tliu93/linux-install-helper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
250662c65e0d04f96708d5860e45fcd2088a4c2f
linux-install-helper/vaultwarden/deploy.sh

72 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
. ./env.sh
set -e
mkdir -p $DATA_FOLDER
if systemctl --user list-units --full --all | grep -q "vaultwarden-${CONTAINER_NAME}.service"; then
systemctl --user stop vaultwarden-${CONTAINER_NAME}.service
fi
if podman container exists "$CONTAINER_NAME"; then
echo "Stop and delete existing container $CONTAINER_NAME"
if podman inspect -f '{{.State.Running}}' "$CONTAINER_NAME" | grep -q true; then
podman stop "$CONTAINER_NAME"
fi
podman rm "$CONTAINER_NAME"
fi
podman create \
--name vaultwarden \
--restart=unless-stopped \
-e DOMAIN=https://$DOMAIN \
-e SHOW_PASSWORD_HINT=false \
-e SMTP_HOST=$SMTP_HOST \
-e SMTP_FROM=$SMTP_FROM \
-e SMTP_PORT=$SMTP_PORT \
-e SMTP_SECURITY=$SMTP_SECURITY \
-e SMTP_USERNAME=$SMTP_USERNAME \
-e SMTP_PASSWORD=$SMTP_PASSWORD \
-p $PORT:80 \
-v $DATA_FOLDER:/data \
docker.io/vaultwarden/server:latest
podman generate systemd \
--new \
--name $CONTAINER_NAME \
--files \
--container-prefix=vaultwarden \
--restart-policy=always
mkdir -p $USER_SYSTEMD
mv vaultwarden-$CONTAINER_NAME.service $USER_SYSTEMD
systemctl --user daemon-reload
systemctl --user enable --now vaultwarden-$CONTAINER_NAME.service
sudo loginctl enable-linger $USER
# generate haproxy blocks
sudo mkdir -p $SERVICE_DIR
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
ACL_CFG=$(cat <<EOF
acl is_vw hdr(host) -i $DOMAIN
use_backend vw_backend if is_vw
EOF
)
echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
BACKEND_CFG=$(cat <<EOF
backend vw_backend
mode http
option httpchk GET /
option forwardfor
# Set the Source IP in the X-Real-IP header
http-request set-header X-Real-IP %[src]
server vwhttp 127.0.0.1:$PORT alpn http/1.1 check
EOF
)
echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null
echo "Deploy completed, manually run haproxy to generate new config."
# on local, allow ufw port from wireguard
Reference in New Issue View Git Blame Copy Permalink