From 611e9a3f88de279a053b9e102c15791d42094b47 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Thu, 7 Jan 2021 09:55:45 +0100 Subject: [PATCH] addition of updated bitwarden --- README.md | 6 +- bitwarden/.README.j2 | 85 +++++++++ bitwarden/DOCS.md | 179 ++++++++++++++++++ bitwarden/Dockerfile | 64 +++++++ bitwarden/build.json | 8 + bitwarden/config.json | 33 ++++ bitwarden/icon.png | Bin 0 -> 4399 bytes bitwarden/logo.png | Bin 0 -> 25381 bytes bitwarden/rootfs/etc/cont-init.d/nginx.sh | 29 +++ .../rootfs/etc/nginx/includes/mime.types | 96 ++++++++++ .../etc/nginx/includes/proxy_params.conf | 15 ++ .../etc/nginx/includes/server_params.conf | 8 + .../rootfs/etc/nginx/includes/ssl_params.conf | 9 + .../rootfs/etc/nginx/includes/upstream.conf | 7 + bitwarden/rootfs/etc/nginx/nginx.conf | 52 +++++ .../etc/nginx/servers/direct-ssl.disabled | 23 +++ .../rootfs/etc/nginx/servers/direct.disabled | 19 ++ .../rootfs/etc/services.d/bitwarden/finish | 9 + bitwarden/rootfs/etc/services.d/bitwarden/run | 81 ++++++++ bitwarden/rootfs/etc/services.d/nginx/finish | 9 + bitwarden/rootfs/etc/services.d/nginx/run | 9 + 21 files changed, 739 insertions(+), 2 deletions(-) create mode 100644 bitwarden/.README.j2 create mode 100644 bitwarden/DOCS.md create mode 100644 bitwarden/Dockerfile create mode 100644 bitwarden/build.json create mode 100644 bitwarden/config.json create mode 100644 bitwarden/icon.png create mode 100644 bitwarden/logo.png create mode 100644 bitwarden/rootfs/etc/cont-init.d/nginx.sh create mode 100644 bitwarden/rootfs/etc/nginx/includes/mime.types create mode 100644 bitwarden/rootfs/etc/nginx/includes/proxy_params.conf create mode 100644 bitwarden/rootfs/etc/nginx/includes/server_params.conf create mode 100644 bitwarden/rootfs/etc/nginx/includes/ssl_params.conf create mode 100644 bitwarden/rootfs/etc/nginx/includes/upstream.conf create mode 100644 bitwarden/rootfs/etc/nginx/nginx.conf create mode 100644 bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled create mode 100644 bitwarden/rootfs/etc/nginx/servers/direct.disabled create mode 100644 bitwarden/rootfs/etc/services.d/bitwarden/finish create mode 100644 bitwarden/rootfs/etc/services.d/bitwarden/run create mode 100644 bitwarden/rootfs/etc/services.d/nginx/finish create mode 100644 bitwarden/rootfs/etc/services.d/nginx/run diff --git a/README.md b/README.md index 578388c0d..dba4e5b94 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,10 @@ A fork of Sonarr to work with movies like Couchpotato - Forked from : https://github.com/petersendev/hassio-addons - Modifications : add smb and local disks mount [(@dianlight)](https://github.com/dianlight) -### [Adguard beta](adguard/) -Updated version of the community addon adguard +### [Bitwarden](bitwarden/) +Open source password management solution +- Forked from : https://github.com/hassio-addons/addon-bitwarden +- Modifications : updated version [//]: # (ADDONLIST_END) diff --git a/bitwarden/.README.j2 b/bitwarden/.README.j2 new file mode 100644 index 000000000..8e7bcc397 --- /dev/null +++ b/bitwarden/.README.j2 @@ -0,0 +1,85 @@ +# Home Assistant Community Add-on: Bitwarden RS + +[![Release][release-shield]][release] ![Project Stage][project-stage-shield] ![Project Maintenance][maintenance-shield] + +[![Discord][discord-shield]][discord] [![Community Forum][forum-shield]][forum] + +[![Sponsor Frenck via GitHub Sponsors][github-sponsors-shield]][github-sponsors] + +[![Support Frenck on Patreon][patreon-shield]][patreon] + +Open source password management solution. + +## About + +Bitwarden is an open-source password manager that can store sensitive +information such as website credentials in an encrypted vault. + +The Bitwarden platform offers a variety of client applications including +a web interface, desktop applications, browser extensions and mobile apps. + +This add-on is based upon the lightweight and opensource +[Bitwarden RS][bitwarden-rs] implementation, allowing you to self-host +this amazing password manager. + +Password theft is a serious problem. The websites and apps that you use are +under attack every day. Security breaches occur and your passwords are stolen. +When you reuse the same passwords everywhere hackers can easily access your +email, bank, and other important accounts. USE A PASSWORD MANAGER! + +![Bitwarden Preview][screenshot] + +{% if channel == "edge" %} +## WARNING! THIS IS AN EDGE VERSION! + +This Home Assistant Add-ons repository contains edge builds of add-ons. +Edge builds add-ons are based upon the latest development version. + +- They may not work at all. +- They might stop working at any time. +- They could have a negative impact on your system. + +This repository was created for: + +- Anybody willing to test. +- Anybody interested in trying out upcoming add-ons or add-on features. +- Developers. + +If you are more interested in stable releases of our add-ons: + + + +{% endif %} +{% if channel == "beta" %} +## WARNING! THIS IS A BETA VERSION! + +This Home Assistant Add-ons repository contains beta releases of add-ons. + +- They might stop working at any time. +- They could have a negative impact on your system. + +This repository was created for: + +- Anybody willing to test. +- Anybody interested in trying out upcoming add-ons or add-on features. + +If you are more interested in stable releases of our add-ons: + + + +{% endif %} +[bitwarden-rs]: https://github.com/dani-garcia/bitwarden_rs +[discord-shield]: https://img.shields.io/discord/478094546522079232.svg +[discord]: https://discord.me/hassioaddons +[forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg +[forum]: https://community.home-assistant.io/t/home-assistant-community-add-on-bitwarden-rs/115573?u=frenck +[github-sponsors-shield]: https://frenck.dev/wp-content/uploads/2019/12/github_sponsor.png +[github-sponsors]: https://github.com/sponsors/frenck +[maintenance-shield]: https://img.shields.io/maintenance/yes/2020.svg +[patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png +[patreon]: https://www.patreon.com/frenck +[project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg +[release-shield]: https://img.shields.io/badge/version-{{ version }}-blue.svg +[release]: {{ repo }}/tree/{{ version }} +[screenshot]: {{ repo }}/raw/master/images/screenshot.png + diff --git a/bitwarden/DOCS.md b/bitwarden/DOCS.md new file mode 100644 index 000000000..9ba05a045 --- /dev/null +++ b/bitwarden/DOCS.md @@ -0,0 +1,179 @@ +# Home Assistant Community Add-on: Bitwarden RS + +Bitwarden is an open-source password manager that can store sensitive +information such as website credentials in an encrypted vault. + +The Bitwarden platform offers a variety of client applications including +a web interface, desktop applications, browser extensions and mobile apps. + +This add-on is based upon the lightweight and opensource +[Bitwarden RS][bitwarden-rs] implementation, allowing you to self-host +this amazing password manager. + +Password theft is a serious problem. The websites and apps that you use are +under attack every day. Security breaches occur and your passwords are stolen. +When you reuse the same passwords everywhere hackers can easily access your +email, bank, and other important accounts. USE A PASSWORD MANAGER! + +## Installation + +The installation of this add-on is pretty straightforward and not different in +comparison to installing any other Home Assistant add-on. + +1. Search for the "Bitwarden RS" add-on in the Supervisor add-on store and + install it. +1. Start the "Bitwarden RS" add-on. +1. Check the logs of the "Bitwarden RS" add-on to see if everything went + well and to get the admin token/password. +1. Click the "OPEN WEB UI" button to open Bitwarden RS. +1. Add `/admin` to the URL to access the admin panel, e.g., + `http://hassio.local:7277/admin`. Log in using the admin token you got + in step 3. +1. The admin/token in the logs is only shown until it is saved or changed. + Hit save in the admin panel to use the randomly generated password or + change it to one of your choosing. +1. Be sure to store your admin token somewhere safe. + +## Configuration + +**Note**: _Remember to restart the add-on when the configuration is changed._ + +Example add-on configuration: + +```yaml +log_level: info +ssl: false +certfile: fullchain.pem +keyfile: privkey.pem +request_size_limit: 10485760 +``` + +**Note**: _This is just an example, don't copy and paste it! Create your own!_ + +### Option: `log_level` + +The `log_level` option controls the level of log output by the addon and can +be changed to be more or less verbose, which might be useful when you are +dealing with an unknown issue. Possible values are: + +- `trace`: Show every detail, like all called internal functions. +- `debug`: Shows detailed debug information. +- `info`: Normal (usually) interesting events. +- `warning`: Exceptional occurrences that are not errors. +- `error`: Runtime errors that do not require immediate action. +- `fatal`: Something went terribly wrong. Add-on becomes unusable. + +Please note that each level automatically includes log messages from a +more severe level, e.g., `debug` also shows `info` messages. By default, +the `log_level` is set to `info`, which is the recommended setting unless +you are troubleshooting. + +### Option: `ssl` + +Enables/Disables SSL (HTTPS). Set it `true` to enable it, `false` otherwise. + +**Note**: _The SSL settings only apply to direct access and has no effect +on the Ingress service._ + +### Option: `certfile` + +The certificate file to use for SSL. + +**Note**: _The file MUST be stored in `/ssl/`, which is the default_ + +### Option: `keyfile` + +The private key file to use for SSL. + +**Note**: _The file MUST be stored in `/ssl/`, which is the default_ + +### Option: `request_size_limit` + +By default the API calls are limited to 10MB. This should be sufficient for +most cases, however if you want to support large imports, this might be +limiting you. On the other hand you might want to limit the request size to +something smaller than that to prevent API abuse and possible DOS attack, +especially if running with limited resources. + +To set the limit, you can use this setting: 10MB would be `10485760`. + +## Known issues and limitations + +- This add-on cannot support Ingress at this time due to technical limitations + of the Bitwarden Vault web interface. +- Some web browsers, like Chrome, disallow the use of Web Crypto APIs in + insecure contexts. In this case, you might get an error like + `Cannot read property 'importKey'`. To solve this problem, you need to enable + SSL and access the web interface using HTTPS. + +## Changelog & Releases + +This repository keeps a change log using [GitHub's releases][releases] +functionality. The format of the log is based on +[Keep a Changelog][keepchangelog]. + +Releases are based on [Semantic Versioning][semver], and use the format +of ``MAJOR.MINOR.PATCH``. In a nutshell, the version will be incremented +based on the following: + +- ``MAJOR``: Incompatible or major changes. +- ``MINOR``: Backwards-compatible new features and enhancements. +- ``PATCH``: Backwards-compatible bugfixes and package updates. + +## Support + +Got questions? + +You have several options to get them answered: + +- The [Home Assistant Community Add-ons Discord chat server][discord] for add-on + support and feature requests. +- The [Home Assistant Discord chat server][discord-ha] for general Home + Assistant discussions and questions. +- The Home Assistant [Community Forum][forum]. +- Join the [Reddit subreddit][reddit] in [/r/homeassistant][reddit] + +You could also [open an issue here][issue] GitHub. + +## Authors & contributors + +The original setup of this repository is by [Franck Nijhof][frenck]. + +For a full list of all authors and contributors, +check [the contributor's page][contributors]. + +## License + +MIT License + +Copyright (c) 2019-2020 Franck Nijhof + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +[bitwarden-rs]: https://github.com/dani-garcia/bitwarden_rs +[contributors]: https://github.com/hassio-addons/addon-bitwarden/graphs/contributors +[discord-ha]: https://discord.gg/c5DvZ4e +[discord]: https://discord.me/hassioaddons +[forum]: https://community.home-assistant.io/t/home-assistant-community-add-on-bitwarden-rs/115573?u=frenck +[frenck]: https://github.com/frenck +[issue]: https://github.com/hassio-addons/addon-bitwarden/issues +[keepchangelog]: http://keepachangelog.com/en/1.0.0/ +[reddit]: https://reddit.com/r/homeassistant +[releases]: https://github.com/hassio-addons/addon-bitwarden/releases +[semver]: http://semver.org/spec/v2.0.0.htm diff --git a/bitwarden/Dockerfile b/bitwarden/Dockerfile new file mode 100644 index 000000000..3506e208f --- /dev/null +++ b/bitwarden/Dockerfile @@ -0,0 +1,64 @@ +ARG BUILD_FROM=hassioaddons/debian-base:3.2.1 +############################################################################### +# Get prebuild containers from Bitwarden RS +############################################################################### +ARG BITWARDEN_ARCH +# hadolint ignore=DL3006 +FROM "bitwardenrs/server:1.18.0${BITWARDEN_ARCH}" as bitwarden + +############################################################################### +# Build the actual add-on. +############################################################################### +# hadolint ignore=DL3006 +FROM ${BUILD_FROM} + +# Set shell +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Get the Bitwarden from official images +COPY --from=bitwarden /bitwarden_rs /opt/bitwarden_rs +COPY --from=bitwarden /Rocket.toml /opt/Rocket.toml +COPY --from=bitwarden /web-vault /opt/web-vault + +# add Nginx +# hadolint ignore=DL3009 +RUN \ + apt-get update \ + \ + && apt-get install -y --no-install-recommends \ + nginx=1.14.2-2+deb10u3 libpq5 libmariadb3 \ + && apt-get clean \ + && rm -f -r \ + /etc/nginx \ + \ + && mkdir -p /var/log/nginx \ + && touch /var/log/nginx/error.log + +# Copy root filesystem +COPY rootfs / + +# Build arguments +ARG BUILD_ARCH +ARG BUILD_DATE +ARG BUILD_REF +ARG BUILD_VERSION + +# Labels +LABEL \ + io.hass.name="Bitwarden RS" \ + io.hass.description="Open source password management solution" \ + io.hass.arch="${BUILD_ARCH}" \ + io.hass.type="addon" \ + io.hass.version=${BUILD_VERSION} \ + maintainer="Franck Nijhof " \ + org.opencontainers.image.title="Bitwarden RS" \ + org.opencontainers.image.description="Open source password management solution" \ + org.opencontainers.image.vendor="Home Assistant Community Add-ons" \ + org.opencontainers.image.authors="Franck Nijhof " \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.url="https://addons.community" \ + org.opencontainers.image.source="https://github.com/hassio-addons/addon-bitwarden" \ + org.opencontainers.image.documentation="https://github.com/hassio-addons/addon-bitwarden/blob/master/README.md" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REF} \ + org.opencontainers.image.version=${BUILD_VERSION} diff --git a/bitwarden/build.json b/bitwarden/build.json new file mode 100644 index 000000000..96f2d9151 --- /dev/null +++ b/bitwarden/build.json @@ -0,0 +1,8 @@ +{ + "build_from": { + "aarch64": "hassioaddons/debian-base-aarch64:3.2.3", + "amd64": "hassioaddons/debian-base-amd64:3.2.3", + "armv7": "hassioaddons/debian-base-armv7:3.2.3" + }, + "args": {} +} diff --git a/bitwarden/config.json b/bitwarden/config.json new file mode 100644 index 000000000..0c717a3a3 --- /dev/null +++ b/bitwarden/config.json @@ -0,0 +1,33 @@ +{ + "name": "Bitwarden RS", + "version": "1.18.0_test", + "slug": "bitwarden", + "description": "Open source password management solution", + "url": "https://github.com/alexbelgium/hassio-addons", + "webui": "[PROTO:ssl]://[HOST]:[PORT:7277]", + "startup": "services", + "init": false, + "arch": ["aarch64", "amd64", "armv7"], + "boot": "auto", + "hassio_api": true, + "hassio_role": "default", + "ports": { + "7277/tcp": 7277 + }, + "ports_description": { + "7277/tcp": "Bitwarden Vault" + }, + "map": ["ssl"], + "options": { + "ssl": true, + "certfile": "fullchain.pem", + "keyfile": "privkey.pem" + }, + "schema": { + "log_level": "list(trace|debug|info|notice|warning|error|fatal)?", + "ssl": "bool", + "certfile": "str", + "keyfile": "str", + "request_size_limit": "int?" + } +} diff --git a/bitwarden/icon.png b/bitwarden/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..dbeb2a4f4fe9c73347e1d54bfe7fdc94b2a0b87c GIT binary patch literal 4399 zcmcgw`8(8)6MwI@yUv!JAxmOEBu8@Jge3Gqr|gd_~Dn9BZx%qhjZG&J@Gjzo+lA(@@J?{V+^Mx|OwT*KB_btsMXN)a`c|c~ENDQJA@DxBAF= zN!lH29?7ljJ$&QG`El&zl^Hfz@BQj+`?M)0kq0bavrU4JDCe!UVqTkhFUE2j!p%;r zyE|pRJTm9NJfqu`^>N;?jar`f3hn<5}1|4y-yhXeP$<1LD+O!KQdex zXCLSnQ_cC6n-;JpE)u9JQ?@3b9_#eZsHTBXR)q+?)E({7hB+Z0<^V zY;I>_!jkTdVCSgOZLtqXRP3j3=CRogbrY@;)=!xA%$-kvRizbX$u~?G&nKXw!ST~a zpVw&^H3Agl<9L1CrAkvH*M6p!M3OI?CLwE4fX6q)&s_5tkvuHr+Ied$;F&7$Cp#$= zIAZ(GT~6htpJtgx9JLdTsyTijJ@sC&%dse=bIWlBcQmG3AcGBu%t3G`jUe?|%uJ~$ zME7xOU`k0y_Ma!;WbqLXxK*9`%C`fdkGr(jmAFNg8Wk{wRCPu1%h@XiV2#hi9S8Pnyb{-aS5$;E+ z#lp3CSI8B4>+TR-`LqIW^(J=j2iev^I2M)>^zV{CG|pvD@kG=MjmeOF+UMOD<7@J3 zGb~F(5#AVH+`3`7xyn(z_{LH*Xl0UUUJ1u{HD4v3`9b0w2-LXh6RnH_YwV7|S`${! z{vn)R(UGe0pDhhqDQtQyJ*B%_#0dMMd%eBR_E4;)?d;3)jWz9p*5Ekms5jmm@y8oy z%eEb?xIgg*apf&Y4d!*j?>E1N2YhHtbdmOa4|jeDqKb)* zi32(2cgPm&+e^Vnn*O@4FY}8RZpP1Sov&9w74T#FV4r5TI@t%yzqr5yIUSRltS3D1 z5#`d_bXbM@J7W9b9w4_io2f|qu~PBA@*g0rVKVwR=mTmeoI+FoO>{#?#_ zh?hXoiCQtJ;*g-bBQiFJ@qJZ%svd%9sZMT5y=)PLiGP|{1LFL&{8o%|@JVZry!j!9 zijN5Z?#Ti7H~M%Bbhr=P04RM2EtGKlo#XrO`pa-2!xyj;0uYnHbq4g#3@y+EEjoM; z8r26Ep>o@@v(R(AS@D1nIJcHwg1u?dfIR>=9<2N8~ zS#Te410sfjusFpZ+~rs5!xPsSroySz$S<6z)xd-?;JO+Yz=(#bfr~(+7tq_l|54?} z-&C5TLqiD*&!|Sd!2t276<|~|9|#4kd|xi$kgX9v(l{?t((+$!(Vria%HJERNL;0# zk)Z;bERC0MxZ_haxd3*`a>0p((YbJ$yR^qK3>|E|hAUH8y>U_X(wSXPDqyga3ee|1 zV75TTfC+Z^oIc>BDbGdLyABvV*6Dk@r4;r;DLCNi(Dht^aGU?ZvdG%xl$XYC0<^<9 zB23I%cdpqzvaq))Wawht2w;qFgYGeaX6fncRW@xgAkHK}I+ju+!nR9!a66)ThQ}!d z+h&CXe}+-^kN9XT>&sUNfK0fHLO*G+5O#PTB)|-KoD`nS`boAb9m>N{AxluejzOf% z8o)eL+})k8ID9Qy1V(CT>?KeG>BLbpHz`d2)28E|SoWn!7@6s<{F`ZbnKkVH05AeCCo9<1=yzgCR{7R39(z{;#-i2s0@ zks;3yv6m*Fyl~yjOuA=2;un69MgBWtZwy;56<+Q#=DLX0o3|RUI2?TbZ24`3VU(a! zOmo*>Du*Ql+I#S0=5Bo<%=g-*H*B>z`?*!_1_M-tF1H>B&X(;`OCo*vEs7<^BBAFt z4AD0zF~bg&sAtoJ=P54pr??)