getting this thing ship/shape
This commit is contained in:
parent
69921225ae
commit
7a90ea495a
|
@ -1,7 +1,9 @@
|
||||||
TYPE=vaultwarden
|
TYPE=vaultwarden
|
||||||
|
|
||||||
DOMAIN=vaultwarden.example.com
|
DOMAIN=vaultwarden.example.com
|
||||||
|
|
||||||
## Domain aliases
|
|
||||||
#EXTRA_DOMAINS=', `www.vaultwarden.example.com`'
|
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
WEBSOCKET_ENABLED=true
|
||||||
|
SIGNUPS_ALLOWED=true
|
||||||
|
|
||||||
|
SECRET_ADMIN_TOKEN_VERSION=v1 # length=48
|
||||||
|
|
25
README.md
25
README.md
|
@ -1,30 +1,27 @@
|
||||||
# vaultwarden
|
# vaultwarden
|
||||||
|
|
||||||
TODO
|
> Open source password manager
|
||||||
|
|
||||||
<!-- metadata -->
|
<!-- metadata -->
|
||||||
|
|
||||||
* **Category**: Apps
|
* **Category**: Apps
|
||||||
* **Status**:
|
* **Status**: 2, beta
|
||||||
* **Image**:
|
* **Image**: `vaultwarden/server`, 4, upstream
|
||||||
* **Healthcheck**:
|
* **Healthcheck**: 3
|
||||||
* **Backups**:
|
* **Backups**: No
|
||||||
* **Email**:
|
* **Email**: No
|
||||||
* **Tests**:
|
* **Tests**: No
|
||||||
* **SSO**:
|
* **SSO**: No
|
||||||
|
|
||||||
<!-- endmetadata -->
|
<!-- endmetadata -->
|
||||||
|
|
||||||
## Basic usage
|
## Quick start
|
||||||
|
|
||||||
1. Set up Docker Swarm and [`abra`]
|
1. Set up Docker Swarm and [`abra`]
|
||||||
2. Deploy [`coop-cloud/traefik`]
|
2. Deploy [`coop-cloud/traefik`]
|
||||||
3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like
|
3. `abra app new vaultwarden`
|
||||||
to save secrets in `pass`)
|
4. `abra app YOURAPPDOMAIN config`
|
||||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
|
||||||
your Docker swarm box
|
|
||||||
5. `abra app YOURAPPDOMAIN deploy`
|
5. `abra app YOURAPPDOMAIN deploy`
|
||||||
6. Open the configured domain in your browser to finish set-up
|
|
||||||
|
|
||||||
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
|
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
|
||||||
[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
|
[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
|
||||||
|
|
43
compose.yml
43
compose.yml
|
@ -8,32 +8,34 @@ services:
|
||||||
- proxy
|
- proxy
|
||||||
environment:
|
environment:
|
||||||
- "DOMAIN=https://$DOMAIN"
|
- "DOMAIN=https://$DOMAIN"
|
||||||
- "WEBSOCKET_ENABLED=true"
|
- "WEBSOCKET_ENABLED=$WEBSOCKET_ENABLED"
|
||||||
- "ADMIN_TOKEN=test"
|
- "SIGNUPS_ALLOWED=$SIGNUPS_ALLOWED"
|
||||||
# - SIGNUPS_ALLOWED: $$cap_register_enabled
|
- "ADMIN_TOKEN_FILE=/run/secrets/admin_token"
|
||||||
# - ADMIN_TOKEN: $$cap_admin_token
|
configs:
|
||||||
|
- source: app_entrypoint
|
||||||
|
target: /docker-entrypoint.sh
|
||||||
|
mode: 0555
|
||||||
|
entrypoint: /docker-entrypoint.sh
|
||||||
|
command: /start.sh
|
||||||
|
secrets:
|
||||||
|
- admin_token
|
||||||
volumes:
|
volumes:
|
||||||
- vaultwarden_data:/data
|
- vaultwarden_data:/data
|
||||||
|
healthcheck:
|
||||||
|
test: curl -f http://localhost/alive || exit 1
|
||||||
|
interval: 5s
|
||||||
|
timeout: 3s
|
||||||
|
retries: 10
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy:
|
restart_policy:
|
||||||
condition: on-failure
|
condition: on-failure
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=0.1.0+1.25.0"
|
- "coop-cloud.${STACK_NAME}.version=0.1.0+1.25.0"
|
||||||
## Redirect from EXTRA_DOMAINS to DOMAIN
|
|
||||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
|
||||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
|
||||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
|
||||||
# healthcheck:
|
|
||||||
# test: ["CMD", "curl", "-f", "http://localhost"]
|
|
||||||
# interval: 30s
|
|
||||||
# timeout: 10s
|
|
||||||
# retries: 10
|
|
||||||
# start_period: 1m
|
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
vaultwarden_data:
|
vaultwarden_data:
|
||||||
|
@ -41,3 +43,14 @@ volumes:
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
|
|
||||||
|
configs:
|
||||||
|
app_entrypoint:
|
||||||
|
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
||||||
|
file: entrypoint.sh.tmpl
|
||||||
|
template_driver: golang
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
admin_token:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_admin_token_${SECRET_ADMIN_TOKEN_VERSION}
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
file_env() {
|
||||||
|
local var="$1"
|
||||||
|
local fileVar="${var}_FILE"
|
||||||
|
local def="${2:-}"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local val="$def"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ]; then
|
||||||
|
val="${!var}"
|
||||||
|
elif [ "${!fileVar:-}" ]; then
|
||||||
|
val="$(< "${!fileVar}")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
export "$var"="$val"
|
||||||
|
unset "$fileVar"
|
||||||
|
}
|
||||||
|
|
||||||
|
file_env "ADMIN_TOKEN"
|
||||||
|
|
||||||
|
# upstream startup command
|
||||||
|
# https://github.com/dani-garcia/vaultwarden/blob/60ed5ff99d15dec0b82c85987f9a3e244b8bde91/docker/Dockerfile.j2#L254
|
||||||
|
/start.sh
|
Loading…
Reference in New Issue