getting this thing ship/shape
This commit is contained in:
parent
69921225ae
commit
7a90ea495a
|
@ -1,7 +1,9 @@
|
|||
TYPE=vaultwarden
|
||||
|
||||
DOMAIN=vaultwarden.example.com
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.vaultwarden.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
WEBSOCKET_ENABLED=true
|
||||
SIGNUPS_ALLOWED=true
|
||||
|
||||
SECRET_ADMIN_TOKEN_VERSION=v1 # length=48
|
||||
|
|
25
README.md
25
README.md
|
@ -1,30 +1,27 @@
|
|||
# vaultwarden
|
||||
|
||||
TODO
|
||||
> Open source password manager
|
||||
|
||||
<!-- metadata -->
|
||||
|
||||
* **Category**: Apps
|
||||
* **Status**:
|
||||
* **Image**:
|
||||
* **Healthcheck**:
|
||||
* **Backups**:
|
||||
* **Email**:
|
||||
* **Tests**:
|
||||
* **SSO**:
|
||||
* **Status**: 2, beta
|
||||
* **Image**: `vaultwarden/server`, 4, upstream
|
||||
* **Healthcheck**: 3
|
||||
* **Backups**: No
|
||||
* **Email**: No
|
||||
* **Tests**: No
|
||||
* **SSO**: No
|
||||
|
||||
<!-- endmetadata -->
|
||||
|
||||
## Basic usage
|
||||
## Quick start
|
||||
|
||||
1. Set up Docker Swarm and [`abra`]
|
||||
2. Deploy [`coop-cloud/traefik`]
|
||||
3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like
|
||||
to save secrets in `pass`)
|
||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
3. `abra app new vaultwarden`
|
||||
4. `abra app YOURAPPDOMAIN config`
|
||||
5. `abra app YOURAPPDOMAIN deploy`
|
||||
6. Open the configured domain in your browser to finish set-up
|
||||
|
||||
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
|
||||
[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
|
||||
|
|
43
compose.yml
43
compose.yml
|
@ -8,32 +8,34 @@ services:
|
|||
- proxy
|
||||
environment:
|
||||
- "DOMAIN=https://$DOMAIN"
|
||||
- "WEBSOCKET_ENABLED=true"
|
||||
- "ADMIN_TOKEN=test"
|
||||
# - SIGNUPS_ALLOWED: $$cap_register_enabled
|
||||
# - ADMIN_TOKEN: $$cap_admin_token
|
||||
- "WEBSOCKET_ENABLED=$WEBSOCKET_ENABLED"
|
||||
- "SIGNUPS_ALLOWED=$SIGNUPS_ALLOWED"
|
||||
- "ADMIN_TOKEN_FILE=/run/secrets/admin_token"
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
command: /start.sh
|
||||
secrets:
|
||||
- admin_token
|
||||
volumes:
|
||||
- vaultwarden_data:/data
|
||||
healthcheck:
|
||||
test: curl -f http://localhost/alive || exit 1
|
||||
interval: 5s
|
||||
timeout: 3s
|
||||
retries: 10
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.1.0+1.25.0"
|
||||
## Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
# healthcheck:
|
||||
# test: ["CMD", "curl", "-f", "http://localhost"]
|
||||
# interval: 30s
|
||||
# timeout: 10s
|
||||
# retries: 10
|
||||
# start_period: 1m
|
||||
|
||||
volumes:
|
||||
vaultwarden_data:
|
||||
|
@ -41,3 +43,14 @@ volumes:
|
|||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
configs:
|
||||
app_entrypoint:
|
||||
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
|
||||
secrets:
|
||||
admin_token:
|
||||
external: true
|
||||
name: ${STACK_NAME}_admin_token_${SECRET_ADMIN_TOKEN_VERSION}
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_env "ADMIN_TOKEN"
|
||||
|
||||
# upstream startup command
|
||||
# https://github.com/dani-garcia/vaultwarden/blob/60ed5ff99d15dec0b82c85987f9a3e244b8bde91/docker/Dockerfile.j2#L254
|
||||
/start.sh
|
Loading…
Reference in New Issue