From 798e2ea593c9fffca464f61e799b49f55954748a Mon Sep 17 00:00:00 2001 From: tteckster Date: Fri, 4 Feb 2022 04:39:25 -0500 Subject: [PATCH 1/7] Add files via upload --- ct/vault_container.sh | 162 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 ct/vault_container.sh diff --git a/ct/vault_container.sh b/ct/vault_container.sh new file mode 100644 index 00000000..f1f66ca6 --- /dev/null +++ b/ct/vault_container.sh @@ -0,0 +1,162 @@ +#!/usr/bin/env bash + +while true; do + read -p "This will create a New Vaultwarden LXC Container. Proceed(y/n)?" yn + case $yn in + [Yy]* ) break;; + [Nn]* ) exit;; + * ) echo "Please answer yes or no.";; + esac +done + +set -o errexit +set -o errtrace +set -o nounset +set -o pipefail +shopt -s expand_aliases +alias die='EXIT=$? LINE=$LINENO error_exit' +CHECKMARK='\033[0;32m\xE2\x9C\x94\033[0m' +trap die ERR +trap cleanup EXIT + +function error_exit() { + trap - ERR + local DEFAULT='Unknown failure occured.' + local REASON="\e[97m${1:-$DEFAULT}\e[39m" + local FLAG="\e[91m[ERROR] \e[93m$EXIT@$LINE" + msg "$FLAG $REASON" + [ ! -z ${CTID-} ] && cleanup_ctid + exit $EXIT +} +function warn() { + local REASON="\e[97m$1\e[39m" + local FLAG="\e[93m[WARNING]\e[39m" + msg "$FLAG $REASON" +} +function info() { + local REASON="$1" + local FLAG="\e[36m[INFO]\e[39m" + msg "$FLAG $REASON" +} +function msg() { + local TEXT="$1" + echo -e "$TEXT" +} +function cleanup_ctid() { + if [ ! -z ${MOUNT+x} ]; then + pct unmount $CTID + fi + if $(pct status $CTID &>/dev/null); then + if [ "$(pct status $CTID | awk '{print $2}')" == "running" ]; then + pct stop $CTID + fi + pct destroy $CTID + elif [ "$(pvesm list $STORAGE --vmid $CTID)" != "" ]; then + pvesm free $ROOTFS + fi +} +function cleanup() { + popd >/dev/null + rm -rf $TEMP_DIR +} +function load_module() { + if ! $(lsmod | grep -Fq $1); then + modprobe $1 &>/dev/null || \ + die "Failed to load '$1' module." + fi + MODULES_PATH=/etc/modules + if ! $(grep -Fxq "$1" $MODULES_PATH); then + echo "$1" >> $MODULES_PATH || \ + die "Failed to add '$1' module to load at boot." + fi +} +TEMP_DIR=$(mktemp -d) +pushd $TEMP_DIR >/dev/null + +wget -qL https://raw.githubusercontent.com/tteck/Proxmox/dev/setup/vault_setup.sh + +load_module overlay + +while read -r line; do + TAG=$(echo $line | awk '{print $1}') + TYPE=$(echo $line | awk '{printf "%-10s", $2}') + FREE=$(echo $line | numfmt --field 4-6 --from-unit=K --to=iec --format %.2f | awk '{printf( "%9sB", $6)}') + ITEM=" Type: $TYPE Free: $FREE " + OFFSET=2 + if [[ $((${#ITEM} + $OFFSET)) -gt ${MSG_MAX_LENGTH:-} ]]; then + MSG_MAX_LENGTH=$((${#ITEM} + $OFFSET)) + fi + STORAGE_MENU+=( "$TAG" "$ITEM" "OFF" ) +done < <(pvesm status -content rootdir | awk 'NR>1') +if [ $((${#STORAGE_MENU[@]}/3)) -eq 0 ]; then + warn "'Container' needs to be selected for at least one storage location." + die "Unable to detect valid storage location." +elif [ $((${#STORAGE_MENU[@]}/3)) -eq 1 ]; then + STORAGE=${STORAGE_MENU[0]} +else + while [ -z "${STORAGE:+x}" ]; do + STORAGE=$(whiptail --title "Storage Pools" --radiolist \ + "Which storage pool you would like to use for the container?\n\n" \ + 16 $(($MSG_MAX_LENGTH + 23)) 6 \ + "${STORAGE_MENU[@]}" 3>&1 1>&2 2>&3) || exit + done +fi +info "Using '$STORAGE' for storage location." + +CTID=$(pvesh get /cluster/nextid) +info "Container ID is $CTID." + +echo -e "${CHECKMARK} \e[1;92m Updating LXC Template List... \e[0m" +pveam update >/dev/null + +echo -e "${CHECKMARK} \e[1;92m Downloading LXC Template... \e[0m" +OSTYPE=debian +OSVERSION=${OSTYPE}-11 +mapfile -t TEMPLATES < <(pveam available -section system | sed -n "s/.