2025-12-11 11:04:05 +00:00
|
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
|
|
|
|
#############################
|
|
|
|
|
|
# CONFIG
|
|
|
|
|
|
#############################
|
|
|
|
|
|
|
|
|
|
|
|
BASE_DIR="${HOME}/Docker/Vaultwarden"
|
|
|
|
|
|
DOMAIN_DEFAULT="https://vaultwarden.rozic-dev.com"
|
|
|
|
|
|
TZ_DEFAULT="Europe/Ljubljana"
|
|
|
|
|
|
|
|
|
|
|
|
#############################
|
|
|
|
|
|
# FUNCTIONS
|
|
|
|
|
|
#############################
|
|
|
|
|
|
|
|
|
|
|
|
choose_docker_compose_cmd() {
|
|
|
|
|
|
if command -v docker &>/dev/null && docker compose version &>/dev/null; then
|
|
|
|
|
|
echo "docker compose"
|
|
|
|
|
|
elif command -v docker-compose &>/dev/null; then
|
|
|
|
|
|
echo "docker-compose"
|
|
|
|
|
|
else
|
|
|
|
|
|
echo "Error: docker compose or docker-compose not found in PATH." >&2
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
generate_admin_token() {
|
|
|
|
|
|
if command -v openssl &>/dev/null; then
|
|
|
|
|
|
openssl rand -hex 32
|
|
|
|
|
|
else
|
|
|
|
|
|
# Fallback if openssl isn’t available
|
|
|
|
|
|
tr -dc 'A-Za-z0-9' </dev/urandom | head -c 64
|
|
|
|
|
|
fi
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#############################
|
|
|
|
|
|
# MAIN
|
|
|
|
|
|
#############################
|
|
|
|
|
|
|
|
|
|
|
|
echo ">>> Creating Vaultwarden directory at: ${BASE_DIR}"
|
|
|
|
|
|
mkdir -p "${BASE_DIR}"
|
|
|
|
|
|
cd "${BASE_DIR}"
|
|
|
|
|
|
|
|
|
|
|
|
#############################
|
|
|
|
|
|
# .env FILE
|
|
|
|
|
|
#############################
|
|
|
|
|
|
|
|
|
|
|
|
if [[ -f .env ]]; then
|
|
|
|
|
|
echo ">>> .env already exists, reusing existing values."
|
|
|
|
|
|
# shellcheck disable=SC1091
|
|
|
|
|
|
source .env
|
|
|
|
|
|
: "${ADMIN_TOKEN:?ADMIN_TOKEN must be set in .env}"
|
|
|
|
|
|
: "${DOMAIN:?DOMAIN must be set in .env}"
|
|
|
|
|
|
: "${TZ:?TZ must be set in .env}"
|
|
|
|
|
|
else
|
|
|
|
|
|
echo ">>> Creating .env file..."
|
|
|
|
|
|
|
|
|
|
|
|
ADMIN_TOKEN=$(generate_admin_token)
|
|
|
|
|
|
DOMAIN="${DOMAIN_DEFAULT}"
|
|
|
|
|
|
TZ="${TZ_DEFAULT}"
|
|
|
|
|
|
|
|
|
|
|
|
cat > .env <<EOF
|
|
|
|
|
|
ADMIN_TOKEN=${ADMIN_TOKEN}
|
|
|
|
|
|
DOMAIN=${DOMAIN}
|
|
|
|
|
|
TZ=${TZ}
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
|
|
echo ">>> .env created."
|
|
|
|
|
|
echo " ADMIN_TOKEN (keep this secret!): ${ADMIN_TOKEN}"
|
|
|
|
|
|
echo " DOMAIN: ${DOMAIN}"
|
|
|
|
|
|
echo " TZ: ${TZ}"
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
#############################
|
|
|
|
|
|
# docker-compose.yml
|
|
|
|
|
|
#############################
|
|
|
|
|
|
|
|
|
|
|
|
echo ">>> Writing docker-compose.yml..."
