diff --git a/README.md b/README.md index 578388c0d..dba4e5b94 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,10 @@ A fork of Sonarr to work with movies like Couchpotato - Forked from : https://github.com/petersendev/hassio-addons - Modifications : add smb and local disks mount [(@dianlight)](https://github.com/dianlight) -### [Adguard beta](adguard/) -Updated version of the community addon adguard +### [Bitwarden](bitwarden/) +Open source password management solution +- Forked from : https://github.com/hassio-addons/addon-bitwarden +- Modifications : updated version [//]: # (ADDONLIST_END) diff --git a/bitwarden/.README.j2 b/bitwarden/.README.j2 new file mode 100644 index 000000000..8e7bcc397 --- /dev/null +++ b/bitwarden/.README.j2 @@ -0,0 +1,85 @@ +# Home Assistant Community Add-on: Bitwarden RS + +[![Release][release-shield]][release] ![Project Stage][project-stage-shield] ![Project Maintenance][maintenance-shield] + +[![Discord][discord-shield]][discord] [![Community Forum][forum-shield]][forum] + +[![Sponsor Frenck via GitHub Sponsors][github-sponsors-shield]][github-sponsors] + +[![Support Frenck on Patreon][patreon-shield]][patreon] + +Open source password management solution. + +## About + +Bitwarden is an open-source password manager that can store sensitive +information such as website credentials in an encrypted vault. + +The Bitwarden platform offers a variety of client applications including +a web interface, desktop applications, browser extensions and mobile apps. + +This add-on is based upon the lightweight and opensource +[Bitwarden RS][bitwarden-rs] implementation, allowing you to self-host +this amazing password manager. + +Password theft is a serious problem. The websites and apps that you use are +under attack every day. Security breaches occur and your passwords are stolen. +When you reuse the same passwords everywhere hackers can easily access your +email, bank, and other important accounts. USE A PASSWORD MANAGER! + +![Bitwarden Preview][screenshot] + +{% if channel == "edge" %} +## WARNING! THIS IS AN EDGE VERSION! + +This Home Assistant Add-ons repository contains edge builds of add-ons. +Edge builds add-ons are based upon the latest development version. + +- They may not work at all. +- They might stop working at any time. +- They could have a negative impact on your system. + +This repository was created for: + +- Anybody willing to test. +- Anybody interested in trying out upcoming add-ons or add-on features. +- Developers. + +If you are more interested in stable releases of our add-ons: + + + +{% endif %} +{% if channel == "beta" %} +## WARNING! THIS IS A BETA VERSION! + +This Home Assistant Add-ons repository contains beta releases of add-ons. + +- They might stop working at any time. +- They could have a negative impact on your system. + +This repository was created for: + +- Anybody willing to test. +- Anybody interested in trying out upcoming add-ons or add-on features. + +If you are more interested in stable releases of our add-ons: + + + +{% endif %} +[bitwarden-rs]: https://github.com/dani-garcia/bitwarden_rs +[discord-shield]: https://img.shields.io/discord/478094546522079232.svg +[discord]: https://discord.me/hassioaddons +[forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg +[forum]: https://community.home-assistant.io/t/home-assistant-community-add-on-bitwarden-rs/115573?u=frenck +[github-sponsors-shield]: https://frenck.dev/wp-content/uploads/2019/12/github_sponsor.png +[github-sponsors]: https://github.com/sponsors/frenck +[maintenance-shield]: https://img.shields.io/maintenance/yes/2020.svg +[patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png +[patreon]: https://www.patreon.com/frenck +[project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg +[release-shield]: https://img.shields.io/badge/version-{{ version }}-blue.svg +[release]: {{ repo }}/tree/{{ version }} +[screenshot]: {{ repo }}/raw/master/images/screenshot.png + diff --git a/bitwarden/DOCS.md b/bitwarden/DOCS.md new file mode 100644 index 000000000..9ba05a045 --- /dev/null +++ b/bitwarden/DOCS.md @@ -0,0 +1,179 @@ +# Home Assistant Community Add-on: Bitwarden RS + +Bitwarden is an open-source password manager that can store sensitive +information such as website credentials in an encrypted vault. + +The Bitwarden platform offers a variety of client applications including +a web interface, desktop applications, browser extensions and mobile apps. + +This add-on is based upon the lightweight and opensource +[Bitwarden RS][bitwarden-rs] implementation, allowing you to self-host +this amazing password manager. + +Password theft is a serious problem. The websites and apps that you use are +under