chore: publish 0.3.0+1.26.0 release

.drone.yml

@@ -3,7 +3,7 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    image: decentral1se/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: vaultwarden
@@ -34,7 +34,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - toolshed/auto-recipes-catalogue-json
+        - coop-cloud/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -3,8 +3,6 @@ TYPE=vaultwarden
 DOMAIN=vaultwarden.example.com
 LETS_ENCRYPT_ENV=production
 
-COMPOSE_FILE="compose.yml"
-
 WEBSOCKET_ENABLED=true
 SIGNUPS_ALLOWED=true
 
@@ -15,18 +13,11 @@ LOG_LEVEL=warn
 
 SECRET_ADMIN_TOKEN_VERSION=v1 # length=48
 
-TX="Europe/Berlin"
-
-## DB settings
-#COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
-#SECRET_DB_PASSWORD_VERSION=v1
-#SECRET_DB_ROOT_PASSWORD_VERSION=v1
-
-## SMTP settings
+# SMTP settings
 #COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SECRET_SMTP_PASSWORD_VERSION=v1
-#SMTP_FROM=noreply@example.com
-#SMTP_USERNAME=noreply@example.com
-#SMTP_HOST=mail.example.com
+#SMTP_FROM=
+#SMTP_USERNAME=
+#SMTP_HOST=
 #SMTP_PORT=587
 #SMTP_SECURITY=starttls

README.md

@@ -8,8 +8,8 @@
 * **Status**: 2, beta
 * **Image**: [`vaultwarden/server`](https://hub.docker.com/vaultwarden/server), 4, upstream
 * **Healthcheck**: 3
-* **Backups**: Yes
-* **Email**: Yes
+* **Backups**: No
+* **Email**: No
 * **Tests**: No
 * **SSO**: No
 
@@ -21,8 +21,6 @@
 2. Deploy [`coop-cloud/traefik`]
 3. `abra app new vaultwarden`
 4. `abra app config YOURAPPDOMAIN`
-5. `abra app cmd -l YOURAPPDOMAIN insert_vaultwarden_admin_token` will insert a hashed `admin_token` as password as recommended by vaultwarden. Will echo the admin_token to your cli.
-6. `abra app secret insert YOURAPPDOMAIN smtp_password v1 "super-secret-password"` SMTP config and password needed for user email invites
 5. `abra app deploy YOURAPPDOMAIN`
 
 [`abra`]: https://git.coopcloud.tech/coop-cloud/abra
@@ -30,9 +28,6 @@
 
 ## Tips & Tricks
 
-### Using MariaDB instead of SQLite
-Just comment in the `DB settings` section in your .env
-
 ### Wiring up `fail2ban`
 
 You need the following logging config:

abra.sh

@@ -1,25 +1,6 @@
-export APP_ENTRYPOINT_VERSION=v4
+export APP_ENTRYPOINT_VERSION=v1
 APP_DIR="app:/data"
 
-insert_vaultwarden_admin_token() {
-  if ! command -v argon2 &> /dev/null; then
-    echo "argon2 could not be found, please install it to proceed."
-    exit 1
-  fi
-  PASS=$(openssl rand 64 | openssl enc -A -base64)
-  # -e: output encoded hash, -id: use Argon2id, -k: memory cost, -t: time cost, -p: parallelism
-  HASH=$(echo -n "$PASS" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4)
-
-  if abra app secret insert -C "$APP_NAME" admin_token v1 "$HASH"; then
-    echo "Vaultwarden Admin Token is:"
-    echo "$PASS"
-    echo "TAKE NOTE OF IT NOW, WILL NEVER BE SHOWN AGAIN!"
-  else
-    echo "Failed to insert admin token."
-    exit 1
-  fi
-}
-
 _backup_app() {
   # Copied _abra_backup_dir to make UX better on restore and backup
   {

compose.mariadb.yml

@@ -1,51 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    environment:
-    # DATABASE_URL with secret db_password is being set by entrypoint.sh.tmpl
-    - MYSQL_HOST=db
-    - MYSQL_DATABASE=vaultwarden
-    - MYSQL_USER=vaultwarden
-    - MYSQL_PASSWORD_FILE=/run/secrets/db_password
-    secrets:
-      - db_password
-
-  db:
-    image: "mariadb:10.6" # or "mysql"
-    environment:
-      - MYSQL_DATABASE=vaultwarden
-      - MYSQL_USER=vaultwarden
-      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
-      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
-      - MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-100}#
-    secrets:
-      - db_root_password
-      - db_password
-    volumes:
-      - "mariadb:/var/lib/mysql"
-    networks:
-      - internal
-    deploy:
-      labels:
-        backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" $${MYSQL_DATABASE} > /var/lib/mysql/backup.sql'
-        backupbot.backup.volumes.mariadb.path: "backup.sql"
-        backupbot.restore.post-hook: 'mysql -u root -p"$$(cat /run/secrets/db_root_password)" $${MYSQL_DATABASE} < /var/lib/mysql/backup.sql'
-    healthcheck:
-      test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)"  ping']
-      interval: 5s
-      timeout: 10s
-      retries: 0
-      start_period: 1m
-
-secrets:
-  db_root_password:
-    external: true
-    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
-  db_password:
-    external: true
-    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
-
-volumes:
-  mariadb:

