Add first final version of vw deployment and haproxy

vaultwarden/deploy.sh

@@ -22,6 +22,12 @@ podman create \
     --restart=unless-stopped \
     -e DOMAIN=https://$DOMAIN \
     -e SHOW_PASSWORD_HINT=false \
+    -e SMTP_HOST=$SMTP_HOST \
+    -e SMTP_FROM=$SMTP_FROM \
+    -e SMTP_PORT=$SMTP_PORT \
+    -e SMTP_SECURITY=$SMTP_SECURITY \
+    -e SMTP_USERNAME=$SMTP_USERNAME \
+    -e SMTP_PASSWORD=$SMTP_PASSWORD \
     -p $PORT:80 \
     -v $DATA_FOLDER:/data \
     docker.io/vaultwarden/server:latest
@@ -33,12 +39,34 @@ podman generate systemd \
     --container-prefix=vaultwarden \
     --restart-policy=always
 
-USER_SYSTEMD="$HOME/.config/systemd/user"
 mkdir -p $USER_SYSTEMD
-cp vaultwarden-$CONTAINER_NAME.service $USER_SYSTEMD
+mv vaultwarden-$CONTAINER_NAME.service $USER_SYSTEMD
 systemctl --user daemon-reload
 systemctl --user enable --now vaultwarden-$CONTAINER_NAME.service
 
 sudo loginctl enable-linger $USER
 
+# generate haproxy blocks
+sudo mkdir -p $SERVICE_DIR
+echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
+ACL_CFG=$(cat <<EOF
+acl is_vw hdr(host) -i $DOMAIN
+use_backend vw_backend if is_vw
+EOF
+)
+echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
+BACKEND_CFG=$(cat <<EOF
+backend vw_backend
+    mode http
+    option httpchk GET /
+    option forwardfor
+    # Set the Source IP in the X-Real-IP header
+    http-request set-header X-Real-IP %[src]
+    server vwhttp 127.0.0.1:$PORT alpn http/1.1 check
+EOF
+)
+echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null
+
+echo "Deploy completed, manually run haproxy to generate new config."
+
 # on local, allow ufw port from wireguard