From db190e25f840cc2f32c4f07208c183e69fa6701e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 24 Oct 2023 14:43:14 +0200 Subject: [PATCH 01/32] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index cc9b002..bbe76e8 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "Vaultwarden" description.en = "Manage passwords and other sensitive informations" description.fr = "Gérez les mots de passe et autres informations sensibles" -version = "1.29.1~ynh3" +version = "1.29.2~ynh1" maintainers = ["yalh76"] From 17faa0f9a7e9bc2976004acf5e386afb8d95c4bc Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 20 Nov 2023 10:58:54 +0100 Subject: [PATCH 02/32] Update manifest.toml --- manifest.toml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index bbe76e8..3045dfc 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "Vaultwarden" description.en = "Manage passwords and other sensitive informations" description.fr = "Gérez les mots de passe et autres informations sensibles" -version = "1.29.2~ynh1" +version = "1.30.1~ynh1" maintainers = ["yalh76"] @@ -22,8 +22,11 @@ code = "https://github.com/dani-garcia/vaultwarden" yunohost = ">= 11.2" architectures = "all" multi_instance = true + ldap = false + sso = false + disk = "50M" ram.build = "50M" ram.runtime = "50M" From 7f348a362d3b83fd866fa6d0ac754f5e9849bba5 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 5 Dec 2023 13:02:53 +0000 Subject: [PATCH 03/32] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3d361a6..90a378e 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. -**Shipped version:** 1.29.1~ynh3 +**Shipped version:** 1.30.1~ynh1 **Demo:** https://vault.bitwarden.com/#/register diff --git a/README_fr.md b/README_fr.md index 9361536..6b258f6 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Implémentation alternative de l'API du serveur Bitwarden écrite en Rust et compatible avec les clients Bitwarden en amont*, parfaite pour un déploiement auto-hébergé où l'exécution du service officiel gourmand en ressources n'est peut-être pas idéale. -**Version incluse :** 1.29.1~ynh3 +**Version incluse :** 1.30.1~ynh1 **Démo :** https://vault.bitwarden.com/#/register From f310c89a10039e058c8b92df1abf256394a39a77 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Thu, 25 Jan 2024 18:17:37 +0100 Subject: [PATCH 04/32] trying to fix the libssl.so.3 not found bug --- scripts/_common.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index ee6bfce..54a5dbf 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -26,9 +26,16 @@ _download_vaultwarden_from_docker() { mv -f "$install_dir/build/"{vaultwarden,web-vault} "$install_dir/live/" ynh_secure_remove --file="$install_dir/build" + # fixes the libssl.so.3 not found bug + libssl_path=$(which openssl) + if ! grep -q "$libssl_path" /etc/ld.so.conf ; then + echo "include $libssl_path" >> /etc/ld.so.conf + ldconfig + fi + chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" - chown -R $app:$app "$install_dir" + chown -R "$app:$app" "$install_dir" } #================================================= From b1df2e0f4ae238c0bb6117ebde65bee9a6e94b3c Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Thu, 25 Jan 2024 18:32:28 +0100 Subject: [PATCH 05/32] Revert "trying to fix the libssl.so.3 not found bug" This reverts commit f310c89a10039e058c8b92df1abf256394a39a77. --- scripts/_common.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 54a5dbf..ee6bfce 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -26,16 +26,9 @@ _download_vaultwarden_from_docker() { mv -f "$install_dir/build/"{vaultwarden,web-vault} "$install_dir/live/" ynh_secure_remove --file="$install_dir/build" - # fixes the libssl.so.3 not found bug - libssl_path=$(which openssl) - if ! grep -q "$libssl_path" /etc/ld.so.conf ; then - echo "include $libssl_path" >> /etc/ld.so.conf - ldconfig - fi - chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" - chown -R "$app:$app" "$install_dir" + chown -R $app:$app "$install_dir" } #================================================= From b3ed849bef4460ece7a99ab2610bfc5993f8235f Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Thu, 25 Jan 2024 18:32:45 +0100 Subject: [PATCH 06/32] add openssl apt dep --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 3045dfc..e924012 100644 --- a/manifest.toml +++ b/manifest.toml @@ -9,7 +9,7 @@ description.fr = "Gérez les mots de passe et autres informations sensibles" version = "1.30.1~ynh1" -maintainers = ["yalh76"] +maintainers = [ "yalh76" ] [upstream] license = "GPL-3.0-or-later" @@ -62,7 +62,7 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" api.url = "/api" - api.additional_urls = ["/identity"] + api.additional_urls = [ "/identity" ] api.allowed = "visitors" api.auth_header = false api.show_tile = false @@ -72,4 +72,4 @@ ram.runtime = "50M" admin.show_tile = false [resources.apt] - packages = "libpq5" + packages = "libpq5, openssl" From 6abc405285130860e98a5fc24f7afb0929ccab03 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Thu, 25 Jan 2024 18:56:34 +0100 Subject: [PATCH 07/32] resources.apt: libssl3 --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index e924012..334e0d3 100644 --- a/manifest.toml +++ b/manifest.toml @@ -72,4 +72,4 @@ ram.runtime = "50M" admin.show_tile = false [resources.apt] - packages = "libpq5, openssl" + packages = "libpq5, libssl3" From 0ab990f8a35939829158c1e8f86754baf53e9599 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Thu, 25 Jan 2024 19:10:21 +0100 Subject: [PATCH 08/32] symbolic link to fix libssl.so.3 bug --- scripts/_common.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/_common.sh b/scripts/_common.sh index ee6bfce..ca1eb9e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -26,6 +26,11 @@ _download_vaultwarden_from_docker() { mv -f "$install_dir/build/"{vaultwarden,web-vault} "$install_dir/live/" ynh_secure_remove --file="$install_dir/build" + # fixes the libssl.so.3 not found bug since libssl3 is not available on bullseye + if [ ! -f /usr/lib/x86_64-linux-gnu/libssl.so.3 ]; then + ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/x86_64-linux-gnu/libssl.so.3 + fi + chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:$app "$install_dir" From ac004c140658fa4688c442801ac0b8393a000ae0 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Thu, 25 Jan 2024 19:13:39 +0100 Subject: [PATCH 09/32] remove irrelevant dep --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 334e0d3..110c69b 100644 --- a/manifest.toml +++ b/manifest.toml @@ -72,4 +72,4 @@ ram.runtime = "50M" admin.show_tile = false [resources.apt] - packages = "libpq5, libssl3" + packages = "libpq5" From e6bf2f4091c692c89840db1c278cd6f7b4a2080b Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Thu, 25 Jan 2024 19:45:30 +0100 Subject: [PATCH 10/32] removing this dumb thing --- scripts/_common.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index ca1eb9e..ee6bfce 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -26,11 +26,6 @@ _download_vaultwarden_from_docker() { mv -f "$install_dir/build/"{vaultwarden,web-vault} "$install_dir/live/" ynh_secure_remove --file="$install_dir/build" - # fixes the libssl.so.3 not found bug since libssl3 is not available on bullseye - if [ ! -f /usr/lib/x86_64-linux-gnu/libssl.so.3 ]; then - ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/x86_64-linux-gnu/libssl.so.3 - fi - chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:$app "$install_dir" From a7a1d30132f8a63d62c3d923d479aa39798053c0 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 4 May 2024 11:40:29 +0000 Subject: [PATCH 11/32] Auto-update READMEs --- ALL_README.md | 3 ++- README.md | 5 ++++- README_eu.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++ README_fr.md | 5 ++++- README_gl.md | 2 +- README_zh_Hans.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 115 insertions(+), 4 deletions(-) create mode 100644 README_eu.md create mode 100644 README_zh_Hans.md diff --git a/ALL_README.md b/ALL_README.md index 3d6c579..a01b345 100644 --- a/ALL_README.md +++ b/ALL_README.md @@ -1,6 +1,7 @@ # All available README files by language - [Read the README in English](README.md) +- [Irakurri README euskaraz](README_eu.md) - [Lire le README en français](README_fr.md) - [Le o README en galego](README_gl.md) -- [Leggi il “README” in italiano](README_it.md) +- [阅读中文(简体)的 README](README_zh_Hans.md) diff --git a/README.md b/README.md index 22910a0..fb5454b 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ It shall NOT be edited by hand. [![Install Vaultwarden with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=vaultwarden) -*[Read this README is other languages.](./ALL_README.md)* +*[Read this README in other languages.](./ALL_README.md)* > *This package allows you to install Vaultwarden quickly and simply on a YunoHost server.