*\($OSVERSION.*\)/\1/p" | sort -t - -k 2 -V) +TEMPLATE="${TEMPLATES[-1]}" +pveam download local $TEMPLATE >/dev/null || + die "A problem occured while downloading the LXC template." + +STORAGE_TYPE=$(pvesm status -storage $STORAGE | awk 'NR>1 {print $2}') +case $STORAGE_TYPE in + dir|nfs) + DISK_EXT=".raw" + DISK_REF="$CTID/" + ;; + zfspool) + DISK_PREFIX="subvol" + DISK_FORMAT="subvol" + ;; +esac +DISK=${DISK_PREFIX:-vm}-${CTID}-disk-0${DISK_EXT-} +ROOTFS=${STORAGE}:${DISK_REF-}${DISK} + +echo -e "${CHECKMARK} \e[1;92m Creating LXC Container... \e[0m" +DISK_SIZE=8G +pvesm alloc $STORAGE $CTID $DISK $DISK_SIZE --format ${DISK_FORMAT:-raw} >/dev/null +if [ "$STORAGE_TYPE" == "zfspool" ]; then + warn "Some containers may not work properly due to ZFS not supporting 'fallocate'." +else + mkfs.ext4 $(pvesm path $ROOTFS) &>/dev/null +fi +ARCH=$(dpkg --print-architecture) +HOSTNAME=vaultwarden +TEMPLATE_STRING="local:vztmpl/${TEMPLATE}" +pct create $CTID $TEMPLATE_STRING -arch $ARCH -features nesting=1 \ + -hostname $HOSTNAME -net0 name=eth0,bridge=vmbr0,ip=dhcp -onboot 1 -cores 4 -memory 4096\ + -ostype $OSTYPE -rootfs $ROOTFS,size=$DISK_SIZE -storage $STORAGE >/dev/null + +MOUNT=$(pct mount $CTID | cut -d"'" -f 2) +ln -fs $(readlink /etc/localtime) ${MOUNT}/etc/localtime +pct unmount $CTID && unset MOUNT + +echo -e "${CHECKMARK} \e[1;92m Starting LXC Container... \e[0m" +pct start $CTID +pct push $CTID vault_setup.sh /vault_setup.sh -perms 755 +pct exec $CTID /vault_setup.sh + +IP=$(pct exec $CTID ip a s dev eth0 | sed -n '/inet / s/\// /p' | awk '{print $2}') +info "Successfully created a Vaultwarden LXC Container to $CTID" +echo -e "\e[1;92m Vaultwarden should be reachable by going to the following URL. + http://${IP}:8000 +\e[0m" \ No newline at end of file From b5c83daf7a131aa4f63470e9673e37c87694618f Mon Sep 17 00:00:00 2001 From: tteckster Date: Fri, 4 Feb 2022 04:40:13 -0500 Subject: [PATCH 2/7] Add files via upload --- setup/vault_setup.sh | 147 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 setup/vault_setup.sh diff --git a/setup/vault_setup.sh b/setup/vault_setup.sh new file mode 100644 index 00000000..16bb8b05 --- /dev/null +++ b/setup/vault_setup.sh @@ -0,0 +1,147 @@ +#!/usr/bin/env bash + +set -o errexit +set -o errtrace +set -o nounset +set -o pipefail +shopt -s expand_aliases +alias die='EXIT=$? LINE=$LINENO error_exit' +CROSS='\033[1;31m\xE2\x9D\x8C\033[0m' +CHECKMARK='\033[0;32m\xE2\x9C\x94\033[0m' +RETRY_NUM=5 +RETRY_EVERY=3 +NUM=$RETRY_NUM +trap die ERR +trap 'die "Script interrupted."' INT + +function error_exit() { + trap - ERR + local DEFAULT='Unknown failure occured.' + local REASON="\e[97m${1:-$DEFAULT}\e[39m" + local FLAG="\e[91m[ERROR:LXC] \e[93m$EXIT@$LINE" + msg "$FLAG $REASON" + exit $EXIT +} +function msg() { + local TEXT="$1" + echo -e "$TEXT" +} + +echo -e "${CHECKMARK} \e[1;92m Setting up Container OS... \e[0m" +sed -i "/$LANG/ s/\(^# \)//" /etc/locale.gen +locale-gen >/dev/null +while [ "$(hostname -I)" = "" ]; do + 1>&2 echo -e "${CROSS} \e[1;31m No Network: \e[0m $(date)" + sleep $RETRY_EVERY + ((NUM--)) + if [ $NUM -eq 0 ] + then + 1>&2 echo -e "${CROSS} \e[1;31m No Network After $RETRY_NUM Tries \e[0m" + exit 1 + fi +done + echo -e "${CHECKMARK} \e[1;92m Network Connected: \e[0m $(hostname -I)" + +echo -e "${CHECKMARK} \e[1;92m Updating Container OS... \e[0m" +apt-get update &>/dev/null +apt-get -qqy upgrade &>/dev/null + +echo -e "${CHECKMARK} \e[1;92m