=SAUIte+{_A?iT^rHipGxPBBTT{#^0%i)Qv!2q(gH zAVf{!XZ4ANXzaav|Jd-A0={?K&TXCdQ21s{4ND}l*fv>~PSwvq2G%hm%pb&{@@7ln zEMo2%%dJ~RR6u+{9c<(DVI_H%D23hYsW=d$?0--Gheu1N9Z_TN4-`GsQw}2z4*tXQ z{4Q+fqMtNu3Y>@^ajnV=jqr`aA@_Mt)XSD#XX5K?K!41izy^^ijD6u22$;y;68Pn~ z!tuwTupcn8CePt@48}6$wguFAI0~d1fqn_i&dF94U)Xpt3;!B02LhHChsC(65nm|j z^i#OXo^a(`K(oBdkxSE+YJ>-DO(H@h1lVNjhFohu{hh?VzPg>3QVRi6&TSVy7K@Y4 z%V{54)y^2W{dJL@YVTg*G`<8p0~9TN-(m=B(jE}N)DH~c`1<;+paPSfkT+1N z3`VDX&9jKJbv#XCwoboCsR$tXP{TjDHAS(b-Xc2#=-FEqOB`SP%>b&kqU(Sfwm0wR(DHARyeap# z0#6zW5jp*8AE??3_n@B*HR7w<8r%Wn-Rg6;1IKJ}h5)1ez96|BkI-T}{G*&L;TAfhFF}89 zRJYmUSpL0#V8>(TebX zG|~+6^MA@4IDO)%O)q4`u1O1d9&KM_XWmI05SM&e)`h|=fa~l}9X#R!o~eCsL<38J zkF>`u=3KOx@iXXp_h#ow`^#w71H%#NB`<;%KJk6}8dwSo<@QOgEh7@WGNlMw} zx`+D@Rz_aH-9~|JpGIM{T05E0Xh(D0x25#0>GODe3nrLl7$WE-iG|u>R_N}iqc}zw z7xJW2f8F+a``|vF_g==5fJ;^Tm!eCACH>s`I6F%aIw4=25BIdqCZadwbfloFjBO77 zyps3NxR<9(ZN4npslA?|GJ2Yr;*gnyvec75os7?yZ*+2Hs`5DOXO&QBn0{2>>iKmt z6vBVaonLSE*|O{EbMnU8tIgo-B}Z2&?Y7bqk5D+1)$akzj(pC|y5pXbTv?~6vdnDQBviiwapY+r_o39$X@h=TOJCQ7G6RSd zGE<#TMb|>&AO@E@;Et69hmM2Cf;5Yz*w0iW+@eI~?T6}|UR z*NfNtR9l9W$+Osw&Xp+sCfX4C=Tn~q+xAF7cRS%(09av)W6kie1*zG zn%O@l_mNlyu@rOtyXNf9ftl@y5gmLqTTNn6v2^k-;|fBXibkOGPu3XXme+}rp8EQr zluKTpQGsp%f}q=J6SQ<0r=NXZl&R3Wb6YtqG=vW&uNVH`ooxJKmB*Op(&GrH;Y*>{ zS=~w#HV$Emk`&2BM`4=4zGxD8)ha9M2toHZo-dB=a~pDW-M%qbCS2F^W&y&MlXSE` z?0Ti$&cWuh+NiRSohr?z$4=uvQW#Q|)t0lX>VxVh8jUT)?JjO9ChK)ee}27E*t)oV zar?2oEGrs;QcxHZ}q1*bM!~I Qi$@5ct7UMfTEi~tf6VqtPyhe` literal 0 HcmV?d00001 diff --git a/bitwarden/logo.png b/bitwarden/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..977ff31a60940092f72718f07114058c8a4f5118 GIT binary patch literal 25381 zcmY&;1yodh_@*EwA<_*B0!j=Wk|NzD&Cs1vLkS2-mxwTQO2g1Oba%(l-9vZp`0eh0 z&)zd<&OJAN_r34)ynVw|l%#Pm$uVENc!47;Bcb-<1qu|g--m&M_%FI*#(wd_1THHf z_SFLk-j0Ox;srKxW~-m|@Y)Yk62uk%-?sANh4C@vD%I=^e`8#r?Scim{gdF{uDfBz z;Vj>1t^LBk-=XaS|Mc~Izvpg&u>ItM#fSqE}1QxML@`dY5c)X*fU6*lP{+Yt#Q0!i^WX`%46dD>zH&#f$ zPy+kfY1SZbz+f!AQBY=VMrCsF_yT z2`5l}xeU%=oclKpdtCfte^>IUJFpN;6!Wq1VXuQbpQ)S;tk&YNT#3o`b^kyHXiet|M#-Mj1bM6{%?%f_7cb^klt=TUe^0-v9wC>|T>aKB`$ zw)yh9|3yM#Yy9X^L@TGB6A_pauXOg_btGXVdStfuaVgG}0Q{}a0F5>qD{XRFpux^} zqyK)Wg^}$S&6xI)TWapTkChyCu+uc@OHh9Q#2}-+UNlVrK4N>9c6F#dY)|+#U z_B##t(fU?L{lbhh>UZSz3J(r8Obl;qvb3K;|HkkpG5M?_90_X(1>-KFGUL9 z^puM2pq3iWbQ68vO0KQ1J<`B?Lq=%g_L>v*~8NB!m5}QH1gO&lB z{@&+DR;3(UYu@I)$eUk@Vi+&XNX)S3Btcs!!mW0?zi^DWYIk4ecwZ3En$XOlz7?;u zmAmep(*qBnRqrY8*fwCWNxX-8A)ApP?h$68a(Jm5qo}OqrHO|Zl7Nsi0zTjbx>fd8 zw>^Q&DHu*scD{L0Ux(EPK%Cik;~k-7fKDvzKXQ&PM27aIM9v{07K#t4fvj^hI@iO0 z?}b}wNPyna&c#!G2E_tBwFhDxvu&HLNl6B_kKvP+0<^TRt^bc)Vj{qiW!NQ65wAXDzR$Y;b(caTRo<(Y?Zb} zuTq(*@|c5{Kd*DfS9uHl!ooa%-21|3@#4p!nm@eJ;qo=0V8pC=d-FlOAF?N%j~fq+ zf?eEC7}JAQFHpoEcHu}bDzW+?9pBr{OR>@-s8a*s>q(Irq)bp7^U07c{oMe&r|pq5IuaMcgy!b)2@6b08@JlU(+fx0N9|chZoWeM z@gE4ZP|f4Qh+waX)3SNJkstsCavGC5FpAm$oJc(=gZ37BhW(EauRG*N0V%|2OC=J@ z16HNXkEBq^jM>8UM877>_b-0|Z&47yF|)mdG-W)Irr1={&qpe*lnyn%?PR_@g^bIC zkbVIX1e)V%cD-7dz;O#Q)b*(O8l$))!Dt3z=)hUfOO*p5xr+U}&TMw-SkuoEn4Gw; zsy-8Pi8Jojm<_)=m`F|an=)CC{cj=Ee{{&;&=QapRUS&Qv9Y6f)wOZ`&CKDG-7`#)nZ&@>14*TNeW!- zee(O?@-GnDQxx6fB9afeT{vJB5aeyuaVuKJThjC%%pH$U;?l^^cQ|8X=?5V2`Nt$@ zvBcm%SXhDw9!m@di81P|92T%iO;M0 z=HAb7%d;W>j-BEDLwqo$mEN!2vQDd|HI3NJ=AYKVeSo)6?L($gmeci7_}nkA$8~Z4 ze!*M-cLbvV($*D^i-C=3%#p1 zSfwHDoj(*6?M02(A+by8oI$;_v$Mhe4fKj!td2m~F@i@<@;*(M(~!5r`TLQtr%Nww z9(5VcDI)oD48P9qhj{rr)ShL=Lrjf*6)c&xq4G}dhrEg1OS4Do0jf(1hE7hZc?ouz zaIZ!X%aO=#g{yBm7L|fma>#VjK*=`dxwNBJ;_=n)A$NYmfSnrypBCpg;~guWS)b~? zarc&Hfpf5e`rW_fu3$nkiJC2L#qWxol>!Q=$e?C z*Th-KdM5ZOer|ok6se4-tCgXfM8=O5N3+(1G(D0>{kc=tVT|Su-aNa}*)>+BZS*yS zn%HL(Ne@a}O|MI82D=iOl0k`RsoRC;$5nh4Y9zk2(k|@}cY6AfhgIG1HX`wntx-5} zMQ^KCM|965Yj((>4j%@&N-Ep=mx7tx|*a zZhC&uJ7f*+VhALLEcAcQ=DlHx0R_3bYrQ;;77AB7Q@!84T$yAKsH=#>xxD_#mPJ(} z;Wvf5pH`aHL_+0HfMPp#=E@9c!w^9UY;b{{aU3#fn#^BH5?rR)jJ|Uc@-@m0=}_+@ zuK7ZI*=Id*^@?V_ObsY9AGCFXN~qRH`0g@0cj_s8eC#W_EjSa4L)p%xL~UxsJUoG$ z@F@@Sbxhh+fKZZ^URzccGOD-nT__s&^ktq&UMh>;^asB8jkWqAdpBXrooS?EGGCLf z%$}n`+E3 zl*3DXx~rM4n;tBdEwgVM}av|m{i^mW7BYNuIYW`F9I%$*1gqp^0s(0#`Pl=H6#|E(pW@|TYS z;5Y(<$MMH2`Fo;-OvC+p5fW3U4>Qw4f4gC(^F)(?cjU?_X`0I}vpvGK zG;if4QJO5hJ~XQQmJ0RI;6FUO`bFh6;mB%(Gf#1dukTSK_Ot=sFafwFbwvdFE*9&7G6NlY%(Fj z{JlroB&TOm*8mSUdos{_^FwO9pM4HkBO--k^gXW`Rwj=Jm&`&q6`+vqhUDkp<$6(S z>7LhmIXd&KiJ_p|Dlcbc}4LK&vuhGP)l7$ekdKhC8mgJdoQ)JqdZHny2^Qsr~E~ z+a*M5IH1h((ydQ!8q0A(7J5-wb7%$5C`qhtFmgoeGZQ_HIZHIX5$Cpv`F#I4c4# zx;Am^2j<#7KK})eLE@-P3t1{lzS;QBZ&^z;-|))*a^8<&6 zDIWO8!k9c;c9-ot#3S-X!8;GQ{3`!&7cc}S1{FW3DurL!`i8r2{_Kj8$(AA+I^mh6 zCB_(sjOlEaI^kM)C*tgD>WDCI;u74v&}oqT-}pBckDEVy^JL#%z$|peL;gz{v{#KD zFJfGcdRTPDeqwO5*b2&&m}f+wzZ;^{PBroIh;LtRe2i-H=s`cgsE;Otvbz2&AZI*# z2Q$$KT`A_5iV!Q&T*86TQC)-W28u%4aWo&rZziX~PZ3@~`^29d&R$#Z<6XcvX0s9~ zK)241w^m?fhv@FFT4F>|dL<_%6<@4BfSUz?th^QRvqDT^X20=&wmJjk*R=Q%%hHNaA;TVW*Ww%OYIC{Ux2zg$L*1TdU&Kr* zWURqmjrN`QyS>}g7n~Cy*^gQtHe?@Lq|T(c4A0)@0XYuWRZC(?Cy06!6%^GvuFf|Jl*;W}Aj@|JK3?2cxpDF!lQ&TlaZ1+yPccw6AKjV7yDVi_5z zIAg>e;|pWlxCqxgB-F~)Ht@c()%N)DMem8cfe=3(ymhKXF%D2BS*GxVwTu#8^ti%E zuwd%auHXB7bS8&Ft-;H^Z}xOkm8E8k01?wTS7mk!4h(yUWJUi_0PU4yXi{_yPoq^R zlJl1)rUX#f%yhMI>+xZdPQ{}Z)PusorsvqF#2;fJ@`l5X(eQjWTTsunSmo!c(rVS_ zo$Oo~@ic*53R{PnmQx=M=6n9`r^H5zH@&T+TI^fq7vcGy5}Zu)k}*GvfdawsFden& zkD;I5lIQk(EF5w4epY-eyyW7#yXQc&hL&q!BaJv|iz|v?PV}edoP@=if35F%^b<1jgP!oMF^QSD3m@(!^%+<%mmi{DynZ#w47())? z(RBe&<6tRkk9!N>^yN-$t=(DCxCWL#IqJ%v-YeG}IH@0U{>8etx;IbhplVC)DN9`Z zkQmzVd!8!rtJ1o3sUP;6v_*3#?|SkyL&5PFBHwmGL#S+Gq#;LHj}>X9`RBh;*NpbE zdHa(fgh4UBHQcRn2^xc%K$Z8*7onMK>n1`n8|dhR9S-hFu{qmRVAGM3hRF^-zw-3I-7hg2JHBW^XuC20p!r2Ejo5zTKPp zgjzjRJerTA&|6j$CcTo?$B_wUE74-!IlKb~@NtVPKf@)kN0+{#h3AL#_+#RppC#Jd zcjX1w-`wPM1)%;nmlS6O7HVnAjg@Ppw9_bt*8ltRzz>G~1=k=x3{1GGP_R(y}A%#Cm)EIi=7vE z4v=l4h?rN9lwJ`9-hTh!K<<(!hV7XiR(H!w*$u^qRq|al zP2AACtx{jHQwPa=2yKg_ju^F!Ck0}qb|iwj6{WQ1UfMft$>ObaaIvNp?tTm_UboUB za!5ea=pF~i=HyVW%(rvw$sE1Wl>ObqSetFPJp0?5(!311$K}Toa($?LVf%3}E@KN4 z%yw2iTPY*UIg#(m)N@8Q^TK`Z1hbN>#0`{YI<0X zO;m>D6?LV&BccU@6c3$?f>f%&6NLPfZOP)ZQD%V=St6JW4ZR6LmuUl}X?tP(0 zYHi2B^XRfpTfat{{dYe54=R}7-(ZRb1ko}+h8-nXk}Vh1edPFl-a>jr`08o27~(rcQUfRpMjgr+ zIwVhBEnFDh&hiu@rp1)}35KLz6J85$FWmO%O*=gpa<{xcc0DZKH(la zkH|B0It-59OR2RF9J0dVjYvpFVt!I5Wt#Bc^+Xw^j|+s>Y^!BlW7!mcg0Jg_OuIzG zri{+t$Ipl*if-ipuIkdc>C)+WRmW&U=>03$ZPu~XK&+XEsN}htBejp-rq*jXGG3T0 z_ts^SRFId*!QsS&nF-m<$ic{g-;qPk%#}RtNBf}O0{tjxrgn@4m`HoX6EDdt9_x`N z7CT-U<6hOXn4c%FcGI}o{UJh=7VJqG@~za3_o~cWxa$k ~lk@`q0K7t9`owFh%D z74nlFsj8e3aydqZorNR#X`@HY#5F{seqNp~?