* > *If you don't have YunoHost, please consult [the guide](https://yunohost.org/install) to learn how to install it.* @@ -18,6 +18,9 @@ It shall NOT be edited by hand. Vaultwarden is a password manager, allowing generation and storage of passwords in a secure way. These are protected by a single password called the "master password". +Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. + + **Shipped version:** 1.30.1~ynh1 **Demo:** diff --git a/README_eu.md b/README_eu.md new file mode 100644 index 0000000..c25c455 --- /dev/null +++ b/README_eu.md @@ -0,0 +1,52 @@ + + +# Vaultwarden YunoHost-erako + +[![Integrazio maila](https://dash.yunohost.org/integration/vaultwarden.svg)](https://dash.yunohost.org/appci/app/vaultwarden) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/vaultwarden.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/vaultwarden.maintain.svg) + +[![Instalatu Vaultwarden YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=vaultwarden) + +*[Irakurri README hau beste hizkuntzatan.](./ALL_README.md)* + +> *Pakete honek Vaultwarden YunoHost zerbitzari batean azkar eta zailtasunik gabe instalatzea ahalbidetzen dizu.* +> *YunoHost ez baduzu, kontsultatu [gida](https://yunohost.org/install) nola instalatu ikasteko.* + +## Aurreikuspena + +Vaultwarden is a password manager, allowing generation and storage of passwords in a secure way. These are protected by a single password called the "master password". + +Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. + + +**Paketatutako bertsioa:** 1.30.1~ynh1 + +**Demoa:** + +## Pantaila-argazkiak + +![Vaultwarden(r)en pantaila-argazkia](./doc/screenshots/screenshot1.png) + +## Dokumentazioa eta baliabideak + +- Erabiltzaileen dokumentazio ofiziala: +- Administratzaileen dokumentazio ofiziala: +- Jatorrizko aplikazioaren kode-gordailua: +- YunoHost Denda: +- Eman errore baten berri: + +## Garatzaileentzako informazioa + +Bidali `pull request`a [`testing` abarrera](https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing). + +`testing` abarra probatzeko, ondorengoa egin: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing --debug +edo +sudo yunohost app upgrade vaultwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing --debug +``` + +**Informazio gehiago aplikazioaren paketatzeari buruz:** diff --git a/README_fr.md b/README_fr.md index 107aff2..cc41730 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,10 @@ Il NE doit PAS être modifié à la main. Vaultwarden est un gestionnaire de mots de passe, qui permet de générer et de conserver des mots de passe de manière sécurisée. Ces éléments sont protégés par un seul et unique mot de passe appelé « mot de passe maître ». -**Version incluse :** 1.30.1~ynh1 +Il existe des clients pour [Linux, macOS et Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), et comme module d'extension pour navigateur web. Il est aussi possible de gérer ses mot de passe depuis l'interface web. + + +**Version incluse :** 1.30.1~ynh1 **Démo :** diff --git a/README_gl.md b/README_gl.md index 6fe8056..9615a9e 100644 --- a/README_gl.md +++ b/README_gl.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**Versión proporcionada:** 1.29.1~ynh4 +**Versión proporcionada:** 1.30.1~ynh1 **Demo:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md new file mode 100644 index 0000000..505b101 --- /dev/null +++ b/README_zh_Hans.md @@ -0,0 +1,52 @@ + + +# YunoHost 的 Vaultwarden + +[![集成程度](https://dash.yunohost.org/integration/vaultwarden.svg)](https://dash.yunohost.org/appci/app/vaultwarden) ![工作状态](https://ci-apps.yunohost.org/ci/badges/vaultwarden.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/vaultwarden.maintain.svg) + +[![使用 YunoHost 安装 Vaultwarden](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=vaultwarden) + +*[阅读此 README 的其它语言版本。](./ALL_README.md)* + +> *通过此软件包,您可以在 YunoHost 服务器上快速、简单地安装 Vaultwarden。* +> *如果您还没有 YunoHost,请参阅[指南](https://yunohost.org/install)了解如何安装它。