diff --git a/zzz_archived_bitwarden/CHANGELOG.md b/bitwarden/CHANGELOG.md similarity index 100% rename from zzz_archived_bitwarden/CHANGELOG.md rename to bitwarden/CHANGELOG.md diff --git a/zzz_archived_bitwarden/DOCS.md b/bitwarden/DOCS.md similarity index 100% rename from zzz_archived_bitwarden/DOCS.md rename to bitwarden/DOCS.md diff --git a/zzz_archived_bitwarden/Dockerfile b/bitwarden/Dockerfile similarity index 83% rename from zzz_archived_bitwarden/Dockerfile rename to bitwarden/Dockerfile index 87086c418..5b0731974 100644 --- a/zzz_archived_bitwarden/Dockerfile +++ b/bitwarden/Dockerfile @@ -14,18 +14,42 @@ # 1 Build Image # ################# -ARG BUILD_FROM=ghcr.io/hassio-addons/debian-base/amd64:7.1.0 -ARG BUILD_VERSION -ARG BUILD_UPSTREAM="1.35.0" -FROM "vaultwarden/server:${BUILD_UPSTREAM}" as vaultwarden +ARG BUILD_FROM=ghcr.io/hassio-addons/debian-base:9.1.0 +############################################################################### +# Get prebuild containers from Vaultwarden +############################################################################### +FROM "vaultwarden/server:1.34.3" AS vaultwarden + +############################################################################### +# Build the actual add-on. +############################################################################### +# hadolint ignore=DL3006 FROM ${BUILD_FROM} + +# Set shell SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Get the Bitwarden from official images COPY --from=vaultwarden /vaultwarden /opt/vaultwarden -#COPY --from=vaultwarden /Rocket.toml /opt/Rocket.toml COPY --from=vaultwarden /web-vault /opt/web-vault +# add Nginx +# hadolint ignore=DL3009 +RUN \ + apt-get update \ + \ + && apt-get install -y --no-install-recommends \ + libmariadb-dev-compat=1:11.8.3-0+deb13u1 \ + libpq5=17.6-0+deb13u1 \ + nginx=1.26.3-3+deb13u1 \ + sqlite3=3.46.1-7 \ + && apt-get clean \ + && rm -f -r \ + /etc/nginx \ + \ + && mkdir -p /var/log/nginx \ + && touch /var/log/nginx/error.log + ################## # 2 Modify Image # ################## diff --git a/zzz_archived_bitwarden/README.md b/bitwarden/README.md similarity index 100% rename from zzz_archived_bitwarden/README.md rename to bitwarden/README.md diff --git a/zzz_archived_bitwarden/apparmor.txt b/bitwarden/apparmor.txt similarity index 100% rename from zzz_archived_bitwarden/apparmor.txt rename to bitwarden/apparmor.txt diff --git a/zzz_archived_bitwarden/build.yaml b/bitwarden/build.yaml similarity index 100% rename from zzz_archived_bitwarden/build.yaml rename to bitwarden/build.yaml diff --git a/zzz_archived_bitwarden/config.yaml b/bitwarden/config.yaml similarity index 82% rename from zzz_archived_bitwarden/config.yaml rename to bitwarden/config.yaml index 2b0ba5e09..01fff09f0 100644 --- a/zzz_archived_bitwarden/config.yaml +++ b/bitwarden/config.yaml @@ -1,12 +1,12 @@ arch: - aarch64 - amd64 -description: Deprecated - please use community version +description: Open source password management solution image: ghcr.io/alexbelgium/vaultwarden-{arch} init: false map: - ssl -name: zzz_archived - Vaultwarden +name: Vaultwarden options: env_vars: [] certfile: fullchain.pem @@ -26,8 +26,7 @@ schema: request_size_limit: int? ssl: bool slug: bitwarden -stage: deprecated udev: true url: https://github.com/alexbelgium/hassio-addons/tree/master/bitwarden -version: "1.35.0" +version: 1.35.0 webui: "[PROTO:ssl]://[HOST]:[PORT:7277]" diff --git a/zzz_archived_bitwarden/icon.png b/bitwarden/icon.png similarity index 100% rename from zzz_archived_bitwarden/icon.png rename to bitwarden/icon.png diff --git a/zzz_archived_bitwarden/logo.png b/bitwarden/logo.png similarity index 100% rename from zzz_archived_bitwarden/logo.png rename to bitwarden/logo.png diff --git a/zzz_archived_bitwarden/rootfs/etc/nginx/includes/mime.types b/bitwarden/rootfs/etc/nginx/includes/mime.types similarity index 100% rename from zzz_archived_bitwarden/rootfs/etc/nginx/includes/mime.types rename to bitwarden/rootfs/etc/nginx/includes/mime.types diff --git a/zzz_archived_bitwarden/rootfs/etc/nginx/includes/proxy_params.conf b/bitwarden/rootfs/etc/nginx/includes/proxy_params.conf similarity index 100% rename from zzz_archived_bitwarden/rootfs/etc/nginx/includes/proxy_params.conf rename to bitwarden/rootfs/etc/nginx/includes/proxy_params.conf diff --git a/zzz_archived_bitwarden/rootfs/etc/nginx/includes/server_params.conf b/bitwarden/rootfs/etc/nginx/includes/server_params.conf similarity index 80% rename from zzz_archived_bitwarden/rootfs/etc/nginx/includes/server_params.conf rename to