new version nobuild

bitwarden/Dockerfile

@@ -14,18 +14,42 @@
 # 1 Build Image #
 #################
 
-ARG BUILD_FROM=ghcr.io/hassio-addons/debian-base/amd64:7.1.0
-ARG BUILD_VERSION
-ARG BUILD_UPSTREAM="1.35.0"
-FROM "vaultwarden/server:${BUILD_UPSTREAM}" as vaultwarden
+ARG BUILD_FROM=ghcr.io/hassio-addons/debian-base:9.1.0
+###############################################################################
+# Get prebuild containers from Vaultwarden
+###############################################################################
+FROM "vaultwarden/server:1.34.3" AS vaultwarden
+
+###############################################################################
+# Build the actual add-on.
+###############################################################################
+# hadolint ignore=DL3006
 FROM ${BUILD_FROM}
+
+# Set shell
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # Get the Bitwarden from official images
 COPY --from=vaultwarden /vaultwarden /opt/vaultwarden
-#COPY --from=vaultwarden /Rocket.toml /opt/Rocket.toml
 COPY --from=vaultwarden /web-vault /opt/web-vault
 
+# add Nginx
+# hadolint ignore=DL3009
+RUN \
+    apt-get update \
+    \
+    && apt-get install -y --no-install-recommends \
+        libmariadb-dev-compat=1:11.8.3-0+deb13u1 \
+        libpq5=17.6-0+deb13u1 \
+        nginx=1.26.3-3+deb13u1 \
+        sqlite3=3.46.1-7 \
+    && apt-get clean \
+    && rm -f -r \
+        /etc/nginx \
+    \
+    && mkdir -p /var/log/nginx \
+    && touch /var/log/nginx/error.log
+
 ##################
 # 2 Modify Image #
 ##################

bitwarden/config.yaml

@@ -1,12 +1,12 @@
 arch:
   - aarch64
   - amd64
-description: Deprecated - please use community version
+description: Open source password management solution
 image: ghcr.io/alexbelgium/vaultwarden-{arch}
 init: false
 map:
   - ssl
-name: zzz_archived - Vaultwarden
+name: Vaultwarden
 options:
   env_vars: []
   certfile: fullchain.pem
@@ -26,8 +26,7 @@ schema:
   request_size_limit: int?
   ssl: bool
 slug: bitwarden
-stage: deprecated
 udev: true
 url: https://github.com/alexbelgium/hassio-addons/tree/master/bitwarden
-version: "1.35.0"
+version: 1.35.0
 webui: "[PROTO:ssl]://[HOST]:[PORT:7277]"

bitwarden/rootfs/etc/nginx/includes/server_params.conf

@@ -4,5 +4,3 @@ server_name     $hostname;
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Robots-Tag none;
-
-client_max_body_size %%max_body_size%%;

bitwarden/rootfs/etc/nginx/includes/ssl_params.conf

@@ -0,0 +1,8 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers off;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_session_timeout  10m;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;

bitwarden/rootfs/etc/nginx/includes/upstream.conf

@@ -0,0 +1,3 @@
+upstream backend {
+    server 127.0.0.1:80;
+}

bitwarden/rootfs/etc/nginx/nginx.conf

@@ -27,11 +27,7 @@ events {
 http {
     include /etc/nginx/includes/mime.types;
 
-    log_format homeassistant '[$time_local] $status '
-                             '$http_x_forwarded_for($remote_addr) '
-                             '$request ($http_user_agent)';
-
-    access_log              /proc/1/fd/1 homeassistant;
+    access_log              off;
     client_max_body_size    4G;
     default_type            application/octet-stream;
     gzip                    on;

bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled

@@ -12,12 +12,4 @@ server {
         proxy_pass http://backend;
     }
 
-    location /notifications/hub {
-        proxy_pass http://wsbackend;
-    }
-
-    location /notifications/hub/negotiate {
-        proxy_pass http://backend;
-    }
-
 }

bitwarden/rootfs/etc/nginx/servers/direct.disabled

@@ -8,12 +8,4 @@ server {
         proxy_pass http://backend;
     }
 
-    location /notifications/hub {
-        proxy_pass http://wsbackend;
-    }
-
-    location /notifications/hub/negotiate {
-        proxy_pass http://backend;
-    }
-
 }

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run

@@ -1,13 +1,11 @@
 #!/command/with-contenv bashio
 # shellcheck shell=bash
-set -e
 # ==============================================================================
-# Home Assistant Community Add-on: Bitwarden
-# This file configures nginx
+# Home Assistant Community Add-on: Vaultwarden
+# This file configures NGINX
 # ==============================================================================
 declare certfile
 declare keyfile
-declare max_body_size
 
 bashio::config.require.ssl
 
@@ -21,11 +19,3 @@ if bashio::config.true 'ssl'; then
 else
     mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf
 fi
-
-max_body_size="10M"
-# Increase body size to match config
-if bashio::config.has_value 'request_size_limit'; then
-    max_body_size=$(bashio::config 'request_size_limit')
-fi
-sed -i "s/%%max_body_size%%/${max_body_size}/g" \
-    /etc/nginx/includes/server_params.conf