* + +## 概况 + +Vaultwarden is a password manager, allowing generation and storage of passwords in a secure way. These are protected by a single password called the "master password". + +Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. + + +**分发版本:** 1.30.1~ynh1 + +**演示:** + +## 截图 + +![Vaultwarden 的截图](./doc/screenshots/screenshot1.png) + +## 文档与资源 + +- 官方用户文档: +- 官方管理文档: +- 上游应用代码库: +- YunoHost 商店: +- 报告 bug: + +## 开发者信息 + +请向 [`testing` 分支](https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing) 发送拉取请求。 + +如要尝试 `testing` 分支,请这样操作: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing --debug +或 +sudo yunohost app upgrade vaultwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing --debug +``` + +**有关应用打包的更多信息:** From e03dee06adc2dec67a9bf349f3b904be3f8502ba Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 4 May 2024 13:54:51 +0200 Subject: [PATCH 12/32] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 9be8da4..2c5f0fd 100644 --- a/manifest.toml +++ b/manifest.toml @@ -72,4 +72,4 @@ ram.runtime = "50M" admin.show_tile = false [resources.apt] - packages = "libpq5" + packages = "libpq5, librust-cargo+openssl-dev" From d0c6d0fbb956a9577f12199a3895e5e875f4d826 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 4 May 2024 16:16:08 +0200 Subject: [PATCH 13/32] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 2c5f0fd..9be8da4 100644 --- a/manifest.toml +++ b/manifest.toml @@ -72,4 +72,4 @@ ram.runtime = "50M" admin.show_tile = false [resources.apt] - packages = "libpq5, librust-cargo+openssl-dev" + packages = "libpq5" From 5bf1b526602ab284ec93bc39ee05650eacb303a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 29 May 2024 21:43:07 +0200 Subject: [PATCH 14/32] upgrade version --- manifest.toml | 2 +- scripts/backup | 16 +--------------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/manifest.toml b/manifest.toml index 9be8da4..9042adc 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "Vaultwarden" description.en = "Manage passwords and other sensitive informations" description.fr = "Gérez les mots de passe et autres informations sensibles" -version = "1.30.1~ynh1" +version = "1.30.5~ynh1" maintainers = [ ] diff --git a/scripts/backup b/scripts/backup index 56012c0..887e9ed 100644 --- a/scripts/backup +++ b/scripts/backup @@ -28,30 +28,16 @@ ynh_backup --src_path="$install_dir" ynh_backup --src_path="$data_dir" --is_big #================================================= -# BACKUP THE NGINX CONFIGURATION +# SYSTEM CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" -#================================================= -# SPECIFIC BACKUP -#================================================= -# BACKUP LOGROTATE -#================================================= - ynh_backup --src_path="/etc/logrotate.d/$app" -#================================================= -# BACKUP SYSTEMD -#================================================= - ynh_backup --src_path="/etc/systemd/system/$app.service" #================================================= From 61b63995807edbae1a2bb3bb4d8a62ac43e63661 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 29 May 2024 19:43:12 +0000 Subject: [PATCH 15/32] Auto-update READMEs --- ALL_README.md | 1 + README.md | 2 +- README_es.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++ README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- README_zh_Hans.md | 4 ++-- 7 files changed, 59 insertions(+), 6 deletions(-) create mode 100644 README_es.md diff --git a/ALL_README.md b/ALL_README.md index a01b345..152f2e7 100644 --- a/ALL_README.md +++ b/ALL_README.md @@ -1,6 +1,7 @@ # All available README files by language - [Read the README in English](README.md) +- [Lea el README en español](README_es.md) - [Irakurri README euskaraz](README_eu.md) - [Lire le README en français](README_fr.md) - [Le o README en galego](README_gl.md) diff --git a/README.md b/README.md index fb5454b..4b01233 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**Shipped version:** 1.30.1~ynh1 +**Shipped version:** 1.30.5~ynh1 **Demo:** diff --git a/README_es.md b/README_es.md new file mode 100644 index 0000000..17d54d0 --- /dev/null +++ b/README_es.md @@ -0,0 +1,52 @@ + + +# Vaultwarden para Yunohost + +[![Nivel de integración](https://dash.yunohost.org/integration/vaultwarden.svg)](https://dash.yunohost.org/appci/app/vaultwarden) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/vaultwarden.