attack every day. Security breaches occur and your passwords are stolen. +When you reuse the same passwords everywhere hackers can easily access your +email, bank, and other important accounts. USE A PASSWORD MANAGER! + +## Installation + +The installation of this add-on is pretty straightforward and not different in +comparison to installing any other Home Assistant add-on. + +1. Search for the "Bitwarden RS" add-on in the Supervisor add-on store and + install it. +1. Start the "Bitwarden RS" add-on. +1. Check the logs of the "Bitwarden RS" add-on to see if everything went + well and to get the admin token/password. +1. Click the "OPEN WEB UI" button to open Bitwarden RS. +1. Add `/admin` to the URL to access the admin panel, e.g., + `http://hassio.local:7277/admin`. Log in using the admin token you got + in step 3. +1. The admin/token in the logs is only shown until it is saved or changed. + Hit save in the admin panel to use the randomly generated password or + change it to one of your choosing. +1. Be sure to store your admin token somewhere safe. + +## Configuration + +**Note**: _Remember to restart the add-on when the configuration is changed._ + +Example add-on configuration: + +```yaml +log_level: info +ssl: false +certfile: fullchain.pem +keyfile: privkey.pem +request_size_limit: 10485760 +``` + +**Note**: _This is just an example, don't copy and paste it! Create your own!_ + +### Option: `log_level` + +The `log_level` option controls the level of log output by the addon and can +be changed to be more or less verbose, which might be useful when you are +dealing with an unknown issue. Possible values are: + +- `trace`: Show every detail, like all called internal functions. +- `debug`: Shows detailed debug information. +- `info`: Normal (usually) interesting events. +- `warning`: Exceptional occurrences that are not errors. +- `error`: Runtime errors that do not require immediate action. +- `fatal`: Something went terribly wrong. Add-on becomes unusable. + +Please note that each level automatically includes log messages from a +more severe level, e.g., `debug` also shows `info` messages. By default, +the `log_level` is set to `info`, which is the recommended setting unless +you are troubleshooting. + +### Option: `ssl` + +Enables/Disables SSL (HTTPS). Set it `true` to enable it, `false` otherwise. + +**Note**: _The SSL settings only apply to direct access and has no effect +on the Ingress service._ + +### Option: `certfile` + +The certificate file to use for SSL. + +**Note**: _The file MUST be stored in `/ssl/`, which is the default_ + +### Option: `keyfile` + +The private key file to use for SSL. + +**Note**: _The file MUST be stored in `/ssl/`, which is the default_ + +### Option: `request_size_limit` + +By default the API calls are limited to 10MB. This should be sufficient for +most cases, however if you want to support large imports, this might be +limiting you. On the other hand you might want to limit the request size to +something smaller than that to prevent API abuse and possible DOS attack, +especially if running with limited resources. + +To set the limit, you can use this setting: 10MB would be `10485760`. + +## Known issues and limitations + +- This add-on cannot support Ingress at this time due to technical limitations + of the Bitwarden Vault web interface. +- Some web browsers, like Chrome, disallow the use of Web Crypto APIs in + insecure contexts. In this case, you might get an error like + `Cannot read property 'importKey'`. To solve this problem, you need to enable + SSL and access the web interface using HTTPS. + +## Changelog & Releases + +This repository keeps a change log using [GitHub's releases][releases] +functionality. The format of the log is based on +[Keep a Changelog][keepchangelog]. + +Releases are based on [Semantic Versioning][semver], and use the format +of ``MAJOR.MINOR.PATCH``. In a nutshell, the version will be incremented +based on the following: + +- ``MAJOR``: Incompatible or major changes. +- ``MINOR``: Backwards-compatible new features and enhancements. +- ``PATCH``: Backwards-compatible bugfixes and package updates. + +## Support + +Got questions? + +You have several options to get them answered: + +- The [Home Assistant Community Add-ons Discord chat server][discord] for add-on + support and feature requests. +- The [Home Assistant Discord chat server][discord-ha] for general Home + Assistant discussions and questions. +- The Home Assistant [Community Forum][forum]. +- Join the [Reddit subreddit][reddit] in [/r/homeassistant][reddit] + +You could also [open an issue here][issue] GitHub. + +## Authors & contributors + +The original setup of this repository is by [Franck