Installing Dependencies... \e[0m" +apt-get update &>/dev/null +apt-get -qqy install \ + git \ + nano \ + wget \ + htop \ + pkg-config \ + openssl \ + libssl1.1 \ + libssl-dev \ + curl \ + sudo &>/dev/null + +echo -e "${CHECKMARK} \e[1;92m Installing Build Essentials... \e[0m" +apt-get install -y build-essential &>/dev/null + +echo -e "${CHECKMARK} \e[1;92m Installing Rust... \e[0m" +curl https://sh.rustup.rs -sSf | sh -y +echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc +export PATH=~/.cargo/bin:$PATH +which rustc &>/dev/null + +echo -e "${CHECKMARK} \e[1;92m Installing Node.js... \e[0m" +curl -fsSL https://deb.nodesource.com/setup_16.x | bash - &>/dev/null +apt-get install -y nodejs &>/dev/null +npm -g install npm@7 &>/dev/null +which npm &>/dev/null +npm i npm@latest -g &>/dev/null + +echo -e "${CHECKMARK} \e[1;92m Building Vaultwarden... \e[0m" +git clone https://github.com/dani-garcia/vaultwarden && pushd vaultwarden &>/dev/null +cargo clean && cargo build --features sqlite --release &>/dev/null +file target/release/vaultwarden &>/dev/null + +echo -e "${CHECKMARK} \e[1;92m Building Web-Vault... \e[0m" +pushd target/release/ &>/dev/null +git clone --recurse-submodules https://github.com/bitwarden/web.git web-vault.git && cd web-vault.git &>/dev/null +git checkout v2.25.1 &>/dev/null +git submodule update --init --recursive &>/dev/null +wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.25.0.patch &>/dev/null +git apply v2.25.0.patch &>/dev/null +npm ci --legacy-peer-deps && npm audit fix --legacy-peer-deps || true && npm run dist:oss:selfhost &>/dev/null +cp -a build ../web-vault &>/dev/null +cd .. +mkdir data &>/dev/null + +echo -e "${CHECKMARK} \e[1;92m Create Systemd Service... \e[0m" +cp ../../.env.template /etc/vaultwarden.env &>/dev/null +cp vaultwarden /usr/bin/vaultwarden &>/dev/null +chmod +x /usr/bin/vaultwarden &>/dev/null +useradd -m -d /var/lib/vaultwarden vaultwarden &>/dev/null +sudo cp -R data /var/lib/vaultwarden/ &>/dev/null +cp -R web-vault /var/lib/vaultwarden/ &>/dev/null +chown -R vaultwarden:vaultwarden /var/lib/vaultwarden &>/dev/null + +service_path="/etc/systemd/system/vaultwarden.service" &>/dev/null + +echo "[Unit] +Description=Bitwarden Server (Powered by Vaultwarden) +Documentation=https://github.com/dani-garcia/vaultwarden + +After=network.target + +[Service] +User=vaultwarden +Group=vaultwarden +EnvironmentFile=/etc/vaultwarden.env +ExecStart=/usr/bin/vaultwarden +LimitNOFILE=1048576 +LimitNPROC=64 +PrivateTmp=true +PrivateDevices=true +ProtectHome=true +ProtectSystem=strict +WorkingDirectory=/var/lib/vaultwarden +ReadWriteDirectories=/var/lib/vaultwarden +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target" > $service_path + +echo -e "${CHECKMARK} \e[1;92m Customizing Container... \e[0m" +rm /etc/motd +rm /etc/update-motd.d/10-uname +touch ~/.hushlogin +GETTY_OVERRIDE="/etc/systemd/system/container-getty@1.service.d/override.conf" +mkdir -p $(dirname $GETTY_OVERRIDE) +cat << EOF > $GETTY_OVERRIDE +[Service] +ExecStart= +ExecStart=-/sbin/agetty --autologin root --noclear --keep-baud tty%I 115200,38400,9600 \$TERM +EOF +systemctl daemon-reload +systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//') +systemctl enable vaultwarden.service &>/dev/null +systemctl start vaultwarden.service &>/dev/null +echo -e "${CHECKMARK} \e[1;92m Cleanup... \e[0m" +rm -rf /vault_setup.sh /var/{cache,log}/* /var/lib/apt/lists/* \ No newline at end of file From fc49a02107eb7c28fd94a0c2bdae8cd55ef6617b Mon Sep 17 00:00:00 2001 From: tteckster Date: Fri, 4 Feb 2022 04:47:37 -0500 Subject: [PATCH 3/7] Update vault_setup.sh --- setup/vault_setup.