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type

@@ -0,0 +1 @@
+oneshot

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx/run

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/finish

@@ -0,0 +1,26 @@
+#!/command/with-contenv bashio
+# ==============================================================================
+# Home Assistant Community Add-on: Vaultwarden
+# Take down the S6 supervision tree when Nginx fails
+# ==============================================================================
+declare exit_code
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+readonly service="NGINX"
+
+bashio::log.info \
+  "Service ${service} exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/run

@@ -1,8 +1,6 @@
-#!/usr/bin/with-contenv bashio
-# shellcheck shell=bash
-set -e
+#!/command/with-contenv bashio
 # ==============================================================================
-# Home Assistant Community Add-on: Bitwarden
+# Home Assistant Community Add-on: Vaultwarden
 # Runs the Nginx daemon
 # ==============================================================================
 bashio::net.wait_for 80

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/type

@@ -0,0 +1 @@
+longrun

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/finish

@@ -0,0 +1,27 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Home Assistant Community Add-on: Vaultwarden
+# Take down the S6 supervision tree when the server fails
+# ==============================================================================
+declare exit_code
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+readonly service="Vaultwarden"
+
+bashio::log.info \
+  "Service ${service} exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/run

@@ -1,8 +1,7 @@
 #!/command/with-contenv bashio
 # shellcheck shell=bash
-set -e
 # ==============================================================================
-# Home Assistant Community Add-on: Bitwarden
+# Home Assistant Community Add-on: Vaultwarden
 # Runs the Vaultwarden server
 # ==============================================================================
 declare admin_token
@@ -22,19 +21,19 @@ export ROCKET_SECRET_KEY="${secret_key}"
 # Find the matching log level
 if bashio::config.has_value 'log_level'; then
     case "$(bashio::string.lower "$(bashio::config 'log_level')")" in
-        all | trace)
+        all|trace)
             log_level="trace"
             ;;
         debug)
             log_level="debug"
             ;;
-        info | notice)
+        info|notice)
             log_level="info"
             ;;
         warning)
             log_level="warn"
             ;;
-        error | fatal)
+        error|fatal)
             log_level="error"
             ;;
         off)
@@ -46,7 +45,7 @@ if bashio::config.has_value 'log_level'; then
 fi
 
 # Show admin token in the log, if config does not exist.
-if ! bashio::fs.file_exists '/data/config.yaml'; then
+if ! bashio::fs.file_exists '/data/config.json'; then
     admin_token=$(openssl rand -base64 48)
     export ADMIN_TOKEN="${admin_token}"
 
@@ -73,10 +72,6 @@ if bashio::config.has_value 'request_size_limit'; then
     export ROCKET_LIMITS="{json=${request_size_limit}}"
 fi
 
-# Always enable Websockets
-export WEBSOCKET_ENABLED=true
-export WEBSOCKET_PORT=8080
-
 # Run the Bitwarden server
 bashio::log.info 'Starting the Vaultwarden server...'
 cd /opt || bashio::exit.nok

bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/type

@@ -0,0 +1 @@
+longrun

zzz_archived_bitwarden/rootfs/etc/nginx/includes/ssl_params.conf

@@ -1,9 +0,0 @@
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_prefer_server_ciphers on;
-ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
-ssl_ecdh_curve secp384r1;
-ssl_session_timeout  10m;
-ssl_session_cache shared:SSL:10m;
-ssl_session_tickets off;
-ssl_stapling on;
-ssl_stapling_verify on;

zzz_archived_bitwarden/rootfs/etc/nginx/includes/upstream.conf

@@ -1,7 +0,0 @@
-upstream backend {
-    server 127.0.0.1:80;
-}
-
-upstream wsbackend {
-    server 127.0.0.1:8080;
-}

zzz_archived_bitwarden/rootfs/etc/services.d/bitwarden/finish

@@ -1,12 +0,0 @@
-#!/command/with-contenv bashio 
-# ============================================================================== 
-# Home Assistant Community Add-on: Vaultwarden 
-# Take down the S6 supervision tree when Nginx fails 
-# ============================================================================== 
-
-if [[ "${1}" -ne 0 ]] && [[ "${1}" -ne 256 ]]; then 
-bashio::log.warning "NGINX crashed, halting add-on" 
-/run/s6/basedir/bin/halt 
-fi 
-
-bashio::log.info "NGINX stopped, restarting..." 

zzz_archived_bitwarden/rootfs/etc/services.d/nginx/finish

@@ -1,9 +0,0 @@
-#!/usr/bin/execlineb -S0
-# ==============================================================================
-# Home Assistant Community Add-on: Bitwarden
-# Take down the S6 supervision tree when Nginx fails
-# ==============================================================================
-if { s6-test ${1} -ne 0 }
-if { s6-test ${1} -ne 256 }
-
-s6-svscanctl -t /var/run/s6/services