Nijhof][frenck]. + +For a full list of all authors and contributors, +check [the contributor's page][contributors]. + +## License + +MIT License + +Copyright (c) 2019-2020 Franck Nijhof + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +[bitwarden-rs]: https://github.com/dani-garcia/bitwarden_rs +[contributors]: https://github.com/hassio-addons/addon-bitwarden/graphs/contributors +[discord-ha]: https://discord.gg/c5DvZ4e +[discord]: https://discord.me/hassioaddons +[forum]: https://community.home-assistant.io/t/home-assistant-community-add-on-bitwarden-rs/115573?u=frenck +[frenck]: https://github.com/frenck +[issue]: https://github.com/hassio-addons/addon-bitwarden/issues +[keepchangelog]: http://keepachangelog.com/en/1.0.0/ +[reddit]: https://reddit.com/r/homeassistant +[releases]: https://github.com/hassio-addons/addon-bitwarden/releases +[semver]: http://semver.org/spec/v2.0.0.htm diff --git a/bitwarden/Dockerfile b/bitwarden/Dockerfile new file mode 100644 index 000000000..3506e208f --- /dev/null +++ b/bitwarden/Dockerfile @@ -0,0 +1,64 @@ +ARG BUILD_FROM=hassioaddons/debian-base:3.2.1 +############################################################################### +# Get prebuild containers from Bitwarden RS +############################################################################### +ARG BITWARDEN_ARCH +# hadolint ignore=DL3006 +FROM "bitwardenrs/server:1.18.0${BITWARDEN_ARCH}" as bitwarden + +############################################################################### +# Build the actual add-on. +############################################################################### +# hadolint ignore=DL3006 +FROM ${BUILD_FROM} + +# Set shell +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Get the Bitwarden from official images +COPY --from=bitwarden /bitwarden_rs /opt/bitwarden_rs +COPY --from=bitwarden /Rocket.toml /opt/Rocket.toml +COPY --from=bitwarden /web-vault /opt/web-vault + +# add Nginx +# hadolint ignore=DL3009 +RUN \ + apt-get update \ + \ + && apt-get install -y --no-install-recommends \ + nginx=1.14.2-2+deb10u3 libpq5 libmariadb3 \ + && apt-get clean \ + && rm -f -r \ + /etc/nginx \ + \ + && mkdir -p /var/log/nginx \ + && touch /var/log/nginx/error.log + +# Copy root filesystem +COPY rootfs / + +# Build arguments +ARG BUILD_ARCH +ARG BUILD_DATE +ARG BUILD_REF +ARG BUILD_VERSION + +# Labels +LABEL \ + io.hass.name="Bitwarden RS" \ + io.hass.description="Open source password management solution" \ + io.hass.arch="${BUILD_ARCH}" \ + io.hass.type="addon" \ + io.hass.version=${BUILD_VERSION} \ + maintainer="Franck Nijhof " \ + org.opencontainers.image.title="Bitwarden RS" \ + org.opencontainers.image.description="Open source password management solution" \ + org.opencontainers.image.vendor="Home Assistant Community Add-ons" \ + org.opencontainers.image.authors="Franck Nijhof " \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.url="https://addons.community" \ + org.opencontainers.image.source="https://github.com/hassio-addons/addon-bitwarden" \ + org.opencontainers.image.documentation="https://github.com/hassio-addons/addon-bitwarden/blob/master/README.md" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REF} \ + org.opencontainers.image.version=${BUILD_VERSION} diff --git a/bitwarden/build.json b/bitwarden/build.json new file mode 100644 index 000000000..96f2d9151 --- /dev/null +++ b/bitwarden/build.json @@ -0,0 +1,8 @@ +{ + "build_from": { + "aarch64": "hassioaddons/debian-base-aarch64:3.2.3", + "amd64": "hassioaddons/debian-base-amd64:3.2.3", + "armv7": "hassioaddons/debian-base-armv7:3.2.3" + }, + "args": {} +} diff --git a/bitwarden/config.json b/bitwarden/config.json new file mode 100644 index 000000000..0c717a3a3 --- /dev/null +++ b/bitwarden/config.json @@ -0,0 +1,33 @@ +{ + "name": "Bitwarden RS", + "version": "1.18.0_test", + "slug": "bitwarden", + "description": "Open source password management solution", + "url": "https://github.com/alexbelgium/hassio-addons", + "webui": "[PROTO:ssl]://[HOST]:[PORT:7277]", + "startup": "services", + "init": false, + "arch": ["aarch64", "amd64", "armv7"], + "boot": "auto", + "hassio_api": true, + "hassio_role": "default", + "ports": { + "7277/tcp": 7277 + }, + "ports_description": { + "7277/tcp": "Bitwarden Vault" + }, + "map": ["ssl"], + "options": { + "ssl": true, + "certfile": "fullchain.pem", + "keyfile": "privkey.pem" + }, + "schema": { + "log_level": "list(trace|debug|info|notice|warning|error|fatal)?", + "ssl": "bool", + "certfile": "str", + "keyfile": "str", + "request_size_limit": "int?" + } +} diff --git a/bitwarden/icon.png b/bitwarden/icon.png new file mode 100644 index 000000000..dbeb2a4f4 Binary files /dev/null and b/bitwarden/icon.png