-;;ibhSIZSDHL^k^w-`lM>Ts%(3{( z`4DcBbszl*s+s|D%anywsPeli`lGgM>r2e@5x#5FJ6!8@HrZte3RI3I_G1!i;e99` zjV|}sRCMP6;J6iZ40lw|$5B!JoQxOrF;m|vCvb4~{iZ81Wl)|Zdp~^w83{jm{G!G^ zyC29>ireS)QMr(ZzAmw{S_K~aFpgWUo*TnchS>E=mHK4=3vSx(aTg%|tl^6D&b!R-LFFBUiq+sp` zL;gcD4TbSC+&=wZWGHPtXc zu-*1W*uTV2`Ow(GFnv3upgdy36$!PF zXxJlfDrla+l5j$K1Qj}Ee(xnr-Z|ygZ;@zR8V`bNWI6rRjXJ&aN$wYBo6kt_@w_&- zO$>=&dzdA#OGM9U!u8pY-b*4jtEz|?4UQQu3eG7Q^@&Rh4%8{BFW&Nd#G%+KZ7|OCx1@Ij(ioGwQT zsX7^p1enRO<)DC^7u;@St$^px26wtG4DUf*>{>L!rkk@(5e9qwA-h%PY0lM%ku zvtn_BmXf=6MtG3Ly~Jnfy-Q<(tz#o&E|}uM*)$nMIk^cUlX7fWyXD+N$_feRNY`W~ z_SkF8P|DFUDkTK@$fkbyb0^Y;N=ZHnqPUwY6we8b+ag_?X-G6#a4NiF4dv{ik}R(f zSuP*aEB!fok^R#_pOOevAzB%+tKdN|;K4Qhr$~Odle7T=Y`;wpUc23i0!`AQ-V|XLm0(lQjfd$D@8Ms3#1rTZm85@`~VJEzx86( z*vUXYMnhmI$=~*HYOI1_e$MhZjWE-&iYhe{_ieQn#5m)%C3f|@5T9y&Zm8b=)dakp5P z!#Iyj?okSc@NHn~2F`YS3o}#dnqLv#7o7)^ZPKbILI!{dAr9Lo&$Ua5b^?bJGv$%9 z9X5;FPVQ8R_iM1KAT8rj$})F*+wIm#{5fM2unlz6kCsF^H{zki!y=`b)o>UiYfwkI zn$4gmqwW)5SNjPq`X{XJZB2$M9TEioj#X2t!<;t0lZE5qh zoAZB=(pdDcL^IE<*|m^}@G@{;zWSI|Z)jb{7E0t_`M-5!_i1OXkS+K`;@)`#H zj@#3;2(8>%PPIkGk|{5jcb{b`6$ureIP$dRT{ycVByg?3xV=x+870^jL$(eT_&N}~ z6wyAo+1q8!jgF7j*$q%!jDR-N+MLJ6qZig0oa7jcd6+jxHdYGzaY@*dEZ7a4lvE2M`&FOyEF|w$4;hG4dw~Ohtp~&@tmgF{tX4vrg7^L**NR@oRiTruj z3zz$DLujtlSe{ip=_uFZNpFKg1l_-V*w=KpukM!&@66gjN8+=6x57tC*kwM_11Rf( z-`At4uK7KVT3V;LCHQWYjML;a^_h?l<(LLA--E~B@g^9t+=35iAzmz`+W)6=e(#Kf+(US38 zlh&)6l=I)6N}^!F_=&tKw`BCSO2&qwZ)YH| z%{z2ni}sA&lcTfoN-xTK!b@d)E)Ymi*l8}@bmQhIIzAwPL-ck|RDUP?{vx{VwL~3X<0!f|#O;<@# z8`Qmi;0;N45+eiI!PlE=+}v{W)vIo+!en`Hxv*YZd*_JE87NGkXvbvK=UOsq@wSzmH)o@m?lz{vi+E16zmZ#M<^3Dpa zT5kEuD!8~jgshmHmFrDaw~y`P4?jdaSSDHM@*rC8m0bi1lpE*NJR0cY-&#qR-EKUc6;tgcR#oQ%LElz$ zBa zp7jMDFmjRNInVUk@l!dLbY?W2q31!571b9pbE;n?KaFfA|Ke!5S|SG%u9D7#-(7B{=pZtEV(D z%0AYiNsl1cB@hAO6_rN=_rnj`7R|G9oOc6vgfD@H1%OXq;WituqMuIdF;`{F z$^yxiai1PnGg0I3piM{h&LCqn`MF(}fh~AcuJ|kBAlG=xenaO2i4xalo-xdZ4u<** z;P={(3bc4=pt<2JDSDAzHM-Fms~~XF4#&FXrq3ji4^A(u9ejd|lut)MS#e}yRids) zV}&O`xT0B#$4{%^)%%++X&V`pYQ>t;1j=+SZp-N7^gZEr$Z`aburbE?v*+}HtLoYt z6eNQSo5oU3RXqlT)pTc1IYPN=s&WzeiT^=k?esC5uD!b&S3#ZATx263xbRX^-jV=C zN}>E*f3WJww0T_sX|s%_&g^hg{>7Xt))lw94A8z*OfKD?>a_M z1hD9!k~^I#A0YKdx$N{$#AY#ft&WeUh#4K7);gmQ+xkb@c-<)L_!5)djT-5&SdMnc z#Mq^wjle(in(6(77reG>#h^3Ymj=+UA2NHH}I zq;_&<(8IRaw(`gKz_J;tU^DZb*W6`&NI7F&U)MBXW6JJ zU-eK_=|zsmqpUZdRZURSg7zMi15nef4T+?DjxOuq-;l@68htuC0NYH}a<|epUu&5S z-!xfmE0#02L-3=ftC&cHAM`gmwk20qC8_#ui3)lM;6)NIYcNHsh9WWs62T=+m3awf8 zMrK5eRiAMXH2Aj7Nt zGAhFJ4U}8Q@}Z<(O?@1VFul8GdJNx)nxh*c4ZIJ!zZI?dld)`IznwundZE1w>vp@7 zuxMBKZkoUDpa}bDH&10FXDXcAV8bExWg2v<#qE+p6+7e@V<}Z0HE5jqD@U0}G|Pyj z#(P2Hu`3}2SS6UJt$b$a@CtM(0?+ms9H9BQ>vO#wfLY!v=K;3KE>NT;qth1d^^*FW zMznf2<9R!vQNkOt2b9lnCmpm3b#0$B7JH@qB())TGgRvLi!!=0qb@IXU-^w*pAVJN zGC=G19Km~~4F2ig>F~MMz2q|H?GhWkVDkPxLv4aX1H82nFC|Je&86e>4WC)SqzLtT zZ(t=iXwMVBA#7YkZ<&M{hwCZbtWdeU`0ISAyedi8yI;E4D-mTnJBo@@a{uMzQhHHs z+_=n(xsNZ7w93Q@+jeo=Unp@ zUh)0?!|Qa-;h{uD`rz66ZA5s#@qb@s{MGhw*@T)yfZmt!@UZosyT|6KVP?0 zmD>ssV-i8FW;{7(m=coF%;`t6aj1u$wQyF07Cfkf^A9^hqP3EzHllFbUVTnK+6a?k z%Oz1fKNh1P+Y_&GEIBWo?O9k9N%-B#+|~Zx5mBY_ZVQpAs8TAToWzx38w?%Zmk6ja zwgB-+3mnWIGI`Lw-*g6ImV(5Po)_%w*6`y}c+6}i z-*i`vYS)^d)Euq^Vk;M_5Xex5@E@=j#o7y|`z262$Zg0)Y4`)3-`tZRg9=4A84|Z* zAKZ(oyuR!9eW@rT?w_k6GbbI5H?rll>3Ta8=Ek~T_>3DPzf}ARLKE=aB}WYYOH6eAJRHK}y0HH*A4O>H+LnW?cz zw0Qea@mlcoa3^8JH2Uv*Aw*K5P=`6&ds1nGw;u)yNzU7lHX&uCgikzv8kopErSvAR z$QN%%H|Tce{-n~@0%W;)6uZOS)8_DAbwry<^7Bf);|h6n&|YGzL4kUafNETf`z-K> z6vZ5k{H_9ln4g0v}ceM+ohjzU6Z29k!5)6W;y8;eIZ9rF(lAa5SS_0#3!^UKBk zm!X~uBRtGS?i62LoFaKuT5Q8sKA|z_!@UUHoa!3AnrshlgLQA0*R4?xMR{W9GArbV zb+?`FFJ`N=^pBl*7dLs>oC8o|fF+hr(Cz049by`mgmyh=2UEXwwG1Pz6jX|*!S^f? zb=}Gt7@yJKwnOehk2ao9zZE@;N!>^}Jzf!=hEWMxJ(;}ox9Q>Su!|uR!W6mBZlx#T z00u+R=;O~&hQuzV0rP&l;$!nJim#MU*KS9xz(UzcL|1`2-s z8OPXSnHEuW4+L9#+fco3SgLhPcv=5JqV3393mN!OcC>P_2-LFuPr)5i-L7awCTzCF- zKq@HlF=1SM>g|scmF-BzdBD-wXdv^#Cf)HOodIBLTVFBbjh`uv`T^~r2IYHD;jJ2j z2fbi|OED63j7A+s1FlXA7Q-NhR(e{;h6#ou7=kG7JQI#zw$!LyuHcrbt!$ZYTTWtY zNXeHE_F|EI!_o1|RP?#)9Sif(1M?B>Z1+ytRlGzAp5JM)wxA;1%91t z(dgihx|00ucw0q-ZDfVF?JoB~w52XDPekEdl3+ADmD!t!p3W?)c55F!*{9vpl`Dd| zX3kq<5mDe$)GEUqjRJ9*HBs1M4`%-9cO8teD51Ll`i&(u1I@M0HdclS4Qv~GI%3K> z;w4mjmUf#!Ww7EqJ!tcwF4~l$a{a*EM%FV7JodIC!o?vtJ8jq}J0Gmv8x0(a4H3MV zA_m#xvw*C-BSdp+UIvkXs8l9!#jn>Bcv13PD#g3Wv4cXYSu@!crL69HbR9U1NU|QrZiJz!HK)x{ z6E`0mgj3ya>%q(d-{A8z0;ctOj6Fn2w!)XBy^m9+){qn<;JzoS2RF#D1%a6LD^UN> zAE-^_;43lWr*M{_0&-tGMU!!RTmv$lg@5Wty=>E|KxFMWyKa+eh%G;b2`T?Pb% z2;gTS{nAyf4&uM(`ZHF0SgEBqZyLO;r(GV$xUJ*6eBDou(a(?L1NtW&*xrVJP`_`4 zB$hMRI53S=sB>IvDJq%dua~ClY*}Z{4F+}sN_UMMGVw;|tH2ua>(~#h8~#9S_kxo6 zt3yt3H+591k(LhYI4JEi5>3;boJ+?2?(EiYBP}ynkX!ZdJl3}F)j=K-#MWasY0|nn z>+tG8!EqtuB>b7eZ?n@o!)b;diOsl>fe$?*Y4$0GZnbNzQY(;BV`}>g+jeg}6OtYC z1f*CVgVb0*^QK7m=TJ}0!^zbWg>osWX_Xaecx9wV?|z+TZf%6GcFtox<{z22P9PIA zI1Y@bWyc8oDLupmgWi(iz7wFIVFk^0xu?4D^BBn?U+)S>eEo0@0mZr~3<*A5-J+Jo zYn;XslI(87AC{zneZw4`fULpL0ob)u^Ll*1^ogNXFsBFC7x?<|cWHH}#d$#Fm4bwq z3K4yqhEtQY?^X?ZI51*WcvPl6P4PjwjO^z1S@@55ikE<(C8a@`03c5o5LV3czP<*X zjI8d}nht+k*-CW2#%XPB7_6sRqu+Nr|3s29g zVp9O$$w!gFI^|QMyp7)I9-DZeUY`7<1`QslW_%Lj)X+n^7W_zlLm{;957dE1`lhm> zzS-9e>;_mSReQVFRGnsjrNYsZ2msniBdkET6A<)M{!`M@%$qb=U}U5pZD$*XJSYp?!jcU?1C-*x?KZf%WE zVPqk}mZahpefK`gmt)n1v#kJ{@{>a1nt-v!vlY}tf+^-^NxlRLzJ&ol38xZ{4xE;5 z@eaULR_(`)q4a@E-S%kDpl_k3i(w&2s1>MENxi33!~W4WW&)W^TGsOA@|q*F`1US? z*j_I*6(`R=+paCNRoHSlhDmyq{qEU`LV=ojBkJ&;@`zq%%(zB22>omnMga=c;WP}G zVUt#h0?j^)=lEQ_M4+!@!Sn?fkFH%q`U?3av|)xH{IXCkIwY>uQ3dx$s~dfrx#L8{dRk@$mgRp_ zfG86!AkDJ;a0K@kR|*V=LgM^k6vQ|Hb84vm)$H&1AE)Jw253aaE7La5*G&R1>4v@``O3KOXE&DB?f)#%ywW-wzHP{L zN%}%j6veoyFw~)7)Y^C8pN*^YMt7}>ZvdlWdW^&DLVk8+EOTohn?>X&!B zT=pk#cYeBINPCVt`mAYLCV<2Yv`S1KUAWBhBz51QcA;_TyyeHT?DypV0&0tfjl)?e zjB&`0`1#SQ&R3HEC6tF6i`qr^!HCl26KK!a`l+y2u1+^X1BJI`rizYCRLl>7)SSE+ zdL5ptzE@F9b*8d=D}7aU4fV%@n9rZKY^I4kX{6pZO32yP)mS92$aDczFG{g-&oXBm zI|Mw6SNSton=8*7S%O%2zSvy$yAN$RM}3-w)6uCb7EY%IPgNGubIIrUS+qY(>Oa*Q z`>&lR%&t-pHQWa`hhUiYlEP>Rtkx5>sR?qS9PflG8TlYnQ4d41jZ-O) zjZ<9jOap*;`I$n0XlIrvs`5U*bR7~gv0S{PEdGN!PVOO!5~uH7#S_CuSlB+XS3eXKuBpEM{vCU^MqD;+i1iIJn<;km?@~2!_GjMK{SnwnazR6z zb~B!jPJ3*zB5&`IK@6flYu-@lRM>ztt6>>uJEUEu9CSVzSk62Snl|>!bAz{h?xHfd z{rh|UbHWRnV*;pw7Dt+q)}L%_+cBg?``>Y`phyJF00Zn$?{PPu{TJJO_50$T_L6?<_w$0L%NufaTNA1i0IxlFv z0%hZWE#nGWy2(`x-xSYq-Edh^os$s0 zz1DFzpcyOX59eFdPeZ@)gt4ICSUNriJr=6#b^GJPC+uXv=0aZS%0RspR-d^ntGXE& z_v3fe&m5$N;TkCw-pCOd;9>R@=Iq@`QL}`Rlk@hH^QcqvSGxoFI&(vvoDqu;C(oS0X!nKTsOWp+)t z0-z)b@2|!cxef!eF~W!jz2=EN;Zk+f=B2>sW9nz9bXT)Ifo*aABV!2gb`P_8cm$sUxmB5UPbYmafcHES9VMLr1BCbLIdoJgt2oUi z)Y>_RO#eiFkD!`ep&aYLv=$xItOL~97ccIw57eM6pik?xdiu}z6yZT#7a*Z!d!N*T zEq1-Rro#8a%TNP>1PEyem&ul>MXJ9&OX<)dm}|7X79ymwwc#+Mz(3VVQar8GQwX=_ z&krow#IOr_K>l+s8!DNx@MgE<2ql0n@Cnz^=GA+w#?a)Le)hsR6<1tDZ!5Jp=*Dht zzqmh?hn)ves_0h?j#T6?2WVU&X3OmWU_yO5-*hE6`zSN!#e2BgOO@3CBg^VG8W0fS zJr#6+PIje7k@Xot=yK}p$fWTO$)^RGqsgaqd^&T~Hed3BbbMpXhQc(^DI!gm zN$_-zPq%=L&2rsA#E%O3M}X3s)^k6r-=ArzmH&K=3we`Yb+q_d`Vu$bSh#XA=Ay!u zzqr@y?~j`yI^4u&z7aMwG+#A_o0;H(v6W7)1w#s~t3*X>Z8O|2j?JXda!mO;JP0YT~u#qSyMKU^{(GJg&5{YCs+O-tQs|SX^J@=!xVKx@EpMzk!3b zili0hEkJdwY`n7~s~gASEk-i4!}jyT9lkvnQtRu{-YNUuHrPwlJ#yq3S`KbE(Xz0{ zf+h~#6EG*aD%HWE+*3+W&`T(s8g@WHz>Q{2QSPGrEd<1kf18uB(olcroe>%$@b_MFX@IB+g={;3^c~Rrf{$%1_Zb z2hcoSwYXCiz!r4`aKG94$Dc69KI7oDzZF+ek+-HcD{o2c-;p2rn3TpOW!R%7*Z+$q z!@?5)h29?e$HK2~xKGrN7~9)hI6DrSsMm=fes@B(@luN?1cHZwjATx0o~-3ZxGt$u z3bn4l!&^6R!tCMwS?`L7gLMO39dnAB4bhw!rzukMzp+lncS7?Ok=x42iS-Exp%{K;PPN`yy;pYD8`-axK&^t6bMoq7?Pv^I%=+$_b z6QsVAF4RrA{l(tKPlPYfr{`%Rh6$&RhQWPvh8|ZBh?7sWft=BTU90$8_x^B$y%&O*Qv#q7RkAQKtMQ*c-* z#O?JOfOJknIpZ0!WWjyHXK&n7rY5=xfy%>AizwVAFkxS+Q#ZaWx8FGQ;K z8|EzXoaPetX69wWG?|9}%}q%=eDUW1x?AO@UATOTVT_c9f_wTFPyO5Y=7GsitRn zh|aOF+bk=QP7rZL#@2^tnX=dlNby@9>*Jh^5$Fy9b{h*MH(OcZPj&0dWMxO*Q+}~Z zrW2DQmT#$>USy!X%cIZG>;O}GlCUNA89p`_-Iv_}Nast|#EtHC$lCe-@yrAwqC0(} zSs|#1z#T%$@)3n>k!tnf?en;&SCRwN;E zTmn$Pr_J)ABrLbsL|)Q%cJ36fh|&B5K_v^rsBv zn}DcJ_rA#C&9V97a(RCX3)^0l!lG9 zvJcgMi+uI^<){S|&gh5d1gh1xAD|c4%Z@q~YQ>(u<@$|!@)I$&Z~-fu@=%zg%3jc??ClJF4Up=A+HjK<)o7JD`l*Z0M5LdhZUAgv zT(3*DJ)2z%H`kjAR5+Sp`8bv_gm!UMlpP*f6o&=tOVpicvP!EK>IO+18YBF@O=Y|7 z_onn8z+~A0_|H%J30rh8qNfFYal0WP@?UDUxesjmJV)3p6!!LGkI5lk0YC(`s93p7 zU#p+(k?bG34^mrIHAf_J2>!?u2#i`B_Y$JnwcqAYnwl9VuH(O(aMyVYIexjsJT!*0 zCeAh1-%3?!n{*0ic z!2(AoBAr&lePkN}sH3+BI~BHfOTqITn$F<2$4KR8g~M)*^tpbA4L)g6(=?)IuOLV8 zBYY>K#+&m~Bm|L;5xL;^vKhfAb_8dzpeN?``;CZDQCrMkSQ8BtA}`o0deJz44y&o4 zh6|HI>lIq4DyQB6>{`h(G~1MapX2!V?)iU(!stnEI|2VIl_6^092%>kKr0PA;PM#a z2p#8@Qen{l$+N}SMMN_@Q|t#QVlVZm&G?{Y+S6;+Kl$Fk^Eq*iJ#DQpdcBPT=RKD4 zU}pEcuB*M5VVC0duAV7zp0=)SG3L@YW4Ski#x7z$HNddf`5e|AsX_EguuJ_ln4bo% zHH%%GD21-sgszIj-@o^i*)%1)go zw%^Qyo@SKcn9fyH>`4`57Ay6tLOU$Op_cx&bagM;#;25|0=QVdYgyZ+qR@w# zbxgd+CfB@O&4JYe7&+Ia>2Y(A3o@CkVJzRtSqaXU2Orx#4cUXI8kzyJ#|zo4=TVy@tPU)nDdUMGis9&^t5u7B)&Oq=aAn!czpxTarLJ)LkD7x zxXX#zm9;(V@O?qJ^!CShy26Unu*Ot?m~nD~EU(7B6uathy^USz9Im$tu*dY0gLpoN zfL)roY;VnH=Z@vX`lv;HSEB7gA=Mk+U=0Yvt;upJcY9%+->cTGU=SNS>)#t1oYtj<+kh;P4kdhOMl0s0ow4CaeTp-dI zD2S-rgG20c13*4Lu}@JRs|#&UGZ`sC_%1f!M-S|pgiJi?BbcUEp{Q447tM^@TIU~U zcGN#xL!iQE-itzIKJ}?@wiye&>qx!3wG&2Qt+r~uOaNx?bZjQ9Swo6$jl=z zF-H+wuh4d>IGcra2wrvd6$CSn3;@rwG)IV3+D!wnwv%UBfuQYhpc0RHSX^ z;RAS27c^HGTF=&Xg-{e)h0F)y_92@iBRUOy>dmReSc;EkHC+35>Gj4gNk>0hg+g3U zaYTAAc40-#wssl=I{sp+0J|C%$h%$SLcuOIVotD5JkHO%>E+WkR1!OJskguj2P?kR z26ky`)YP)(KBrQBLmN}1npLfB+w)xN?dP6CXVh}cL;6l^gE;|U7o(6~Kwky98Z|Pi zU(|4XC%&)?Kf+XMC?I^Gum9DHerUF^>qB>xm^qm%&=voCRM59=)nCiMTm?~@Gt|Fz ztXCC8E91SQQq>egPX$mig$VM;s?m0-_N`HS(_68NV3V(p&}M^hh6my z7_+gCyTa^KQ*QN%k6HjvHrJ1{>9dT?UvaKI>AN7tyy|c;Wg-->wki?}Z0Bo<;LB%~`Lj`LJOg zyeuw1DtsX;(-av(6~0Ye$r703Y{IbL4bziK6Dn+~iC$fK=>kCz48RXn;@hSDxwcnh zmtyuoo@UnR7{ED?w{N(K^Ai?!@s(Z_-+0#fc(G<{GbY+DD&~2kFwYRYsvWxu=C18A zsp9f9?Rn91Ebp%Tu3n|>Dl8c%hf7)2jAf7Kda!Dw==``?a)CkDOfy)ujJ2livU>8S z<8Mr8=)PaUt2--^8m>-UO)qbDavJiO3KnjJqhhdG_^Aexy?+2=sKOD1|?*Hp7+)Cmg;S@M49-Ppx3cO3l0 zdA34?&M?RPgpr!Ut^~U*53gnM6_2}W#x6Ys@VERY+k9lO z8f{gu?>*SXMZ+=p4Ci2gOXPI6&K~TDS8QXh509oN^r)z5>{8SG3%=)t;_Yb+>T&_9 zcQyWtt1xnEEps$(&FAwu#Gj#$;{f9VYP#!Qi!RuOZN%>Rp`n=E)NAf?7X%Qhwp3L2 zOi!5=uI51qsQ4AW@kk)iVz!Ogq@&0D|$$ma!f^u zTg^_46Z2~5XZAMFpgpezZ4UB z<04SJQ$521xo(NtNQz>jn4sTjnuX`hQ@f)*} z%a3M@c@bCQMA=$KrUZk`wq`q=jz_83ck-haoOu&pW){rURn)3a+jXi06y_lGQ+WV; z$;#-D{+R`v=1VPx{+Y#7%gP^RGaMzCo5wMm^FUaZ{G4$`$e!XGyJ*6o&@B$mFL*L3 zc75Wwy}up{G5sWqT)*eIQ=xvQ_j>+4B`&QzvFkJh0YwTSHRrGQh7vl*+x zwpU}9nw}TcZ0&YD-{9Z#3LVqQyp8I*Ld7l>_nS-3Q{VL+1H*bq;?&-VUC<4ReocFqC5#+UdH?!>$J93P?8H5+>6XxGp9$1W67VH64Xc4|U-%xTC441Ta2 z>UZUAgeT7AMq-ysuQAkgz{qYiF%~C}G@Art0?dE^Db@<(h&=G0uSbb*SM6dKkJ%$N0cot*Wg8cl z#;s1y4-jh72uVv#DP_aLE<4NsS(8N;ZPbGC{{mkDSthTrs`%BYk&&;=g7}Gj3C`nA zHD8KZY+SXR6>Bzv!Y&o>tKt(1_^ySY&B?q&bElXCt*m~nsbxbe#H&ENja!&$5RA?n zE-ey3oYi*%^YN)CPFu5@1$Y833he#(p=^>FX^1zD0LA> z^l7EcFSrh)z%B(ZbA$E#dYPRmBcxUhjfs(wO}7~?7X9)#v5N#xPmkZq<;ePU>uxPT zSFJ71o`YS)-p{Z~55ulgV<@W?D0V?Vet(gqozeX#^T_h;wm*grgCa`m?**p*rq-@x0@xF1(!#AUV4 zRYQ0r*rocuWiZ9d(3+3vT(K5i>l2rH3%t~IJwEJGabniQ%TE5-L(U&`IjcLhX94di z*rmDB{sv!=P<`0tI5m%5YQPww{##wM(9@~j;a@rrK@~IKX{v^>ixxTV5<#nv;d$hzG+LeT|63J^Q|kW zHteEz*9YuPEn}BD2fI>~wq|m&2O$SX6affLZDTolVZw*jW-LmOsdIN_zQ?Cp*!7-| z=l7229>J&f%sChKlXpT_wkvYt70l}8*roA|Z#mvT{DHHC6A5(w*D0EtJX-APNY-iog4fd(W$3a*Eukyc1)2DENe)}+ zy6Q35rTsaM0;`s>OYg{9RK6&G{zZB0x~}N?7>jx+LeG@MKA9VeK`@;&&#;!LdDv}! zlz#;ZLw)jj`Cs>Pmv(a4KQx_!H+1Qf|1%u}k%`TOkWi4=3|@deJoB6E<{l zb-XKXqx=^bMVI#wu}hPhuZD^IZO@DCf6c%co$LMoYH!Cb6dng4)zzn##H(H4hvMaP zGdTRXG3}9+P3&_?Ngcj$T+a5gA+al9@qT88<%ew1Hd+1{Ml7_Re0BBaLL0i|3H}Wq z5sZ5?b`>J+uhJE1pE2@8*x<$Q9`-vtSe(Fwzl|eMr;(OHW0&Pqwr&2mv!18yd)%GT z7qJ@t>p*@n!7g;TcJ7`(@LI#iF1pbFuQBuQUii}St>@x)NaygDm8YvW85uPyE@~*S zjl3Vz9lEDsmp+f&NPm->#xC#h{FdRrmUK}%Na|hgi{d`b`Dt9KYXSxJ4wM~Iixnm9 z;D63y!py*h8!$zG-4boD@%Mt&_i6A@YFU}!3T0~LiY5MJ>hLsivsYtRp?Wahc1mH# zlg=`er!q@tbh>&ac4=1gSg|Y1;~=$e5HX}x zhh3V+anteqU-W>Kv^y>2I;_Nvh6_4GX(0@4wOB5}CcB(Oon5hp&_F*aIn%gYYT! zz`oW?f?Y*Lve(LID9MJ0U4_N8BL0qSI)Dm*gtm0f+=afDCq}O^GO8v3FPq2Xj$o7% zq>vG=hiSVC$2;zz*`wC63&*&}RrZj}J69fO5>vxWlxl&`o*dV%x;ES*ry%Rf1sA+% z6*L0^J>#A}M+Fh%tjS!K~&EJRp!HLpqUFt3H+E*{;p8B3P zrVr()1?SAJqkyBV059%|nVbbpDG>p7b>zo?!aF~{CQ!xu8W6+v75wja{Z{moedT6M zOXr5>FbKh5SAt!NE$QW{*yTbG9=nFmn+J?}aSXl=r~+UX)bX5y`SoUA!_5zNQA|D5 zut4L&=IFFNchNK+0b@D@d(XozHAp#*=8vvz>`D!