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/vaultwarden.maintain.svg) + +[![Instalar Vaultwarden con Yunhost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=vaultwarden) + +*[Leer este README en otros idiomas.](./ALL_README.md)* + +> *Este paquete le permite instalarVaultwarden rapidamente y simplement en un servidor YunoHost.* +> *Si no tiene YunoHost, visita [the guide](https://yunohost.org/install) para aprender como instalarla.* + +## Descripción general + +Vaultwarden is a password manager, allowing generation and storage of passwords in a secure way. These are protected by a single password called the "master password". + +Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. + + +**Versión actual:** 1.30.5~ynh1 + +**Demo:** + +## Capturas + +![Captura de Vaultwarden](./doc/screenshots/screenshot1.png) + +## Documentaciones y recursos + +- Documentación usuario oficial: +- Documentación administrador oficial: +- Repositorio del código fuente oficial de la aplicación : +- Catálogo YunoHost: +- Reportar un error: + +## Información para desarrolladores + +Por favor enviar sus correcciones a la [`branch testing`](https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing + +Para probar la rama `testing`, sigue asÍ: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing --debug +o +sudo yunohost app upgrade vaultwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing --debug +``` + +**Mas informaciones sobre el empaquetado de aplicaciones:** diff --git a/README_eu.md b/README_eu.md index c25c455..288a438 100644 --- a/README_eu.md +++ b/README_eu.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**Paketatutako bertsioa:** 1.30.1~ynh1 +**Paketatutako bertsioa:** 1.30.5~ynh1 **Demoa:** diff --git a/README_fr.md b/README_fr.md index cc41730..d7e735f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -21,7 +21,7 @@ Vaultwarden est un gestionnaire de mots de passe, qui permet de générer et de Il existe des clients pour [Linux, macOS et Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), et comme module d'extension pour navigateur web. Il est aussi possible de gérer ses mot de passe depuis l'interface web. -**Version incluse :** 1.30.1~ynh1 +**Version incluse :** 1.30.5~ynh1 **Démo :** diff --git a/README_gl.md b/README_gl.md index 9615a9e..367612f 100644 --- a/README_gl.md +++ b/README_gl.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**Versión proporcionada:** 1.30.1~ynh1 +**Versión proporcionada:** 1.30.5~ynh1 **Demo:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 505b101..043c863 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -3,7 +3,7 @@ 请勿手动编辑。 --> -# YunoHost 的 Vaultwarden +# YunoHost 上的 Vaultwarden [![集成程度](https://dash.yunohost.org/integration/vaultwarden.svg)](https://dash.yunohost.org/appci/app/vaultwarden) ![工作状态](https://ci-apps.yunohost.org/ci/badges/vaultwarden.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/vaultwarden.maintain.svg) @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**分发版本:** 1.30.1~ynh1 +**分发版本:** 1.30.5~ynh1 **演示:** From bc187448267ca2e05d7d765578f16f47acb5bede Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 29 May 2024 21:51:09 +0200 Subject: [PATCH 16/32] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 9042adc..745b6a7 100644 --- a/manifest.toml +++ b/manifest.toml @@ -72,4 +72,4 @@ ram.runtime = "50M" admin.show_tile = false [resources.apt] - packages = "libpq5" + packages = "libpq5, libssl-dev" From 590030bdc2e44e5cca43a174326d4ee6975c5b97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 29 May 2024 22:03:36 +0200 Subject: [PATCH 17/32] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 745b6a7..9042adc 100644 --- a/manifest.toml +++ b/manifest.toml @@ -72,4 +72,4 @@ ram.runtime = "50M" admin.show_tile = false [resources.apt] - packages = "libpq5, libssl-dev" + packages = "libpq5" From 491797183bfe47fbd28fa605da36cfdb8789e155 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 2 Jun 2024 19:26:20 +0200 Subject: [PATCH 18/32] Update upgrade --- scripts/upgrade | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 8bf316b..1f8b712 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -10,12 +10,6 @@ source _common.sh source ynh_docker_image_extract source /usr/share/yunohost/helpers -#================================================= -# CHECK VERSION -#================================================= - -upgrade_type=$(ynh_check_app_version_changed) - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -29,12 +23,9 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --li # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." +ynh_script_progression --message="Upgrading source files..." - _download_vaultwarden_from_docker -fi +_download_vaultwarden_from_docker #================================================= # UPDATE A CONFIG FILE From 86386370253e2f05b85937a7158b154656bd3339 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 9 Jul 2024 16:55:11 +0000 Subject: [PATCH 19/32] Auto-update READMEs --- README_es.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_es.md b/README_es.md index 17d54d0..b052aba 100644 --- a/README_es.md +++ b/README_es.md @@ -5,7 +5,7 @@ No se debe editar a mano. # Vaultwarden para Yunohost -[![Nivel de integración](https://dash.yunohost.org/integration/vaultwarden.svg)](https://dash.yunohost.org/appci/app/vaultwarden) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/vaultwarden.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/vaultwarden.maintain.svg) +[![Nivel de integración](https://dash.yunohost.org/integration/vaultwarden.svg)](https://ci-apps.yunohost.org/ci/apps/vaultwarden/) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/vaultwarden.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/vaultwarden.maintain.svg) [![Instalar Vaultwarden con Yunhost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=vaultwarden) From 471b8518c7bfdb8b6f929b33e2fa3f3d2cfadbc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jul 2024 18:56:30 +0200 Subject: [PATCH 20/32] Update manifest.toml --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 9042adc..caa6e9e 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "Vaultwarden" description.en = "Manage passwords and other sensitive informations" description.fr = "Gérez les mots de passe et autres informations sensibles" -version = "1.30.5~ynh1" +version = "1.31.0~ynh1" maintainers = [ ] @@ -19,7 +19,7 @@ userdoc = "https://help.bitwarden.com/" code = "https://github.com/dani-garcia/vaultwarden" [integration] -yunohost = ">= 11.2" +yunohost = ">= 11.2.20" architectures = "all" multi_instance = true From abd1920ab62683dd3bd3e3a45bcc1b26cf52d535 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 9 Jul 2024 16:56:39 +0000 Subject: [PATCH 21/32] Auto-update READMEs --- README.md | 2 +- README_es.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- README_zh_Hans.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index dcde191..d6df25c 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**Shipped version:** 1.30.5~ynh1 +**Shipped version:** 1.31.0~ynh1 **Demo:** diff --git a/README_es.md b/README_es.md index b052aba..2a4f03f 100644 --- a/README_es.md +++ b/README_es.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**Versión actual:** 1.30.5~ynh1 +**Versión actual:** 1.31.0~ynh1 **Demo:** diff --git a/README_eu.md b/README_eu.md index ffe6d4e..fe6eb6f 100644 --- a/README_eu.md +++ b/README_eu.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**Paketatutako bertsioa:** 1.30.5~ynh1 +**Paketatutako bertsioa:** 1.31.0~ynh1 **Demoa:** diff --git a/README_fr.md b/README_fr.md index d88da5d..17e77eb 100644 --- a/README_fr.md +++ b/README_fr.md @@ -21,7 +21,7 @@ Vaultwarden est un gestionnaire de mots de passe, qui permet de générer et de Il existe des clients pour [Linux, macOS et Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), et comme module d'extension pour navigateur web. Il est aussi possible de gérer ses mot de passe depuis l'interface web. -**Version incluse :** 1.30.5~ynh1 +**Version incluse :** 1.31.0~ynh1 **Démo :** diff --git a/README_gl.md b/README_gl.md index e3c2b42..3757c46 100644 --- a/README_gl.md +++ b/README_gl.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**Versión proporcionada:** 1.30.5~ynh1 +**Versión proporcionada:** 1.31.0~ynh1 **Demo:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 069c4bc..5e13d87 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -21,7 +21,7 @@ Vaultwarden is a password manager, allowing generation and storage of passwords Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. -**分发版本:** 1.30.5~ynh1 +**分发版本:** 1.31.0~ynh1 **演示:** From 3c94073eb983131fd7b7ec15e3e3a4ff7cbcfae5 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 16 Jul 2024 14:23:59 +0200 Subject: [PATCH 22/32] preinstall rsync before tests --- tests.