Use variables for config

vaultwarden/acme.sh

@@ -1,27 +1,12 @@
-curl https://get.acme.sh | sh -s email=liu.tianyu93@hotmail.com
 
-DOMAIN="vw.jamesvillage.dev"
+#!/bin/bash
-SSL_PATH=$HOME/.config/ssl/$DOMAIN
+. ./env.sh
+
+curl https://get.acme.sh | sh -s email=$EMAIL
+
 mkdir -p $SSL_PATH
 
-export NAMECHEAP_USERNAME="james77676166"
-export NAMECHEAP_API_KEY="afcbbc60dcf8431cb0529db06b4dfac7"
-export NAMECHEAP_SOURCEIP="https://ifconfig.co/ip"
-
 $HOME/.acme.sh/acme.sh --issue --dns dns_namecheap -d $DOMAIN \
     --fullchain-file "$SSL_PATH/fullchain.cer" \
     --key-file "$SSL_PATH/privkey.key" \
     --reloadcmd "cat $SSL_PATH/privkey.key $SSL_PATH/fullchain.cer > $SSL_PATH/fullchain.pem"
-
-# cp vaultwarden_sample_haproxy vaultwarden
-
-# sed -i \
-#   -e "s|my_domain\.tld|$DOMAIN|g" \
-#   -e "s|/path/to/certificate/letsencrypt/live/vaultwarden\.example\.tld/fullchain\.pem|$SSL_PATH/fullchain.cer|g" \
-#   -e "s|/path/to/certificate/letsencrypt/live/vaultwarden\.example\.tld/privkey\.pem|$SSL_PATH/privkey.key|g" \
-#   vaultwarden
-
-# sudo mv vaultwarden /etc/nginx/sites-available
-# sudo ln -s /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled
-# sudo systemctl reload nginx
-

vaultwarden/container-vaultwarden.service

@@ -0,0 +1,41 @@
+# container-vaultwarden.service
+# autogenerated by Podman 4.3.1
+# Fri Apr 25 15:33:39 CEST 2025
+
+[Unit]
+Description=Podman container-vaultwarden.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm \
+	-f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name vaultwarden \
+	-e DOMAIN=vw.jamesvillage.dev \
+	-e SHOW_PASSWORD_HINT=false \
+	-p 8885:80 \
+	-v /home/tianyu/.local/share/vaultwarden/data:/data docker.io/vaultwarden/server:latest
+ExecStop=/usr/bin/podman stop \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+	-f \
+	--ignore -t 10 \
+	--cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target

vaultwarden/deploy.sh

@@ -1,12 +1,8 @@
 #!/bin/bash
 
+. ./env.sh
 set -e
 
-CONTAINER_NAME="vaultwarden"
-PORT="8885"
-DOMAIN="https://vw.jamesvillage.dev"
-
-DATA_FOLDER="$HOME/.local/share/vaultwarden/data"
 mkdir -p $DATA_FOLDER
 
 if systemctl --user list-units --full --all | grep -q "container-${CONTAINER_NAME}.service"; then
@@ -42,4 +38,6 @@ cp container-$CONTAINER_NAME.service $USER_SYSTEMD
 systemctl --user daemon-reload
 systemctl --user enable --now container-$CONTAINER_NAME.service
 
-sudo loginctl enable-linger $USER
+sudo loginctl enable-linger $USER
+
+# on local, allow ufw port from wireguard

vaultwarden/env.sh

@@ -0,0 +1,11 @@
+export NAMECHEAP_USERNAME=""
+export NAMECHEAP_API_KEY=""
+export NAMECHEAP_SOURCEIP=""
+
+export EMAIL=""
+export CONTAINER_NAME=""
+export PORT=""
+export DATA_FOLDER=""
+export DOMAIN=""
+export SSL_PATH=$HOME/.config/ssl/$DOMAIN
+export HAPROXY_CFG="/etc/haproxy/haproxy.cfg"

vaultwarden/haproxy.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+. ./env.sh
+BLOCK_BEGIN="# === BEGIN vaultwarden config ==="
+BLOCK_END="# === END vaultwarden config ==="
+
+CONFIG=$(cat <<EOF
+$BLOCK_BEGIN
+frontend http_redirect
+    bind *:80
+    acl is_vw hdr(host) -i $DOMAIN
+    http-request redirect scheme https code 301 if is_vw
+frontend vw_https
+    bind *:443 ssl crt $SSL_PATH/fullchain.pem alpn h2,http/1.1
+    mode http
+    acl is_vw hdr(host) -i $DOMAIN
+    use_backend vw_backend if is_vw
+
+backend vw_backend
+    mode http
+    option httpchk GET /
+    server home 10.238.75.62:8885 check inter 5s fall 3 rise 2
+    server local 127.0.0.1:8885 check backup
+$BLOCK_END
+EOF
+)
+
+sudo sed -i "/$BLOCK_BEGIN/,/$BLOCK_END/d" "$HAPROXY_CFG"
+
+echo "$CONFIG" | sudo tee -a "$HAPROXY_CFG" > /dev/null
+
+sudo systemctl reload haproxy