vaultwarden/deploy.sh

#!/bin/bash

. ./env.sh
set -e

mkdir -p $DATA_FOLDER

if systemctl --user list-units --full --all | grep -q "vaultwarden-${CONTAINER_NAME}.service"; then
  systemctl --user stop vaultwarden-${CONTAINER_NAME}.service
fi

if podman container exists "$CONTAINER_NAME"; then
    echo "Stop and delete existing container $CONTAINER_NAME"
    if podman inspect -f '{{.State.Running}}' "$CONTAINER_NAME" | grep -q true; then
        podman stop "$CONTAINER_NAME"
    fi
    podman rm "$CONTAINER_NAME"
fi

podman create \
    --name vaultwarden \
    --restart=unless-stopped \
    -e DOMAIN=https://$DOMAIN \
    -e SHOW_PASSWORD_HINT=true \
    -e SMTP_HOST=$SMTP_HOST \
    -e SMTP_FROM=$SMTP_FROM \
    -e SMTP_PORT=$SMTP_PORT \
    -e SMTP_SECURITY=$SMTP_SECURITY \
    -e SMTP_USERNAME=$SMTP_USERNAME \
    -e SMTP_PASSWORD=$SMTP_PASSWORD \
    -p $PORT:80 \
    -v $DATA_FOLDER:/data \
    docker.io/vaultwarden/server:latest

podman generate systemd \
    --new \
    --name $CONTAINER_NAME \
    --files \
    --container-prefix=vaultwarden \
    --restart-policy=always

mkdir -p $USER_SYSTEMD
mv vaultwarden-$CONTAINER_NAME.service $USER_SYSTEMD
systemctl --user daemon-reload
systemctl --user enable --now vaultwarden-$CONTAINER_NAME.service

sudo loginctl enable-linger $USER

# generate haproxy blocks
sudo mkdir -p $SERVICE_DIR
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
ACL_CFG=$(cat <<EOF
acl is_vw hdr(host) -i $DOMAIN
use_backend vw_backend if is_vw
EOF
)
echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
BACKEND_CFG=$(cat <<EOF
backend vw_backend
    mode http
    option httpchk GET /
    option forwardfor
    # Set the Source IP in the X-Real-IP header
    http-request set-header X-Real-IP %[src]
    server vwhttp 127.0.0.1:$PORT alpn http/1.1 check
EOF
)
echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null

echo "Deploy completed, manually run haproxy to generate new config."

# on local, allow ufw port from wireguard
Add basic vaultwarden installation 2025-04-25 12:49:13 +02:00			`#!/bin/bash`

Use variables for config 2025-04-25 15:38:43 +02:00			`. ./env.sh`
Add basic vaultwarden installation 2025-04-25 12:49:13 +02:00			`set -e`

			`mkdir -p $DATA_FOLDER`

move acme out, change vw deploy 2025-05-02 20:39:28 +02:00			`if systemctl --user list-units --full --all \| grep -q "vaultwarden-${CONTAINER_NAME}.service"; then`
			`systemctl --user stop vaultwarden-${CONTAINER_NAME}.service`
Add check before stop 2025-04-25 13:06:07 +02:00			`fi`
Add basic vaultwarden installation 2025-04-25 12:49:13 +02:00
move acme out, change vw deploy 2025-05-02 20:39:28 +02:00			`if podman container exists "$CONTAINER_NAME"; then`
			`echo "Stop and delete existing container $CONTAINER_NAME"`
			`if podman inspect -f '{{.State.Running}}' "$CONTAINER_NAME" \| grep -q true; then`
			`podman stop "$CONTAINER_NAME"`
			`fi`
			`podman rm "$CONTAINER_NAME"`
			`fi`
Add basic vaultwarden installation 2025-04-25 12:49:13 +02:00
			`podman create \`
			`--name vaultwarden \`
			`--restart=unless-stopped \`
error in podman create 2025-04-25 16:34:16 +02:00			`-e DOMAIN=https://$DOMAIN \`
enable password hint by default 2025-05-04 11:51:24 +02:00			`-e SHOW_PASSWORD_HINT=true \`
Add first final version of vw deployment and haproxy 2025-05-03 23:00:55 +02:00			`-e SMTP_HOST=$SMTP_HOST \`
			`-e SMTP_FROM=$SMTP_FROM \`
			`-e SMTP_PORT=$SMTP_PORT \`
			`-e SMTP_SECURITY=$SMTP_SECURITY \`
			`-e SMTP_USERNAME=$SMTP_USERNAME \`
			`-e SMTP_PASSWORD=$SMTP_PASSWORD \`
Add basic vaultwarden installation 2025-04-25 12:49:13 +02:00			`-p $PORT:80 \`
			`-v $DATA_FOLDER:/data \`
			`docker.io/vaultwarden/server:latest`

			`podman generate systemd \`
			`--new \`
			`--name $CONTAINER_NAME \`
			`--files \`
move acme out, change vw deploy 2025-05-02 20:39:28 +02:00			`--container-prefix=vaultwarden \`
Add basic vaultwarden installation 2025-04-25 12:49:13 +02:00			`--restart-policy=always`

			`mkdir -p $USER_SYSTEMD`
Add first final version of vw deployment and haproxy 2025-05-03 23:00:55 +02:00			`mv vaultwarden-$CONTAINER_NAME.service $USER_SYSTEMD`
Add basic vaultwarden installation 2025-04-25 12:49:13 +02:00			`systemctl --user daemon-reload`
move acme out, change vw deploy 2025-05-02 20:39:28 +02:00			`systemctl --user enable --now vaultwarden-$CONTAINER_NAME.service`
Add basic vaultwarden installation 2025-04-25 12:49:13 +02:00
Use variables for config 2025-04-25 15:38:43 +02:00			`sudo loginctl enable-linger $USER`

Add first final version of vw deployment and haproxy 2025-05-03 23:00:55 +02:00			`# generate haproxy blocks`
			`sudo mkdir -p $SERVICE_DIR`
			`echo "crt $SSL_PATH/fullchain.pem" \| sudo tee $SERVICE_DIR/cert.block > /dev/null`
			`ACL_CFG=$(cat <<EOF`
			`acl is_vw hdr(host) -i $DOMAIN`
			`use_backend vw_backend if is_vw`
			`EOF`
			`)`
			`echo "$ACL_CFG" \| sudo tee $SERVICE_DIR/acl.block > /dev/null`
			`BACKEND_CFG=$(cat <<EOF`
			`backend vw_backend`
			`mode http`
			`option httpchk GET /`
			`option forwardfor`
			`# Set the Source IP in the X-Real-IP header`
			`http-request set-header X-Real-IP %[src]`
			`server vwhttp 127.0.0.1:$PORT alpn http/1.1 check`
			`EOF`
			`)`
			`echo "$BACKEND_CFG" \| sudo tee $SERVICE_DIR/backend.block > /dev/null`

			`echo "Deploy completed, manually run haproxy to generate new config."`

Use variables for config 2025-04-25 15:38:43 +02:00			`# on local, allow ufw port from wireguard`