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests.toml b/tests.toml index d5deb96..c19513d 100644 --- a/tests.toml +++ b/tests.toml @@ -4,6 +4,10 @@ test_format = 1.0 [default] + preinstall = """ + sudo apt update >/dev/null && sudo apt install rsync -y + """ + # ------------------------------- # Commits to test upgrade from # ------------------------------- From a1958ecc6029e5de2edf0895097413f452f100b8 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 16 Jul 2024 14:33:27 +0200 Subject: [PATCH 23/32] apt-get instead of apt, less logs --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index c19513d..9e278d4 100644 --- a/tests.toml +++ b/tests.toml @@ -5,7 +5,7 @@ test_format = 1.0 [default] preinstall = """ - sudo apt update >/dev/null && sudo apt install rsync -y + sudo apt-get update >/dev/null && sudo apt-get install rsync -y >/dev/null """ # ------------------------------- From bf96011a2365265791470c126972f6203b681705 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 16 Jul 2024 15:01:05 +0200 Subject: [PATCH 24/32] preinstall libssl1.1 too --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 9e278d4..05b5d91 100644 --- a/tests.toml +++ b/tests.toml @@ -5,7 +5,7 @@ test_format = 1.0 [default] preinstall = """ - sudo apt-get update >/dev/null && sudo apt-get install rsync -y >/dev/null + sudo apt-get update >/dev/null && sudo apt-get install rsync libssl1.1 -y >/dev/null """ # ------------------------------- From 824d1f1493c6249ebe5a97e9bd9616ab0ad6b116 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 16 Jul 2024 15:22:43 +0200 Subject: [PATCH 25/32] well, libssl1.1 doesn't exist on bookworm --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 05b5d91..9e278d4 100644 --- a/tests.toml +++ b/tests.toml @@ -5,7 +5,7 @@ test_format = 1.0 [default] preinstall = """ - sudo apt-get update >/dev/null && sudo apt-get install rsync libssl1.1 -y >/dev/null + sudo apt-get update >/dev/null && sudo apt-get install rsync -y >/dev/null """ # ------------------------------- From 7959754767ef77c78b071985c488cf6baedde6e5 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 16 Jul 2024 15:54:01 +0200 Subject: [PATCH 26/32] update nginx conf, remove websocket port --- conf/nginx.conf | 17 ++++------------- manifest.toml | 1 - 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index b3a299b..f1d6a1a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,22 +7,13 @@ location __PATH__/ { # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file client_max_body_size 100M; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:__PORT_ROCKET__; } - -location __INSTALL_DIR__/notifications/hub { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://127.0.0.1:__PORT_WEBSOCKET__; -} - -location __INSTALL_DIR__/notifications/hub/negotiate { - proxy_pass http://127.0.0.1:__PORT_ROCKET__; -} \ No newline at end of file diff --git a/manifest.toml b/manifest.toml index caa6e9e..1b33cac 100644 --- a/manifest.toml +++ b/manifest.toml @@ -56,7 +56,6 @@ ram.runtime = "50M" [resources.data_dir] [resources.ports] - websocket.default = 3012 rocket.default = 8095 [resources.permissions] From d2b5d49285472582a6c30ce55e66d4f81f5a88ad Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 16 Jul 2024 16:31:46 +0200 Subject: [PATCH 27/32] Update env file --- conf/vaultwarden.env | 532 +++++++++++++++++++++++++++---------------- 1 file changed, 342 insertions(+), 190 deletions(-) diff --git a/conf/vaultwarden.env b/conf/vaultwarden.env index 474fd3b..ff3dca2 100644 --- a/conf/vaultwarden.env +++ b/conf/vaultwarden.env @@ -1,30 +1,72 @@ +# shellcheck disable=SC2034,SC2148 ## Vaultwarden Configuration File ## Uncomment any of the following lines to change the defaults ## ## Be aware that most of these settings will be overridden if they were changed ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json . ## -## By default, vaultwarden expects for this file to be named ".env" and located +## By default, Vaultwarden expects