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/vault_setup.sh b/setup/vault_setup.sh index 16bb8b05..cd7c6160 100644 --- a/setup/vault_setup.sh +++ b/setup/vault_setup.sh @@ -64,7 +64,7 @@ echo -e "${CHECKMARK} \e[1;92m Installing Build Essentials... \e[0m" apt-get install -y build-essential &>/dev/null echo -e "${CHECKMARK} \e[1;92m Installing Rust... \e[0m" -curl https://sh.rustup.rs -sSf | sh -y +curl https://sh.rustup.rs -sSf | sh -s echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc export PATH=~/.cargo/bin:$PATH which rustc &>/dev/null @@ -144,4 +144,4 @@ systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//') systemctl enable vaultwarden.service &>/dev/null systemctl start vaultwarden.service &>/dev/null echo -e "${CHECKMARK} \e[1;92m Cleanup... \e[0m" -rm -rf /vault_setup.sh /var/{cache,log}/* /var/lib/apt/lists/* \ No newline at end of file +rm -rf /vault_setup.sh /var/{cache,log}/* /var/lib/apt/lists/* From 555d263e4bb030cc49224860f50f24d05ae01e4c Mon Sep 17 00:00:00 2001 From: tteckster Date: Fri, 4 Feb 2022 05:37:01 -0500 Subject: [PATCH 4/7] Add files via upload --- setup/vault_setup.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/setup/vault_setup.sh b/setup/vault_setup.sh index cd7c6160..3b2ffc48 100644 --- a/setup/vault_setup.sh +++ b/setup/vault_setup.sh @@ -64,7 +64,7 @@ echo -e "${CHECKMARK} \e[1;92m Installing Build Essentials... \e[0m" apt-get install -y build-essential &>/dev/null echo -e "${CHECKMARK} \e[1;92m Installing Rust... \e[0m" -curl https://sh.rustup.rs -sSf | sh -s +curl https://sh.rustup.rs -sSf | sh echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc export PATH=~/.cargo/bin:$PATH which rustc &>/dev/null @@ -77,21 +77,21 @@ which npm &>/dev/null npm i npm@latest -g &>/dev/null echo -e "${CHECKMARK} \e[1;92m Building Vaultwarden... \e[0m" -git clone https://github.com/dani-garcia/vaultwarden && pushd vaultwarden &>/dev/null -cargo clean && cargo build --features sqlite --release &>/dev/null -file target/release/vaultwarden &>/dev/null +git clone https://github.com/dani-garcia/vaultwarden && pushd vaultwarden +cargo clean && cargo build --features sqlite --release +file target/release/vaultwarden echo -e "${CHECKMARK} \e[1;92m Building Web-Vault... \e[0m" -pushd target/release/ &>/dev/null -git clone --recurse-submodules https://github.com/bitwarden/web.git web-vault.git && cd web-vault.git &>/dev/null -git checkout v2.25.1 &>/dev/null -git submodule update --init --recursive &>/dev/null -wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.25.0.patch &>/dev/null -git apply v2.25.0.patch &>/dev/null -npm ci --legacy-peer-deps && npm audit fix --legacy-peer-deps || true && npm run dist:oss:selfhost &>/dev/null -cp -a build ../web-vault &>/dev/null +pushd target/release/ +git clone --recurse-submodules https://github.com/bitwarden/web.git web-vault.git && cd web-vault.git +git checkout v2.25.1 +git submodule update --init --recursive +wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.25.0.patch +git apply v2.25.0.patch +npm ci --legacy-peer-deps && npm audit fix --legacy-peer-deps || true && npm run dist:oss:selfhost +cp -a build ../web-vault cd .. -mkdir data &>/dev/null +mkdir data echo -e "${CHECKMARK} \e[1;92m Create Systemd Service... \e[0m" cp ../../.env.template /etc/vaultwarden.env &>/dev/null @@ -144,4 +144,4 @@ systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//') systemctl enable