bitwarden/rootfs/etc/nginx/includes/server_params.conf index b6fceca86..09c06543e 100644 --- a/zzz_archived_bitwarden/rootfs/etc/nginx/includes/server_params.conf +++ b/bitwarden/rootfs/etc/nginx/includes/server_params.conf @@ -4,5 +4,3 @@ server_name $hostname; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; - -client_max_body_size %%max_body_size%%; diff --git a/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf b/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf new file mode 100644 index 000000000..e6789cbb9 --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/ssl_params.conf @@ -0,0 +1,8 @@ +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers off; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; diff --git a/bitwarden/rootfs/etc/nginx/includes/upstream.conf b/bitwarden/rootfs/etc/nginx/includes/upstream.conf new file mode 100644 index 000000000..3bda00eab --- /dev/null +++ b/bitwarden/rootfs/etc/nginx/includes/upstream.conf @@ -0,0 +1,3 @@ +upstream backend { + server 127.0.0.1:80; +} \ No newline at end of file diff --git a/zzz_archived_bitwarden/rootfs/etc/nginx/nginx.conf b/bitwarden/rootfs/etc/nginx/nginx.conf similarity index 81% rename from zzz_archived_bitwarden/rootfs/etc/nginx/nginx.conf rename to bitwarden/rootfs/etc/nginx/nginx.conf index c1fbd4b5f..886e407b2 100644 --- a/zzz_archived_bitwarden/rootfs/etc/nginx/nginx.conf +++ b/bitwarden/rootfs/etc/nginx/nginx.conf @@ -27,11 +27,7 @@ events { http { include /etc/nginx/includes/mime.types; - log_format homeassistant '[$time_local] $status ' - '$http_x_forwarded_for($remote_addr) ' - '$request ($http_user_agent)'; - - access_log /proc/1/fd/1 homeassistant; + access_log off; client_max_body_size 4G; default_type application/octet-stream; gzip on; diff --git a/zzz_archived_bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled b/bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled similarity index 67% rename from zzz_archived_bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled rename to bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled index 9189013e1..89c75114a 100644 --- a/zzz_archived_bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled +++ b/bitwarden/rootfs/etc/nginx/servers/direct-ssl.disabled @@ -12,12 +12,4 @@ server { proxy_pass http://backend; } - location /notifications/hub { - proxy_pass http://wsbackend; - } - - location /notifications/hub/negotiate { - proxy_pass http://backend; - } - } \ No newline at end of file diff --git a/zzz_archived_bitwarden/rootfs/etc/nginx/servers/direct.disabled b/bitwarden/rootfs/etc/nginx/servers/direct.disabled similarity index 55% rename from zzz_archived_bitwarden/rootfs/etc/nginx/servers/direct.disabled rename to bitwarden/rootfs/etc/nginx/servers/direct.disabled index cc4d38593..55efdf180 100644 --- a/zzz_archived_bitwarden/rootfs/etc/nginx/servers/direct.disabled +++ b/bitwarden/rootfs/etc/nginx/servers/direct.disabled @@ -8,12 +8,4 @@ server { proxy_pass http://backend; } - location /notifications/hub { - proxy_pass http://wsbackend; - } - - location /notifications/hub/negotiate { - proxy_pass http://backend; - } - } \ No newline at end of file diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base new file mode 100644 index 000000000..e69de29bb diff --git a/zzz_archived_bitwarden/rootfs/etc/cont-init.d/nginx.sh b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run old mode 100755 new mode 100644 similarity index 65% rename from zzz_archived_bitwarden/rootfs/etc/cont-init.d/nginx.sh rename to bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run index 0ce2350b6..0eb1f8027 --- a/zzz_archived_bitwarden/rootfs/etc/cont-init.d/nginx.sh +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run @@ -1,13 +1,11 @@ #!/command/with-contenv bashio # shellcheck shell=bash -set -e # ============================================================================== -# Home Assistant Community Add-on: Bitwarden -# This file configures nginx +# Home Assistant Community Add-on: Vaultwarden +# This file configures NGINX # ============================================================================== declare certfile declare keyfile -declare max_body_size bashio::config.require.ssl @@ -21,11 +19,3 @@ if bashio::config.true 'ssl'; then else mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf fi - -max_body_size="10M" -# Increase body size to match config -if bashio::config.has_value 'request_size_limit'; then - max_body_size=$(bashio::config 'request_size_limit') -fi -sed -i "s/%%max_body_size%%/${max_body_size}/g" \ - /etc/nginx/includes/server_params.conf diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type new file mode 100644 index 000000000..bdd22a185 --- /dev/null +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type @@ -0,0 +1 @@ +oneshot diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up new file mode 100644 index 000000000..b3b5b494b --- /dev/null +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-nginx/run diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx new file mode 100644 index 000000000..e69de29bb diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/vaultwarden b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/vaultwarden new file mode 100644 index 000000000..e69de29bb diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/finish b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/finish new file mode 100644 index 000000000..91e575465 --- /dev/null +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/finish @@ -0,0 +1,26 @@ +#!/command/with-contenv bashio +# ============================================================================== +# Home Assistant Community Add-on: Vaultwarden +# Take down the S6 supervision tree when Nginx fails +# ============================================================================== +declare exit_code +readonly exit_code_container=$( /run/s6-linux-init-container-results/exitcode + fi + [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt +elif [[ "${exit_code_service}" -ne 0 ]]; then + if [[ "${exit_code_container}" -eq 0 ]]; then + echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode + fi + exec /run/s6/basedir/bin/halt +fi diff --git a/zzz_archived_bitwarden/rootfs/etc/services.d/nginx/run b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/run old mode 100755 new mode 100644 similarity index 70% rename from zzz_archived_bitwarden/rootfs/etc/services.d/nginx/run rename to bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/run index 17171a50c..1cb185ce4 --- a/zzz_archived_bitwarden/rootfs/etc/services.d/nginx/run +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/run @@ -1,8 +1,6 @@ -#!/usr/bin/with-contenv bashio -# shellcheck shell=bash -set -e +#!/command/with-contenv bashio # ============================================================================== -# Home Assistant Community Add-on: Bitwarden +# Home Assistant Community Add-on: Vaultwarden # Runs the Nginx daemon # ============================================================================== bashio::net.wait_for 80 diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/type b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/type new file mode 100644 index 000000000..5883cff0c --- /dev/null +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/nginx/type @@ -0,0 +1 @@ +longrun diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx new file mode 100644 index 000000000..e69de29bb diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx new file mode 100644 index 000000000..e69de29bb diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/vaultwarden b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/vaultwarden new file mode 100644 index 000000000..e69de29bb diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/dependencies.d/base b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/dependencies.d/base new file mode 100644 index 000000000..e69de29bb diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/finish b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/finish new file mode 100644 index 000000000..a6dc42f92 --- /dev/null +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/finish @@ -0,0 +1,27 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Community Add-on: Vaultwarden +# Take down the S6 supervision tree when the server fails +# ============================================================================== +declare exit_code +readonly exit_code_container=$( /run/s6-linux-init-container-results/exitcode + fi + [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt +elif [[ "${exit_code_service}" -ne 0 ]]; then + if [[ "${exit_code_container}" -eq 0 ]]; then + echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode + fi + exec /run/s6/basedir/bin/halt +fi diff --git a/zzz_archived_bitwarden/rootfs/etc/services.d/bitwarden/run b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/run old mode 100755 new mode 100644 similarity index 89% rename from zzz_archived_bitwarden/rootfs/etc/services.d/bitwarden/run rename to bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/run index 53c8cdfb3..45cf56410 --- a/zzz_archived_bitwarden/rootfs/etc/services.d/bitwarden/run +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/run @@ -1,8 +1,7 @@ #!