differ diff --git a/bitwarden/logo.png b/bitwarden/logo.png new file mode 100644 index 000000000..977ff31a6 Binary files /dev/null and b/bitwarden/logo.png differ diff --git a/bitwarden/rootfs/etc/cont-init.d/nginx.sh b/bitwarden/rootfs/etc/cont-init.d/nginx.sh new file mode 100644 index 000000000..e1d55fbe7 --- /dev/null +++ b/bitwarden/rootfs/etc/cont-init.d/nginx.sh @@ -0,0 +1,29 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# This file configures nginx +# ============================================================================== +declare certfile +declare keyfile +declare max_body_size + +bashio::config.require.ssl + +if bashio::config.true 'ssl'; then + certfile=$(bashio::config 'certfile') + keyfile=$(bashio::config 'keyfile') + + mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf + sed -i "s#%%certfile%%#${certfile}#g" /etc/nginx/servers/direct.conf + sed -i "s#%%keyfile%%#${keyfile}#g" /etc/nginx/servers/direct.conf +else + mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf +fi + +max_body_size="10M" +# Increase body size to match config +if bashio::config.has_value 'request_size_limit'; then + max_body_size=$(bashio::config 'request_size_limit') +fi +sed -i "s/%%max_body_size%%/${max_body_size}/g" \ + /etc/nginx/includes/server_params.conf diff --git a/bitwarden/rootfs/etc/nginx/includes/mime.types b/bitwarden/rootfs/etc/nginx/includes/mime.types new file mode 100644 index 000000000..7c7cdef2d --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/mime.types @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/bitwarden/rootfs/etc/nginx/includes/proxy_params.conf b/bitwarden/rootfs/etc/nginx/includes/proxy_params.conf new file mode 100644 index 000000000..1990d4959 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/proxy_params.conf @@ -0,0 +1,15 @@ +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; + +proxy_set_header Accept-Encoding ""; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-NginX-Proxy true; +proxy_set_header X-Real-IP $remote_addr; diff --git a/bitwarden/rootfs/etc/nginx/includes/server_params.conf b/bitwarden/rootfs/etc/nginx/includes/server_params.conf new file mode 100644 index 000000000..b6fceca86 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/server_params.conf @@ -0,0 +1,8 @@ +root /dev/null; +server_name $hostname; + +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; + +client_max_body_size %%max_body_size%%; diff --git a/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf b/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf new file mode 100644 index 000000000..6cf1b5a3e --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf @@ -0,0 +1,9 @@ +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers on; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; +ssl_ecdh_curve secp384r1; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; diff --git a/bitwarden/rootfs/etc/nginx/includes/upstream.conf b/bitwarden/rootfs/etc/nginx/includes/upstream.conf new file mode 100644 index 000000000..b8b7af611 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/upstream.conf @@ -0,0 +1,7 @@ +upstream backend { + server 127.0.0.1:80; +} + +upstream wsbackend { + server 127.0.0.1:8080; +} \ No newline at end of file diff --git a/bitwarden/rootfs/etc/nginx/nginx.conf b/bitwarden/rootfs/etc/nginx/nginx.conf new file mode 100644 index 000000000..c1fbd4b5f --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,52 @@ +# Run nginx in foreground. +daemon off; + +# This is run inside Docker. +user root; + +# Pid storage location. +pid /var/run/nginx.pid; + +# Set number of worker processes. +worker_processes 1; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Write error log to the add-on log. +error_log /proc/1/fd/1 error; + +# Load dynamic modules. +include /etc/nginx/modules/*.conf; + +# Max num of simultaneous connections by a worker process. +events { + worker_connections 512; +} + +http { + include /etc/nginx/includes/mime.types; + + log_format homeassistant '[$time_local] $status ' + '$http_x_forwarded_for($remote_addr) ' + '$request ($http_user_agent)'; + + access_log /proc/1/fd/1 homeassistant; + client_max_body_size 4G; + default_type application/octet-stream; + gzip on; + keepalive_timeout 65; + sendfile on; + server_tokens off; + tcp_nodelay on; + tcp_nopush on; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + include /etc/nginx/includes/upstream.conf; + + include /etc/nginx/servers/*.conf; +} diff --git a/bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled b/bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled new file mode 100644 index 000000000..9189013e1 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled @@ -0,0 +1,23 @@ +server { + listen 7277 default_server ssl; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/ssl_params.conf; + include /etc/nginx/includes/proxy_params.conf; + + ssl_certificate /ssl/%%certfile%%; + ssl_certificate_key /ssl/%%keyfile%%; + + location / { + proxy_pass http://backend; + } + + location /notifications/hub { + proxy_pass http://wsbackend; + } + + location /notifications/hub/negotiate { + proxy_pass http://backend; + } + +} \ No newline at end of file diff --git a/bitwarden/rootfs/etc/nginx/servers/direct.disabled b/bitwarden/rootfs/etc/nginx/servers/direct.disabled new file mode 100644 index 000000000..cc4d38593 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/servers/direct.disabled @@ -0,0 +1,19 @@ +server { + listen 7277 default_server; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + + location / { + proxy_pass http://backend; + } + + location /notifications/hub { + proxy_pass http://wsbackend; + } + + location /notifications/hub/negotiate { + proxy_pass http://backend; + } + +} \ No newline at end of file diff --git a/bitwarden/rootfs/etc/services.d/bitwarden/finish b/bitwarden/rootfs/etc/services.d/bitwarden/finish new file mode 100644 index 000000000..8ef2181a4 --- /dev/null +++ b/bitwarden/rootfs/etc/services.d/bitwarden/finish @@ -0,0 +1,9 @@ +#!/usr/bin/execlineb -S0 +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# Take down the S6 supervision tree when the server fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/bitwarden/rootfs/etc/services.d/bitwarden/run b/bitwarden/rootfs/etc/services.d/bitwarden/run new file mode 100644 index 000000000..a4741ebfb --- /dev/null +++ b/bitwarden/rootfs/etc/services.d/bitwarden/run @@ -0,0 +1,81 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# Runs the Bitwarden RS server +# ============================================================================== +declare admin_token +declare log_level +declare request_size_limit +declare secret_key + +# Set defaults +export DATA_FOLDER=/data +export ROCKET_PORT=80 +export ROCKET_WORKERS=2 + +# Set a random secret, to remove confusing warning from logs. +secret_key=$(openssl rand -base64 32) +export ROCKET_SECRET_KEY="${secret_key}" + +# Find the matching log level +if bashio::config.has_value 'log_level'; then + case "$(bashio::string.lower "$(bashio::config 'log_level')")" in + all|trace) + log_level="trace" + ;; + debug) + log_level="debug" + ;; + info|notice) + log_level="info" + ;; + warning) + log_level="warn" + ;; + error|fatal) + log_level="error" + ;; + off) + log_level="off" + ;; + esac + + export LOG_LEVEL="${log_level}" +fi + +# Show admin token in the log, if config does not exist. +if ! bashio::fs.file_exists '/data/config.json'; then + admin_token=$(openssl rand -base64 48) + export ADMIN_TOKEN="${admin_token}" + + bashio::log.info + bashio::log.info + bashio::log.info "READ THIS CAREFULLY! READ THIS CAREFULLY!" + bashio::log.info + bashio::log.info + bashio::log.info "This is your temporary random admin token/password!" + bashio::log.info + bashio::log.info "${admin_token}" + bashio::log.info + bashio::log.info "Be sure to change it in the admin panel, as soon as possible." + bashio::log.info + bashio::log.info "After you have changed ANY setting in the admin panel," + bashio::log.info "the add-on will NOT generate a new token on each start" + bashio::log.info "and stops showing this message." + bashio::log.info +fi + +# API request size limit +if bashio::config.has_value 'request_size_limit'; then + request_size_limit=$(bashio::config 'request_size_limit') + export ROCKET_LIMITS="{json=${request_size_limit}}" +fi + +# Always enable Websockets +export WEBSOCKET_ENABLED=true +export WEBSOCKET_PORT=8080 + +# Run the Bitwarden server +bashio::log.info 'Starting the Bitwarden RS server...' +cd /opt || bashio::exit.nok +exec ./bitwarden_rs diff --git a/bitwarden/rootfs/etc/services.d/nginx/finish b/bitwarden/rootfs/etc/services.d/nginx/finish new file mode 100644 index 000000000..23d85af4b --- /dev/null +++ b/bitwarden/rootfs/etc/services.d/nginx/finish @@ -0,0 +1,9 @@ +#!/usr/bin/execlineb -S0 +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# Take down the S6 supervision tree when Nginx fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/bitwarden/rootfs/etc/services.d/nginx/run b/bitwarden/rootfs/etc/services.d/nginx/run new file mode 100644 index 000000000..9c29794d4 --- /dev/null +++ b/bitwarden/rootfs/etc/services.d/nginx/run @@ -0,0 +1,9 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# Runs the Nginx daemon +# ============================================================================== +bashio::net.wait_for 80 +bashio::log.info "Starting NGinx..." + +exec nginx