compose.smtp.yml

@@ -1,17 +1,17 @@
 ---
 version: "3.8"
-
+  
 services:
   app:
+    environment:
+      - SMTP_FROM
+      - SMTP_HOST
+      - SMTP_PORT
+      - SMTP_SECURITY
+      - SMTP_USERNAME
+      - SMTP_PASSWORD_FILE=/run/secrets/smtp_password
     secrets:
       - smtp_password
-    environment:
-      - "SMTP_PASSWORD_FILE=/run/secrets/smtp_password"
-      - "SMTP_FROM"
-      - "SMTP_USERNAME"
-      - "SMTP_HOST"
-      - "SMTP_PORT"
-      - "SMTP_SECURITY"
 
 secrets:
   smtp_password:

compose.yml

@@ -3,10 +3,9 @@ version: "3.8"
 
 services:
   app:
-    image: vaultwarden/server:1.33.2
+    image: vaultwarden/server:1.26.0
     networks:
       - proxy
-      - internal
     environment:
       - "DOMAIN=https://$DOMAIN"
       - "WEBSOCKET_ENABLED=$WEBSOCKET_ENABLED"
@@ -16,13 +15,11 @@ services:
       - "EXTENDED_LOGGING=$EXTENDED_LOGGING"
       - "LOG_FILE=$LOG_FILE"
       - "LOG_LEVEL=$LOG_LEVEL"
-      - "TX=${TX:-Europe/Berlin}"
     configs:
       - source: app_entrypoint
         target: /docker-entrypoint.sh
         mode: 0555
     entrypoint: /docker-entrypoint.sh
-    # entrypoint: ['tail', '-f', '/dev/null']
     command: /start.sh
     secrets:
       - admin_token
@@ -42,9 +39,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=1.1.0+1.33.2"
-        - "backupbot.backup=true"
-        - "backupbot.backup.path=/data"
+        - "coop-cloud.${STACK_NAME}.version=0.3.0+1.26.0"
 
 volumes:
   vaultwarden_data:
@@ -52,7 +47,6 @@ volumes:
 networks:
   proxy:
     external: true
-  internal:
 
 configs:
   app_entrypoint:

entrypoint.sh.tmpl

@@ -1,24 +1,6 @@
 #!/bin/bash
 
 set -e
-umask 027
-
-# set DATABASE_URL with db_password
-set_db_url() {
-   if test -f "/var/run/secrets/db_password"; then
-      pwd=`cat /var/run/secrets/db_password`
-      if [ -z $pwd ]; then
-         echo >&2 "error: /var/run/secrets/db_password is empty"
-         exit 1
-      fi
-      echo "entrypoint.sh setting DATABASE_URL"
-      export "DATABASE_URL"="mysql://vaultwarden:${pwd}@db/vaultwarden"
-      unset "pwd"
-   else
-      echo >&2 "error: /var/run/secrets/db_password does not exist"
-      exit 1
-   fi
-}
 
 file_env() {
    local var="$1"
@@ -42,15 +24,7 @@ file_env() {
    unset "$fileVar"
 }
 
-if [ -n "${MYSQL_HOST}" ]; then
-   set_db_url
-fi
-
 file_env "ADMIN_TOKEN"
-file_env "SMTP_PASSWORD"
-
-# remove world permissions on data
-chmod -R o= /data
 
 # upstream startup command
 # https://github.com/dani-garcia/vaultwarden/blob/60ed5ff99d15dec0b82c85987f9a3e244b8bde91/docker/Dockerfile.j2#L254

release/1.0.0+1.32.3

@@ -1 +0,0 @@
-ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.

release/1.0.1+1.32.5

@@ -1 +0,0 @@
-ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.

release/1.0.2+1.32.5

@@ -1 +0,0 @@
-ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.

release/1.0.3+1.32.5

@@ -1 +0,0 @@
-ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.

release/1.0.4+1.32.7

@@ -1 +0,0 @@
-bugfix release for missing increase of entrypoint version for the last 4 releases. Also upgraded vaultwarden bugfix release.