for this file to be named ".env" and located ## in the current working directory. If this is not the case, the environment ## variable ENV_FILE can be set to the location of this file prior to starting -## vaultwarden. +## Vaultwarden. + +#################### +### Data folders ### +#################### ## Main data folder DATA_FOLDER=__DATA_DIR__ +## Individual folders, these override %DATA_FOLDER% +# RSA_KEY_FILENAME=data/rsa_key +# ICON_CACHE_FOLDER=data/icon_cache +# ATTACHMENTS_FOLDER=data/attachments +# SENDS_FOLDER=data/sends +# TMP_FOLDER=data/tmp + +## Templates data folder, by default uses embedded templates +## Check source code to see the format +# TEMPLATES_FOLDER=data/templates +## Automatically reload the templates for every request, slow, use only for development +# RELOAD_TEMPLATES=false + +## Web vault settings +WEB_VAULT_FOLDER=web-vault/ +WEB_VAULT_ENABLED=true + +######################### +### Database settings ### +######################### + ## Database URL ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3 # DATABASE_URL=data/db.sqlite3 ## When using MySQL, specify an appropriate connection URI. -## Details: https://docs.diesel.rs/diesel/mysql/struct.MysqlConnection.html +## Details: https://docs.diesel.rs/2.1.x/diesel/mysql/struct.MysqlConnection.html # DATABASE_URL=mysql://user:password@host[:port]/database_name ## When using PostgreSQL, specify an appropriate connection URI (recommended) ## or keyword/value connection string. ## Details: -## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html +## - https://docs.diesel.rs/2.1.x/diesel/pg/struct.PgConnection.html ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING # DATABASE_URL=postgresql://user:password@host[:port]/database_name +## Enable WAL for the DB +## Set to false to avoid enabling WAL during startup. +## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB, +## this setting only prevents Vaultwarden from automatically enabling it on start. +## Please read project wiki page about this setting first before changing the value as it can +## cause performance degradation or might render the service unable to start. +# ENABLE_DB_WAL=true + +## Database connection retries +## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely +# DB_CONNECTION_RETRIES=15 + +## Database timeout +## Timeout when acquiring database connection +# DATABASE_TIMEOUT=30 + ## Database max connections ## Define the size of the connection pool used for connecting to the database. # DATABASE_MAX_CONNS=10 @@ -38,53 +80,44 @@ DATA_FOLDER=__DATA_DIR__ ## - PostgreSQL: "" # DATABASE_CONN_INIT="" -## Individual folders, these override %DATA_FOLDER% -# RSA_KEY_FILENAME=data/rsa_key -# ICON_CACHE_FOLDER=data/icon_cache -# ATTACHMENTS_FOLDER=data/attachments -# SENDS_FOLDER=data/sends -# TMP_FOLDER=data/tmp +################# +### WebSocket ### +################# -## Templates data folder, by default uses embedded templates -## Check source code to see the format -# TEMPLATES_FOLDER=/path/to/templates -## Automatically reload the templates for every request, slow, use only for development -# RELOAD_TEMPLATES=false +## Enable websocket notifications +# ENABLE_WEBSOCKET=true -## Client IP Header, used to identify the IP of the client, defaults to "X-Real-IP" -## Set to the string "none" (without quotes), to disable any headers and just use the remote IP -# IP_HEADER=X-Real-IP +########################## +### Push notifications ### +########################## -## Cache time-to-live for successfully obtained icons, in seconds (0 is "forever") -# ICON_CACHE_TTL=2592000 -## Cache time-to-live for icons which weren't available, in seconds (0 is "forever") -# ICON_CACHE_NEGTTL=259200 +## Enables push notifications (requires key and id from https://bitwarden.com/host) +## If you choose "European Union" Data Region, uncomment PUSH_RELAY_URI and PUSH_IDENTITY_URI then replace .com by .eu +## Details about mobile client push notification: +## - https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification +# PUSH_ENABLED=false +# PUSH_INSTALLATION_ID=CHANGEME +# PUSH_INSTALLATION_KEY=CHANGEME +## Don't change this unless you know what you're doing. +# PUSH_RELAY_URI=https://push.bitwarden.com +# PUSH_IDENTITY_URI=https://identity.bitwarden.com -## