chore: publish 2.1.3+1.35.4 release

Reviewed-on: #21
Reviewed-by: fauno <fauno@sutty.coop.ar>

.env.sample

@@ -25,8 +25,12 @@ TX="Europe/Berlin"
 ## SMTP settings
 #COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SECRET_SMTP_PASSWORD_VERSION=v1
+#SMTP_ENABLED=1
 #SMTP_FROM=noreply@example.com
 #SMTP_USERNAME=noreply@example.com
 #SMTP_HOST=mail.example.com
 #SMTP_PORT=587
 #SMTP_SECURITY=starttls
+# If SMTP isn't working, enable this line to debug
+#  remember to disable it after debugging
+#SMTP_DEBUG=true

.gitea/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+---
+name: "Vaultwarden pull request template"
+about: "Vaultwarden pull request template"
+---
+
+<!-- 
+Thank you for doing recipe maintenance work!
+Please mark all checklist items which are relevant for your changes.
+Please remove the checklist items which are not relevant for your changes.
+Feel free to remove this comment.
+-->
+
+* [ ] I have deployed and tested my changes
+* [ ] I have [updated relevant versions in `abra.sh`](https://docs.coopcloud.tech/maintainers/upgrade/#updating-versions-in-the-abrash)
+* [ ] I have made my environment variable changes [backwards compatible](https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes)
+* [ ] I have added a [release note entry](https://docs.coopcloud.tech/maintainers/upgrade/#creating-new-release-notes)

MAINTENANCE.md

@@ -0,0 +1,32 @@
+# Vaultwarden Recipe Maintenance
+
+All contributions should be made via a pull request. This is to ensure a
+certain quality and consistency, that others can rely on.
+
+## Maintainer Responsibilities
+
+A recipe maintainer has the following responsibilities:
+
+- Respond to pull requests / issues within a week
+- Make image security updates within a day
+- Make image patch / minor updates within a week
+- Make image major updates within a month
+
+In order to fullfill these responsibilities a recipe maintainer:
+
+- Has to watch the repository (to get notifications)
+- Needs to make sure renovate is configured properly
+
+## Pull Requests
+
+A pull request can be merged if it is approved by at least one maintainer. For
+pull requests opened by a maintainer they need to be approved by another
+maintainer. Even though it is okay to merge a pull request with one approval, it
+is always better if all maintainers looked at the pull request and approved it.
+
+## Become a maintainer
+
+Everyone can apply to be a recipe maintainer:
+1. Watch the repository to always get updates
+2. Simply add your self to the list in the [README.md](./README.md) and open a new pull request with the change.
+3. Once the pull request gets merged you will be added to the [vaultwarden maintainers team](https://git.coopcloud.tech/org/coop-cloud/teams/vw-maintainers).

README.md

@@ -3,7 +3,7 @@
 > Open source password manager
 
 <!-- metadata -->
-
+* **Maintainer**: [@fauno](https://git.coopcloud.tech/fauno), [@ammaratef45](https://git.coopcloud.tech/ammaratef45)
 * **Category**: Apps
 * **Status**: 2, beta
 * **Image**: [`vaultwarden/server`](https://hub.docker.com/vaultwarden/server), 4, upstream

abra.sh

@@ -3,7 +3,9 @@ APP_DIR="app:/data"
 
 insert_vaultwarden_admin_token() {
   if ! command -v argon2 &> /dev/null; then
-    echo "argon2 could not be found, please install it to proceed."
+    echo "argon2 is required on your local machine to hash the admin token."
+    echo "It could not be found in your PATH, please install argon2 to proceed."
+    echo "For example: On a debian/ubuntu system, run `apt install argon2`"
     exit 1
   fi
   PASS=$(openssl rand 64 | openssl enc -A -base64)

compose.mariadb.yml

@@ -13,7 +13,7 @@ services:
       - db_password
 
   db:
-    image: "mariadb:10.6" # or "mysql"
+    image: "mariadb:10.11" # or "mysql"
     environment:
       - MYSQL_DATABASE=vaultwarden
       - MYSQL_USER=vaultwarden
@@ -34,9 +34,9 @@ services:
         backupbot.restore.post-hook: 'mysql -u root -p"$$(cat /run/secrets/db_root_password)" $${MYSQL_DATABASE} < /var/lib/mysql/backup.sql'
     healthcheck:
       test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)"  ping']
-      interval: 5s
+      interval: 30s
       timeout: 10s
-      retries: 0
+      retries: 30
       start_period: 1m
 
 secrets:

compose.smtp.yml

@@ -6,12 +6,14 @@ services:
     secrets:
       - smtp_password
     environment:
+      - "SMTP_ENABLED"
       - "SMTP_PASSWORD_FILE=/run/secrets/smtp_password"
       - "SMTP_FROM"
       - "SMTP_USERNAME"
       - "SMTP_HOST"
       - "SMTP_PORT"
       - "SMTP_SECURITY"
+      - "SMTP_DEBUG"
 
 secrets:
   smtp_password:

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: vaultwarden/server:1.33.2
+    image: vaultwarden/server:1.35.4
     networks:
       - proxy
       - internal
@@ -30,9 +30,10 @@ services:
       - vaultwarden_data:/data
     healthcheck:
       test: curl -f http://localhost/alive || exit 1
-      interval: 5s
-      timeout: 3s
-      retries: 10
+      interval: 30s
+      timeout: 10s
+      retries: 30
+      start_period: 1m
     deploy:
       restart_policy:
         condition: on-failure
@@ -42,7 +43,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=1.1.0+1.33.2"
+        - "coop-cloud.${STACK_NAME}.version=2.1.3+1.35.4"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/data"
 

entrypoint.sh.tmpl

@@ -47,7 +47,10 @@ if [ -n "${MYSQL_HOST}" ]; then
 fi
 
 file_env "ADMIN_TOKEN"
+
+{{ if eq (env "SMTP_ENABLED") "1" }}
 file_env "SMTP_PASSWORD"
+{{ end }}
 
 # remove world permissions on data
 chmod -R o= /data

release/2.0.0+1.33.2

@@ -0,0 +1,15 @@
+=== SMTP SETTINGS ===
+This release contains a *breaking change* if you use SMTP with vaultwarden.
+
+See https://git.coopcloud.tech/coop-cloud/vaultwarden/pulls/9 for more.
+
+TLDR; Please add `SMTP_ENABLED=1` to your .env to continue using SMTP.
+
+=== PERMISSIONS ===
+
+Previously, the data directory including the main private key had read
+permissions enabled for all host users. This release fixes that. Please review
+your Vaultwarden keys if other users on your Co-op Cloud host may have had
+access to these files.
+
+See https://git.coopcloud.tech/coop-cloud/vaultwarden/pulls/7 for more.

release/2.0.1+1.35.2

@@ -0,0 +1 @@
+Allows support for 2026.1+ clients.

renovate.json

@@ -0,0 +1,10 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ],
+  "reviewers": [
+    "team:vw-maintainers"
+  ]
+
+}