albert/Proxmox
1
0
Fork 0
mirror of https://github.com/tteck/Proxmox.git synced 2025-02-15 06:09:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
Proxmox/setup/vaultwarden-install.sh
Gavin Laking ee5b965cd6 Fix escape codes; 
When running certain scripts, sometimes an 'm' character is wrongly
output to the terminal. This PR fixes all instances of this happening.
I've also made 'RD' (red) consistent with 'GN' (green) by removing the
leading 0, and my editor has kindly removed all trailing spaces from
files.
2022-10-16 16:02:05 +01:00

186 lines
5.3 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
YW=`echo "\033[33m"`
RD=`echo "\033[1;31m"`
BL=`echo "\033[36m"`
GN=`echo "\033[1;92m"`
CL=`echo "\033[0m"`
RETRY_NUM=10
RETRY_EVERY=3
NUM=$RETRY_NUM
CM="${GN}${CL}"
CROSS="${RD}${CL}"
BFR="\\r\\033[K"
HOLD="-"
set -o errexit
set -o errtrace
set -o nounset
set -o pipefail
shopt -s expand_aliases
alias die='EXIT=$? LINE=$LINENO error_exit'
trap die ERR
function error_exit() {
trap - ERR
local reason="Unknown failure occurred."
local msg="${1:-$reason}"
local flag="${RD}‼ ERROR ${CL}$EXIT@$LINE"
echo -e "$flag $msg" 1>&2
exit $EXIT
}
function msg_info() {
local msg="$1"
echo -ne " ${HOLD} ${YW}${msg}..."
}
function msg_ok() {
local msg="$1"
echo -e "${BFR} ${CM} ${GN}${msg}${CL}"
}
function msg_error() {
local msg="$1"
echo -e "${BFR} ${CROSS} ${RD}${msg}${CL}"
}
msg_info "Setting up Container OS "
sed -i "/$LANG/ s/\(^# \)//" /etc/locale.gen
locale-gen >/dev/null
while [ "$(hostname -I)" = "" ]; do
1>&2 echo -en "${CROSS}${RD} No Network! "
sleep $RETRY_EVERY
((NUM--))
if [ $NUM -eq 0 ]
then
1>&2 echo -e "${CROSS}${RD} No Network After $RETRY_NUM Tries${CL}"
exit 1
fi
done
msg_ok "Set up Container OS"
msg_ok "Network Connected: ${BL}$(hostname -I)"
if nc -zw1 8.8.8.8 443; then msg_ok "Internet Connected"; else msg_error "Internet NOT Connected"; exit 1; fi;
RESOLVEDIP=$(nslookup "github.com" | awk -F':' '/^Address: / { matched = 1 } matched { print $2}' | xargs)
if [[ -z "$RESOLVEDIP" ]]; then msg_error "DNS Lookup Failure"; else msg_ok "DNS Resolved github.com to $RESOLVEDIP"; fi;
msg_info "Updating Container OS"
apt-get update &>/dev/null
apt-get -y upgrade &>/dev/null
msg_ok "Updated Container OS"
msg_info "Installing Dependencies"
apt-get update &>/dev/null
apt-get -qqy install \
git \
build-essential \
pkgconf \
libssl-dev \
libmariadb-dev-compat \
libpq-dev \
curl \
sudo &>/dev/null
msg_ok "Installed Dependencies"
WEBVAULT=$(curl -s https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest \
| grep "tag_name" \
| awk '{print substr($2, 2, length($2)-3) }')
VAULT=$(curl -s https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest \
| grep "tag_name" \
| awk '{print substr($2, 2, length($2)-3) }')
msg_info "Installing Rust"
curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal &>/dev/null
echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc &>/dev/null
export PATH=~/.cargo/bin:$PATH &>/dev/null
which rustc &>/dev/null
msg_ok "Installed Rust"
msg_info "Building Vaultwarden ${VAULT} (Patience)"
git clone https://github.com/dani-garcia/vaultwarden &>/dev/null
cd vaultwarden
cargo build --features "sqlite,mysql,postgresql" --release &>/dev/null
msg_ok "Built Vaultwarden ${VAULT}"
addgroup --system vaultwarden &>/dev/null
adduser --system --home /opt/vaultwarden --shell /usr/sbin/nologin --no-create-home --gecos 'vaultwarden' --ingroup vaultwarden --disabled-login --disabled-password vaultwarden &>/dev/null
mkdir -p /opt/vaultwarden/bin
mkdir -p /opt/vaultwarden/data
cp target/release/vaultwarden /opt/vaultwarden/bin/
msg_info "Downloading Web-Vault ${WEBVAULT}"
curl -fsSLO https://github.com/dani-garcia/bw_web_builds/releases/download/$WEBVAULT/bw_web_$WEBVAULT.tar.gz &>/dev/null
tar -xzf bw_web_$WEBVAULT.tar.gz -C /opt/vaultwarden/ &>/dev/null
msg_ok "Downloaded Web-Vault ${WEBVAULT}"
cat <<EOF > /opt/vaultwarden/.env
ADMIN_TOKEN=$(openssl rand -base64 48)
ROCKET_ADDRESS=0.0.0.0
DATA_FOLDER=/opt/vaultwarden/data
DATABASE_MAX_CONNS=10
WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
WEB_VAULT_ENABLED=true
EOF
msg_info "Creating Service"
chown -R vaultwarden:vaultwarden /opt/vaultwarden/
chown root:root /opt/vaultwarden/bin/vaultwarden
chmod +x /opt/vaultwarden/bin/vaultwarden
chown -R root:root /opt/vaultwarden/web-vault/
chmod +r /opt/vaultwarden/.env
service_path="/etc/systemd/system/vaultwarden.service" &>/dev/null
echo "[Unit]
Description=Bitwarden Server (Powered by Vaultwarden)
Documentation=https://github.com/dani-garcia/vaultwarden
After=network.target
[Service]
User=vaultwarden
Group=vaultwarden
EnvironmentFile=-/opt/vaultwarden/.env
ExecStart=/opt/vaultwarden/bin/vaultwarden
LimitNOFILE=65535
LimitNPROC=4096
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
DevicePolicy=closed
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictNamespaces=yes
RestrictRealtime=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
WorkingDirectory=/opt/vaultwarden
ReadWriteDirectories=/opt/vaultwarden/data
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target" > $service_path
systemctl daemon-reload
systemctl enable --now vaultwarden.service &>/dev/null
msg_ok "Created Service"
PASS=$(grep -w "root" /etc/shadow | cut -b6);
if [[ $PASS != $ ]]; then
msg_info "Customizing Container"
rm /etc/motd
rm /etc/update-motd.d/10-uname
touch ~/.hushlogin
GETTY_OVERRIDE="/etc/systemd/system/container-getty@1.service.d/override.conf"
mkdir -p $(dirname $GETTY_OVERRIDE)
cat << EOF > $GETTY_OVERRIDE
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin root --noclear --keep-baud tty%I 115200,38400,9600 \$TERM
EOF
systemctl daemon-reload
systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//')
msg_ok "Customized Container"
fi
msg_info "Cleaning up"
apt-get autoremove >/dev/null
apt-get autoclean >/dev/null
msg_ok "Cleaned"
Reference in a new issue View git blame Copy permalink