${vaultwarden_image}:${vaultwarden_version}
|
46
podman-vaultwarden/docker-compose.yml
Normal file
46
podman-vaultwarden/docker-compose.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
version: '3'
|
||||
services:
|
||||
database:
|
||||
container_name: ${db_container_name}
|
||||
# Don't upgrade PostgreSQL by simply changing the version number
|
||||
# You need to migrate the Database to the new PostgreSQL version
|
||||
image: ${database_image}:${database_version}
|
||||
#mem_limit: 256mb # version 2 only
|
||||
#memswap_limit: 512mb # version 2 only
|
||||
#read_only: true # not supported in swarm mode please enable along with tmpfs
|
||||
#tmpfs:
|
||||
# - /run/postgresql:size=512K
|
||||
# - /tmp:size=256K
|
||||
#environment:
|
||||
# - POSTGRES_USER=vaultwarden
|
||||
# - POSTGRES_PASSWORD=
|
||||
# - POSTGRES_DB=vaultwarden
|
||||
volumes:
|
||||
- database:${database_path}
|
||||
networks:
|
||||
backend:
|
||||
#restart: always
|
||||
|
||||
app:
|
||||
container_name: ${container_name}
|
||||
image: ${vaultwarden_image}:${vaultwarden_version}
|
||||
volumes:
|
||||
- data:/data
|
||||
ports:
|
||||
- "127.0.0.1:8090:80"
|
||||
- "127.0.0.1:9090:3012"
|
||||
networks:
|
||||
backend:
|
||||
depends_on:
|
||||
- ${db_container_name}
|
||||
|
||||
# Define networks to allow best isolation
|
||||
networks:
|
||||
# Internal network for communication with PostgreSQL/MySQL
|
||||
backend:
|
||||
|
||||
# Define named volumes so data stays in place
|
||||
volumes:
|
||||
# Volume for PostgreSQL/MySQL database
|
||||
database:
|
||||
data:
|
25
podman-vaultwarden/vars.sh
Normal file
25
podman-vaultwarden/vars.sh
Normal file
|
@ -0,0 +1,25 @@
|
|||
#!/usr/bin/env bash
|
||||
## vars
|
||||
vaultwarden_image="git.garbaye.fr/garbaye/vaultwarden"
|
||||
vaultwarden_version='1.9.6-alpine'
|
||||
database_image="docker.io/library/postgres"
|
||||
database_version='14.5-alpine'
|
||||
database_path="/var/lib/postgresql/data"
|
||||
database_dialect=postgres
|
||||
database_port=5432
|
||||
#database_image="docker.io/library/mariadb"
|
||||
#database_version='10'
|
||||
#database_path="/var/lib/mysql"
|
||||
#database_dialect=mysql
|
||||
#database_port=3306
|
||||
## mandatory ENV vars
|
||||
envvars='GARBAYE_VAULTWARDEN_DATABASE_PASSWORD GARBAYE_VAULTWARDEN_DOMAIN'
|
||||
## internal vars : do not touch
|
||||
project_name=${PWD##*/}
|
||||
pod_name="pod_${project_name}"
|
||||
service_name="pod-${pod_name}.service"
|
||||
upstream_images="${vaultwarden_image} ${postgres_image}"
|
||||
datavolume="${project_name}_data"
|
||||
dbvolume="${project_name}_database"
|
||||
container_name="${project_name}_app"
|
||||
db_container_name="${project_name}_database"
|
Loading…
Reference in a new issue