vaultwarden.service &>/dev/null systemctl start vaultwarden.service &>/dev/null echo -e "${CHECKMARK} \e[1;92m Cleanup... \e[0m" -rm -rf /vault_setup.sh /var/{cache,log}/* /var/lib/apt/lists/* +rm -rf /vault_setup.sh /var/{cache,log}/* /var/lib/apt/lists/* \ No newline at end of file From 9e148ffb6432bc97a11103bbab2eaac62c6c7247 Mon Sep 17 00:00:00 2001 From: tteckster Date: Fri, 4 Feb 2022 23:10:12 -0500 Subject: [PATCH 5/7] Update README.md --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index 7852c455..ee35aac6 100644 --- a/README.md +++ b/README.md @@ -770,3 +770,28 @@ bash /etc/webmin/uninstall.sh ___________________________________________________________________________________________ + +
+Vaultwarden LXC + +

+ +

Vaultwarden LXC

+ +To create a new Proxmox Vaultwarden LXC, run the following in the Proxmox web shell. + +``` +bash -c "$(wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/dev/ct/vault_container.sh)" +``` +It builds from source, which takes time and resources. After the installation, resources can be set to Normal Settings. I've left most of the installation process viewable since the rust install needs user input (requires a "enter" key press), and the lengthy time to complete the full installation. +

⚡ Normal Settings: 512Mib RAM - 8GB Storage - 1vCPU ⚡

+ +Be Patient, let the script do it's work. Hopefully, you'll eventually see "Successfully created a Vaultwarden LXC Container" + + + +**Vaultwarden Interface - IP:8000** + +____________________________________________________________________________________________ + +
From 59dca09a24931114f93de3555afcea887f9f1641 Mon Sep 17 00:00:00 2001 From: tteckster Date: Sat, 5 Feb 2022 06:45:47 -0500 Subject: [PATCH 6/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ee35aac6..27a5db4f 100644 --- a/README.md +++ b/README.md @@ -781,7 +781,7 @@ ________________________________________________________________________________ To create a new Proxmox Vaultwarden LXC, run the following in the Proxmox web shell. ``` -bash -c "$(wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/dev/ct/vault_container.sh)" +bash -c "$(wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/main/ct/vault_container.sh)" ``` It builds from source, which takes time and resources. After the installation, resources can be set to Normal Settings. I've left most of the installation process viewable since the rust install needs user input (requires a "enter" key press), and the lengthy time to complete the full installation.

⚡ Normal Settings: 512Mib RAM - 8GB Storage - 1vCPU ⚡

From ec16fd03019c6a34655754fe8d2e414fa33d000d Mon Sep 17 00:00:00 2001 From: tteckster Date: Sat, 5 Feb 2022 06:47:23 -0500 Subject: [PATCH 7/7] Update vault_container.sh --- ct/vault_container.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ct/vault_container.sh b/ct/vault_container.sh index f1f66ca6..f4989e21 100644 --- a/ct/vault_container.sh +++ b/ct/vault_container.sh @@ -73,7 +73,7 @@ function load_module() { TEMP_DIR=$(mktemp -d) pushd $TEMP_DIR >/dev/null -wget -qL https://raw.githubusercontent.com/tteck/Proxmox/dev/setup/vault_setup.sh +wget -qL https://raw.githubusercontent.com/tteck/Proxmox/main/setup/vault_setup.sh load_module overlay @@ -159,4 +159,4 @@ IP=$(pct exec $CTID ip a s dev eth0 | sed -n '/inet / s/\// /p' | awk '{print $2 info "Successfully created a Vaultwarden LXC Container to $CTID" echo -e "\e[1;92m Vaultwarden should be reachable by going to the following URL. http://${IP}:8000 -\e[0m" \ No newline at end of file +\e[0m"