|
|
|
|
|
|
|
|
|
|
|
|
cat > docker-compose.yml <<'EOF'
|
2025-12-11 11:03:34 +00:00
|
|
|
|
version: "3.9"
|
|
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
|
vaultwarden:
|
|
|
|
|
|
image: vaultwarden/server:latest
|
|
|
|
|
|
container_name: vaultwarden
|
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
|
environment:
|
|
|
|
|
|
# Base configuration
|
|
|
|
|
|
- DOMAIN=${DOMAIN}
|
|
|
|
|
|
- TZ=${TZ}
|
|
|
|
|
|
- WEBSOCKET_ENABLED=true
|
|
|
|
|
|
|
|
|
|
|
|
# Security
|
|
|
|
|
|
- SIGNUPS_ALLOWED=false
|
|
|
|
|
|
- ADMIN_TOKEN=${ADMIN_TOKEN}
|
|
|
|
|
|
|
|
|
|
|
|
# Logging (optional)
|
|
|
|
|
|
- LOG_FILE=/data/vaultwarden.log
|
|
|
|
|
|
- LOG_LEVEL=info
|
|
|
|
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
- ./vw-data:/data
|
|
|
|
|
|
|
|
|
|
|
|
networks:
|
|
|
|
|
|
- traefik_default
|
|
|
|
|
|
|
|
|
|
|
|
labels:
|
|
|
|
|
|
- "traefik.enable=true"
|
|
|
|
|
|
|
|
|
|
|
|
# MAIN HTTP(S) APP
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.rozic-dev.com`)"
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden.entrypoints=web,websecure"
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden.middlewares=redirect-to-https"
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden.tls=true"
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
|
|
|
|
|
|
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
|
|
|
|
|
|
|
|
|
|
|
|
# WEBSOCKET FOR LIVE UPDATES
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden-ws.rule=Host(`vaultwarden.rozic-dev.com`) && Path(`/notifications/hub`)"
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden-ws.entrypoints=web,websecure"
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden-ws.middlewares=redirect-to-https"
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden-ws.tls=true"
|
|
|
|
|
|
- "traefik.http.routers.vaultwarden-ws.tls.certresolver=letsencrypt"
|
|
|
|
|
|
- "traefik.http.services.vaultwarden-ws.loadbalancer.server.port=3012"
|
|
|
|
|
|
|
|
|
|
|
|
networks:
|
|
|
|
|
|
traefik_default:
|
|
|
|
|
|
external: true
|
2025-12-11 11:04:05 +00:00
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
|
|
echo ">>> docker-compose.yml created."
|
|
|
|
|
|
|
|
|
|
|
|
#############################
|
|
|
|
|
|
# START CONTAINER
|
|
|
|
|
|
#############################
|
|
|
|
|
|
|
|
|
|
|
|
DC_CMD=$(choose_docker_compose_cmd)
|
|
|
|
|
|
echo ">>> Using Docker command: ${DC_CMD}"
|
|
|
|
|
|
|
|
|
|
|
|
echo ">>> Pulling images..."
|
|
|
|
|
|
${DC_CMD} pull
|
|
|
|
|
|
|
|
|
|
|
|
echo ">>> Starting Vaultwarden..."
|
|
|
|
|
|
${DC_CMD} up -d
|
|
|
|
|
|
|
|
|
|
|
|
echo ">>> Done!"
|
|
|
|
|
|
echo "Vaultwarden should be available at: ${DOMAIN}"
|
|
|
|
|
|
echo "Admin interface: ${DOMAIN}/admin"
|
|
|
|
|
|
echo "Admin token (from .env): ${ADMIN_TOKEN}"
|
|
|
|
|
|
echo "Don't forget to backup ${BASE_DIR}/vw-data and ${BASE_DIR}/.env regularly."
|