/command/with-contenv bashio # shellcheck shell=bash -set -e # ============================================================================== -# Home Assistant Community Add-on: Bitwarden +# Home Assistant Community Add-on: Vaultwarden # Runs the Vaultwarden server # ============================================================================== declare admin_token @@ -22,19 +21,19 @@ export ROCKET_SECRET_KEY="${secret_key}" # Find the matching log level if bashio::config.has_value 'log_level'; then case "$(bashio::string.lower "$(bashio::config 'log_level')")" in - all | trace) + all|trace) log_level="trace" ;; debug) log_level="debug" ;; - info | notice) + info|notice) log_level="info" ;; warning) log_level="warn" ;; - error | fatal) + error|fatal) log_level="error" ;; off) @@ -46,7 +45,7 @@ if bashio::config.has_value 'log_level'; then fi # Show admin token in the log, if config does not exist. -if ! bashio::fs.file_exists '/data/config.yaml'; then +if ! bashio::fs.file_exists '/data/config.json'; then admin_token=$(openssl rand -base64 48) export ADMIN_TOKEN="${admin_token}" @@ -73,10 +72,6 @@ if bashio::config.has_value 'request_size_limit'; then export ROCKET_LIMITS="{json=${request_size_limit}}" fi -# Always enable Websockets -export WEBSOCKET_ENABLED=true -export WEBSOCKET_PORT=8080 - # Run the Bitwarden server bashio::log.info 'Starting the Vaultwarden server...' cd /opt || bashio::exit.nok diff --git a/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/type b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/type new file mode 100644 index 000000000..5883cff0c --- /dev/null +++ b/bitwarden/rootfs/etc/s6-overlay/s6-rc.d/vaultwarden/type @@ -0,0 +1 @@ +longrun diff --git a/zzz_archived_bitwarden/stats.png b/bitwarden/stats.png similarity index 100% rename from zzz_archived_bitwarden/stats.png rename to bitwarden/stats.png diff --git a/zzz_archived_bitwarden/updater.json b/bitwarden/updater.json similarity index 100% rename from zzz_archived_bitwarden/updater.json rename to bitwarden/updater.json diff --git a/zzz_archived_bitwarden/rootfs/etc/nginx/includes/ssl_params.conf b/zzz_archived_bitwarden/rootfs/etc/nginx/includes/ssl_params.conf deleted file mode 100644 index 6cf1b5a3e..000000000 --- a/zzz_archived_bitwarden/rootfs/etc/nginx/includes/ssl_params.conf +++ /dev/null @@ -1,9 +0,0 @@ -ssl_protocols TLSv1.2 TLSv1.3; -ssl_prefer_server_ciphers on; -ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; -ssl_ecdh_curve secp384r1; -ssl_session_timeout 10m; -ssl_session_cache shared:SSL:10m; -ssl_session_tickets off; -ssl_stapling on; -ssl_stapling_verify on; diff --git a/zzz_archived_bitwarden/rootfs/etc/nginx/includes/upstream.conf b/zzz_archived_bitwarden/rootfs/etc/nginx/includes/upstream.conf deleted file mode 100644 index b8b7af611..000000000 --- a/zzz_archived_bitwarden/rootfs/etc/nginx/includes/upstream.conf +++ /dev/null @@ -1,7 +0,0 @@ -upstream backend { - server 127.0.0.1:80; -} - -upstream wsbackend { - server 127.0.0.1:8080; -} \ No newline at end of file diff --git a/zzz_archived_bitwarden/rootfs/etc/services.d/bitwarden/finish b/zzz_archived_bitwarden/rootfs/etc/services.d/bitwarden/finish deleted file mode 100644 index c6acda3cd..000000000 --- a/zzz_archived_bitwarden/rootfs/etc/services.d/bitwarden/finish +++ /dev/null @@ -1,12 +0,0 @@ -#!/command/with-contenv bashio -# ============================================================================== -# Home Assistant Community Add-on: Vaultwarden -# Take down the S6 supervision tree when Nginx fails -# ============================================================================== - -if [[ "${1}" -ne 0 ]] && [[ "${1}" -ne 256 ]]; then -bashio::log.warning "NGINX crashed, halting add-on" -/run/s6/basedir/bin/halt -fi - -bashio::log.info "NGINX stopped, restarting..." diff --git a/zzz_archived_bitwarden/rootfs/etc/services.d/nginx/finish b/zzz_archived_bitwarden/rootfs/etc/services.d/nginx/finish deleted file mode 100644 index 23d85af4b..000000000 --- a/zzz_archived_bitwarden/rootfs/etc/services.d/nginx/finish +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/execlineb -S0 -# ============================================================================== -# Home Assistant Community Add-on: Bitwarden -# Take down the S6 supervision tree when Nginx fails -# ============================================================================== -if { s6-test ${1} -ne 0 } -if { s6-test ${1} -ne 256 } - -s6-svscanctl -t /var/run/s6/services