>^rBDVqpk)$;lFU~qKaGl1NA>9 z+vWGazgltTx04VrR*}mw z+sb3v#@{iAsirGGiYa1x_}Haq&XA=DUf!p=7R^U99>c~=+rzfaukx$3PbILWYqrql zNi8NDnz5M7^WD*mWm&Wai(LtJDZcPW|Lv%gcCgsBKK|nr$}R`wz&*okXY@u{>#vHj zOI6Loe#a=2ys7dQ-i@LJFP81VbAx|7Shr#i!!E0s&GQt{HHBSvyTAoG){G8WYDl!$ zwHI3TSxc6ix>h~G!U>3%KjuY1TS<-j6gfUMq+>NT%)^K->ao$~C&9O*QoU#I<~W1YHJsy41x zU9adn@Hbt?iyF2J_L6b6X3QgT%6~69~*rhjJd`AIYtJuX6!4@U4OEV+g$9F|t4o2pVT}OoG zNT9~7ZS!-QEj0%j`cIC*!IF0OLgTXC%~>Y3t~pF@#;56=qu*gy86XLh$rMc*&#K=3lQd-{(9fW5r3!C;)a(c^B05ZecFFZAu2)wo<^oi;)!7Q#*GXiA*7Yu02Yjo>!y@z_-m z(7Kvy61x=5SFw{Obj@3z8cBEhh@GdOz$LyF$^$c;v0*F6b# zxxs7hDZM$yj-v4^xD`jq=0tF z%VuV0b3D$+E#_gohKXp&@bmnY7VDS7#I6LpxPS_Ia$gRzUSm*tE^w2K;v&*xxL0et z2pHpCff4jo8Rg_c*U7XAXW~wp7XzJ%YQ`=V(0i%RPc32>$9DLf@y41HhR@q)17jqzHJE3`bQ3UY_lruw^iK@gd3%vLntu^V}#T;bEQ~Y}0WzASk z^%8OM;{hc{lgW^;KplG(Ueo85gV6E|^O{8)|1O2*6q;!30DxAC?YZon7M$MU7GO6y zs3>qF!LE+f8iUN^inDXY4xOEjd9hmIUv(~9OCUzG@Ll&~0PLi}j5a+iV(j7ws8`u& zWG&sCJqo%?vv57PJtF$u!|Qe z^QZigm-Y0b+AoG2cr>j&%K7$u{#HJJ*nQG|%NWg&4jTO!9j#WP+kh$bc&cxZy5+yH= zid`#9Vq`37YD+aSce{0}1vE!0XK*Wbfx6Lq7OHO2h{q_f%TC*zSy29pFZJvRT`m{C zKku;row>|e4}H7wtO<7czZ*9#BA46Qwjykrq2(Ldfpar_raDeC zOw<3Vw}M|C7c^A)c^SbYFsy)v8o(|!!q1N*Fik~tpnF4&1nobY0d8^{n6oPMk~q|L z-Kjw}kqcD%lD2pVk#>4^Mdxd#zL91hObl#Z`5oE9T;3^Zt)w?MC~jO1lL%f3cG=IM zLSIIhhdDpN?L6){(bMfU*^py}zNNv~48+Hrp{TISvWqbG_c%-`j6v2KgTT)q^Nj4t z%a8a-gD z(uL~AE(?rlZX6+x;Jd<3Y0-17(m5i2=Fi@jWe@csEPbkSqz3;!KSQ$%qsUzor8lHj zKA_fXPrQQZ?7N>au)X7W0V<5_Pk7awoc=?{nV>Kl5O#gbz15|)VW!#ER0VdKz0qb# z+}6y3nYv$Ub(vtAE-2Q`9|tbZmPq}%7&$Q=hoH{Bh4(n$uGgD#>25b>vT@e4!|LtO z_=3;MZB$HaNV^J>Zf`-2-kOL9u%pgEs58M{vs%JejIXJzHRbR*L;FJ(CWTROmN6IN zRkSg7NZn3t=hSXEz&0z|=D%f%c}6ah4W%xG#_?qe##uvMqc${$AE-U$sKp^naq#Ln z$77w#2#MOoUr)Rx%^C6%+6(jA-0gX7*ZI_NezfCF`4Gm9TTyb>AeP+gDebjYB&eZe&WSowq z&X76TM7u&e=Zj82mlmZfY1Tl2@(hVaN23`zQQ4BiXYzebfn*|OT0{YS@nsG{xDxD@+2t832{0mA7s&X#ew zsc6*h#94?-0JBG{;5xavc+UC1Sms{jU7UT|M9hkr1ZjA1FipV&ehJ|YBbhY5CKDDkn1NU^EYjlSx zz4tnIoxUIM$c;FZ*Nw*R&JoRwJLBG;XXsYhOkx>9?JqB>W&?9F?#26DcilLDvR#_G zj_|_AHQS0eaW_WE$U^3`u*z)nQgaP%?Yh^Q;3L(;SPMR*_{i`6=qDqfyweP z&X=v6#-GiKzlzk&+E#9)T3H0R!^dQ>+h^Cdz#DSB~162SJ%Jbb3BHBr}juSDR9v=Q>G{h zZviZd)?OlTCBC+)oYb}vlBjX z!p!GY(6r#5)M^w#-q4k_^3hB2fNl7^nZ;8}rq-1ma3apfIrs-2!c!Py&cG;~CL_%T z=|5x^Z&;x4{<#+cPF^ld$}E^#vT->XZnne`=0cof&c!X}aXcpX%SGl~b1p`ilVy9e zU23iL@#MO(S}IxfUyTc=mXwucGuc5-!6=+1m&+sOaomHm zLMZf4*Eaz#{lyu*#Sr3d~+_&ksI-tJb}^q zeRz)9Tegywhb+~&@XzyF&pE2;-P2KcosHMP1<*gWtPGQ_uoupe^Kgz_gnRIqc|30; zInSJn^KrWDf^D#VdU*^;EjH|T=-btwJ2~&G&KR~0oj$Kct7AvU1<|ys`ln`}{8s4G zdk(EgG&=RvdzJG^>bPQ4p!;a?9Dl3=SNYM&Pe;~s|D)C``lNGHfu{FYKGs5_?W*it z>r+0mamV=`$?7q?@_GD>p|2At(RPJzQ#XG$kB6Z1V$G)(xm>*&65ftrQF*+=TxiMY z>Z?{oUoxv~F^l5lmCTXv>*tNs=UQ zyZ-W}*W!_VE>GI<@}EDwzAuKAKjv%W`u*vZ1~vfzXd{;Wnfy3D&+B^sub*B+e4Pdf z-sijdcuu(JgMKa(!MtEb6~8# z;c|gqk|g=;+CX(UyQzNz000000000000000000000D%9;PuO74RQr*5_y7O^07*qo IM6N<$g3kZ64*&oF literal 0 HcmV?d00001 diff --git a/bitwarden/rootfs/etc/cont-init.d/nginx.sh b/bitwarden/rootfs/etc/cont-init.d/nginx.sh new file mode 100644 index 000000000..e1d55fbe7 --- /dev/null +++ b/bitwarden/rootfs/etc/cont-init.d/nginx.sh @@ -0,0 +1,29 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# This file configures nginx +# ============================================================================== +declare certfile +declare keyfile +declare max_body_size + +bashio::config.require.ssl + +if bashio::config.true 'ssl'; then + certfile=$(bashio::config 'certfile') + keyfile=$(bashio::config 'keyfile') + + mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf + sed -i "s#%%certfile%%#${certfile}#g" /etc/nginx/servers/direct.conf + sed -i "s#%%keyfile%%#${keyfile}#g" /etc/nginx/servers/direct.conf +else + mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf +fi + +max_body_size="10M" +# Increase body size to match config +if bashio::config.has_value 'request_size_limit'; then + max_body_size=$(bashio::config 'request_size_limit') +fi +sed -i "s/%%max_body_size%%/${max_body_size}/g" \ + /etc/nginx/includes/server_params.conf diff --git a/bitwarden/rootfs/etc/nginx/includes/mime.types b/bitwarden/rootfs/etc/nginx/includes/mime.types new file mode 100644 index 000000000..7c7cdef2d --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/mime.types @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/bitwarden/rootfs/etc/nginx/includes/proxy_params.conf b/bitwarden/rootfs/etc/nginx/includes/proxy_params.conf new file mode 100644 index 000000000..1990d4959 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/proxy_params.conf @@ -0,0 +1,15 @@ +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; + +proxy_set_header Accept-Encoding ""; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-NginX-Proxy true; +proxy_set_header X-Real-IP $remote_addr; diff --git a/bitwarden/rootfs/etc/nginx/includes/server_params.conf b/bitwarden/rootfs/etc/nginx/includes/server_params.conf new file mode 100644 index 000000000..b6fceca86 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/server_params.conf @@ -0,0 +1,8 @@ +root /dev/null; +server_name $hostname; + +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; + +client_max_body_size %%max_body_size%%; diff --git a/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf b/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf new file mode 100644 index 000000000..6cf1b5a3e --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf @@ -0,0 +1,9 @@ +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers on; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; +ssl_ecdh_curve secp384r1; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; diff --git a/bitwarden/rootfs/etc/nginx/includes/upstream.conf b/bitwarden/rootfs/etc/nginx/includes/upstream.conf new file mode 100644 index 000000000..b8b7af611 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/upstream.conf @@ -0,0 +1,7 @@ +upstream backend { + server 127.0.0.1:80; +} + +upstream wsbackend { + server 127.0.0.1:8080; +} \ No newline at end of file diff --git a/bitwarden/rootfs/etc/nginx/nginx.conf b/bitwarden/rootfs/etc/nginx/nginx.conf new file mode 100644 index 000000000..c1fbd4b5f --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,52 @@ +# Run nginx in foreground. +daemon off; + +# This is run inside Docker. +user root; + +# Pid storage location. +pid /var/run/nginx.pid; + +# Set number of worker processes. +worker_processes 1; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Write error log to the add-on log. +error_log /proc/1/fd/1 error; + +# Load dynamic modules. +include /etc/nginx/modules/*.conf; + +# Max num of simultaneous connections by a worker process. +events { + worker_connections 512; +} + +http { + include /etc/nginx/includes/mime.types; + + log_format homeassistant '[$time_local] $status ' + '$http_x_forwarded_for($remote_addr) ' + '$request ($http_user_agent)'; + + access_log /proc/1/fd/1 homeassistant; + client_max_body_size 4G; + default_type application/octet-stream; + gzip on; + keepalive_timeout 65; + sendfile on; + server_tokens off; + tcp_nodelay on; + tcp_nopush on; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + include /etc/nginx/includes/upstream.conf; + + include /etc/nginx/servers/*.conf; +} diff --git a/bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled b/bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled new file mode 100644 index 000000000..9189013e1 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled @@ -0,0 +1,23 @@ +server { + listen 7277 default_server ssl; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/ssl_params.conf; + include /etc/nginx/includes/proxy_params.conf; + + ssl_certificate /ssl/%%certfile%%; + ssl_certificate_key /ssl/%%keyfile%%; + + location / { + proxy_pass http://backend; + } + + location /notifications/hub { + proxy_pass http://wsbackend; + } + + location /notifications/hub/negotiate { + proxy_pass http://backend; + } + +} \ No newline at end of file diff --git a/bitwarden/rootfs/etc/nginx/servers/direct.disabled b/bitwarden/rootfs/etc/nginx/servers/direct.disabled new file mode 100644 index 000000000..cc4d38593 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/servers/direct.disabled @@ -0,0 +1,19 @@ +server { + listen 7277 default_server; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + + location / { + proxy_pass http://backend; + } + + location /notifications/hub { + proxy_pass http://wsbackend; + } + + location /notifications/hub/negotiate { + proxy_pass http://backend; + } + +} \ No newline at end of file diff --git a/bitwarden/rootfs/etc/services.d/bitwarden/finish b/bitwarden/rootfs/etc/services.d/bitwarden/finish new file mode 100644 index 000000000..8ef2181a4 --- /dev/null +++ b/bitwarden/rootfs/etc/services.d/bitwarden/finish @@ -0,0 +1,9 @@ +#!/usr/bin/execlineb -S0 +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# Take down the S6 supervision tree when the server fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/bitwarden/rootfs/etc/services.d/bitwarden/run b/bitwarden/rootfs/etc/services.d/bitwarden/run new file mode 100644 index 000000000..a4741ebfb --- /dev/null +++ b/bitwarden/rootfs/etc/services.d/bitwarden/run @@ -0,0 +1,81 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# Runs the Bitwarden RS server +# ============================================================================== +declare admin_token +declare log_level +declare request_size_limit +declare secret_key + +# Set defaults +export DATA_FOLDER=/data +export ROCKET_PORT=80 +export ROCKET_WORKERS=2 + +# Set a random secret, to remove confusing warning from logs. +secret_key=$(openssl rand -base64 32) +export ROCKET_SECRET_KEY="${secret_key}" + +# Find the matching log level +if bashio::config.has_value 'log_level'; then + case "$(bashio::string.lower "$(bashio::config 'log_level')")" in + all|trace) + log_level="trace" + ;; + debug) + log_level="debug" + ;; + info|notice) + log_level="info" + ;; + warning) + log_level="warn" + ;; + error|fatal) + log_level="error" + ;; + off) + log_level="off" + ;; + esac + + export LOG_LEVEL="${log_level}" +fi + +# Show admin token in the log, if config does not exist. +if ! bashio::fs.file_exists '/data/config.json'; then + admin_token=$(openssl rand -base64 48) + export ADMIN_TOKEN="${admin_token}" + + bashio::log.info + bashio::log.info + bashio::log.info "READ THIS CAREFULLY! READ THIS CAREFULLY!" + bashio::log.info + bashio::log.info + bashio::log.info "This is your temporary random admin token/password!" + bashio::log.info + bashio::log.info "${admin_token}" + bashio::log.info + bashio::log.info "Be sure to change it in the admin panel, as soon as possible." + bashio::log.info + bashio::log.info "After you have changed ANY setting in the admin panel," + bashio::log.info "the add-on will NOT generate a new token on each start" + bashio::log.info "and stops showing this message." + bashio::log.info +fi + +# API request size limit +if bashio::config.has_value 'request_size_limit'; then + request_size_limit=$(bashio::config 'request_size_limit') + export ROCKET_LIMITS="{json=${request_size_limit}}" +fi + +# Always enable Websockets +export WEBSOCKET_ENABLED=true +export WEBSOCKET_PORT=8080 + +# Run the Bitwarden server +bashio::log.info 'Starting the Bitwarden RS server...' +cd /opt || bashio::exit.nok +exec ./bitwarden_rs diff --git a/bitwarden/rootfs/etc/services.d/nginx/finish b/bitwarden/rootfs/etc/services.d/nginx/finish new file mode 100644 index 000000000..23d85af4b --- /dev/null +++ b/bitwarden/rootfs/etc/services.d/nginx/finish @@ -0,0 +1,9 @@ +#!/usr/bin/execlineb -S0 +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# Take down the S6 supervision tree when Nginx fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/bitwarden/rootfs/etc/services.d/nginx/run b/bitwarden/rootfs/etc/services.d/nginx/run new file mode 100644 index 000000000..9c29794d4 --- /dev/null +++ b/bitwarden/rootfs/etc/services.d/nginx/run @@ -0,0 +1,9 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Home Assistant Community Add-on: Bitwarden +# Runs the Nginx daemon +# ============================================================================== +bashio::net.wait_for 80 +bashio::log.info "Starting NGinx..." + +exec nginx