diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 37e474a..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/dani-garcia/vaultwarden/archive/1.22.1.tar.gz -SOURCE_SUM=204fd9baaad0712b2a5677972b88083f8bf817c4504df27f29694fba551d09f1e5ed8c4b96fe5ad3a41daca582cbf9edcf56c4871a7d36685cb4c95609f9e93d -SOURCE_SUM_PRG=sha512sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/docker-image-extract.src b/conf/docker-image-extract.src new file mode 100644 index 0000000..64fe1a1 --- /dev/null +++ b/conf/docker-image-extract.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://codeload.github.com/jjlin/docker-image-extract/tar.gz/a9e455e44bbbfba897bf3342d9661b182cee67a9 +SOURCE_SUM=9eb0c734e83a3fd7102fc7209af4977024ec467fbc819782491af47295675f67 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/systemd.service b/conf/systemd.service index 76d68b5..25be71b 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -20,8 +20,10 @@ PrivateDevices=true ProtectHome=true ProtectSystem=strict # Only allow writes to the following directory and set it to the working directory (user and password data are stored here) -WorkingDirectory=__FINALPATH__/live/ -ReadWriteDirectories=__FINALPATH__/live/ +WorkingDirectory=__FINALPATH__/live +ReadWriteDirectories=__FINALPATH__/live +# Allow vaultwarden to bind ports in the range of 0-1024 +AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target diff --git a/scripts/_common.sh b/scripts/_common.sh index aa3c17a..e089741 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,9 @@ #================================================= # dependencies used by the app -pkg_dependencies="curl tar pkg-config libssl-dev libc6-dev" +pkg_dependencies="postgresql postgresql-contrib" + +VAULTWARDEN_VERSION=1.21.0 #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index a9e50bd..f9499fd 100644 --- a/scripts/install +++ b/scripts/install @@ -93,7 +93,7 @@ ynh_script_progression --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory -ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" +ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract" # Download, check integrity, uncompress and patch the source from web.src ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web" @@ -117,20 +117,13 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Making install..." -# Install rustup with the toolchain needed by vaultwarden -pushd "$final_path" - sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' -popd - -export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" - # Compile vaultwarden pushd "$final_path"/build - ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release + ./docker-image-extract vaultwarden/server:$VAULTWARDEN_VERSION popd # Install vaultwarden -cp -af "$final_path/build/target/release/vaultwarden" "$final_path/live/vaultwarden" +cp -af "$final_path/build/output/vaultwarden" "$final_path/live/vaultwarden" # Remove build files and rustup ynh_secure_remove --file="$final_path/build" diff --git a/scripts/upgrade b/scripts/upgrade index b09edc5..216b63e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -162,7 +162,7 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory - ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" + ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract" # Download, check integrity, uncompress and patch the source from web.src ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web" @@ -199,16 +199,9 @@ chown -R "$app":"$app" "$final_path" if [ "$upgrade_type" == "UPGRADE_APP" ] then - # Install rustup with the toolchain needed by vaultwarden - pushd "$final_path" - sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' - popd - - export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" - # Compile vaultwarden pushd "$final_path"/build - ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release + ./docker-image-extract vaultwarden/server:$VAULTWARDEN_VERSION popd # Remove old generated files before copying the new ones @@ -221,7 +214,7 @@ then ynh_secure_remove --file="$final_path/live/vaultwarden.d" # Install vaultwarden - cp -af "$final_path/build/target/release/vaultwarden" "$final_path/live/vaultwarden" + cp -af "$final_path/build/output/vaultwarden" "$final_path/live/vaultwarden" # Remove build files and rustup ynh_secure_remove --file="$final_path/build"