Add files via upload

setup/vault_setup.sh

@@ -0,0 +1,145 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o errtrace
+set -o nounset
+set -o pipefail
+shopt -s expand_aliases
+alias die='EXIT=$? LINE=$LINENO error_exit'
+CROSS='\033[1;31m\xE2\x9D\x8C\033[0m'
+CHECKMARK='\033[0;32m\xE2\x9C\x94\033[0m'
+RETRY_NUM=5
+RETRY_EVERY=3
+NUM=$RETRY_NUM
+trap die ERR
+trap 'die "Script interrupted."' INT
+
+function error_exit() {
+  trap - ERR
+  local DEFAULT='Unknown failure occured.'
+  local REASON="\e[97m${1:-$DEFAULT}\e[39m"
+  local FLAG="\e[91m[ERROR:LXC] \e[93m$EXIT@$LINE"
+  msg "$FLAG $REASON"
+  exit $EXIT
+}
+function msg() {
+  local TEXT="$1"
+  echo -e "$TEXT"
+}
+
+echo -e "${CHECKMARK} \e[1;92m Setting up Container OS... \e[0m"
+sed -i "/$LANG/ s/\(^# \)//" /etc/locale.gen
+locale-gen >/dev/null
+while [ "$(hostname -I)" = "" ]; do
+  1>&2 echo -e "${CROSS} \e[1;31m No Network: \e[0m $(date)"
+  sleep $RETRY_EVERY
+  ((NUM--))
+  if [ $NUM -eq 0 ]
+  then
+    1>&2 echo -e "${CROSS} \e[1;31m No Network After $RETRY_NUM Tries \e[0m"
+    exit 1
+  fi
+done
+  echo -e "${CHECKMARK} \e[1;92m Network Connected: \e[0m $(hostname -I)"
+
+echo -e "${CHECKMARK} \e[1;92m Updating Container OS... \e[0m"
+apt-get update &>/dev/null
+apt-get -qqy upgrade &>/dev/null
+
+echo -e "${CHECKMARK} \e[1;92m Installing Dependencies... \e[0m"
+apt-get update &>/dev/null
+apt-get -qqy install \
+    git \
+    nano \
+    wget \
+    htop \
+    pkg-config \
+    openssl \
+    libssl1.1 \
+    libssl-dev \
+    curl \
+    sudo \
+    build-essential &>/dev/null
+
+echo -e "${CHECKMARK} \e[1;92m Installing Rust... \e[0m"
+curl https://sh.rustup.rs -sSf | sh &>/dev/null
+echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc &>/dev/null
+export PATH=~/.cargo/bin:$PATH &>/dev/null
+which rustc &>/dev/null
+
+echo -e "${CHECKMARK} \e[1;92m Installing Node.js... \e[0m"
+curl -fsSL https://deb.nodesource.com/setup_16.x | bash - &>/dev/null
+apt-get install -y nodejs &>/dev/null
+npm -g install npm@7 &>/dev/null
+which npm &>/dev/null
+npm i npm@latest -g &>/dev/null
+
+echo -e "${CHECKMARK} \e[1;92m Building Vaultwarden... \e[0m"
+git clone https://github.com/dani-garcia/vaultwarden && pushd vaultwarden &>/dev/null
+cargo clean && cargo build --features sqlite --release &>/dev/null
+file target/release/vaultwarden &>/dev/null
+
+echo -e "${CHECKMARK} \e[1;92m Building Web-Vault... \e[0m"
+pushd target/release/ &>/dev/null
+git clone --recurse-submodules https://github.com/bitwarden/web.git web-vault.git && cd web-vault.git &>/dev/null
+git checkout v2.25.1 &>/dev/null
+git submodule update --init --recursive &>/dev/null
+wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.25.0.patch &>/dev/null
+git apply v2.25.0.patch &>/dev/null
+npm ci --legacy-peer-deps && npm audit fix --legacy-peer-deps || true && npm run dist:oss:selfhost &>/dev/null
+cp -a build ../web-vault &>/dev/null
+cd ..
+mkdir data &>/dev/null
+
+echo -e "${CHECKMARK} \e[1;92m Create Systemd Service... \e[0m"
+cp ../../.env.template /etc/vaultwarden.env &>/dev/null
+cp vaultwarden /usr/bin/vaultwarden &>/dev/null
+chmod +x /usr/bin/vaultwarden &>/dev/null
+useradd -m -d /var/lib/vaultwarden vaultwarden &>/dev/null
+sudo cp -R data /var/lib/vaultwarden/ &>/dev/null
+cp -R web-vault /var/lib/vaultwarden/ &>/dev/null
+chown -R vaultwarden:vaultwarden /var/lib/vaultwarden &>/dev/null
+
+service_path="/etc/systemd/system/vaultwarden.service" &>/dev/null
+
+echo "[Unit]
+Description=Bitwarden Server (Powered by Vaultwarden)
+Documentation=https://github.com/dani-garcia/vaultwarden
+
+After=network.target
+
+[Service]
+User=vaultwarden
+Group=vaultwarden
+EnvironmentFile=/etc/vaultwarden.env
+ExecStart=/usr/bin/vaultwarden
+LimitNOFILE=1048576
+LimitNPROC=64
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=strict
+WorkingDirectory=/var/lib/vaultwarden
+ReadWriteDirectories=/var/lib/vaultwarden
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target" > $service_path
+
+echo -e "${CHECKMARK} \e[1;92m Customizing Container... \e[0m"
+rm /etc/motd
+rm /etc/update-motd.d/10-uname
+touch ~/.hushlogin
+GETTY_OVERRIDE="/etc/systemd/system/container-getty@1.service.d/override.conf"
+mkdir -p $(dirname $GETTY_OVERRIDE)
+cat << EOF > $GETTY_OVERRIDE
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty --autologin root --noclear --keep-baud tty%I 115200,38400,9600 \$TERM
+EOF
+systemctl daemon-reload
+systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//')
+systemctl enable vaultwarden.service &>/dev/null
+systemctl start vaultwarden.service &>/dev/null
+echo -e "${CHECKMARK} \e[1;92m Cleanup... \e[0m"
+rm -rf /vault_setup.sh /var/{cache,log}/* /var/lib/apt/lists/*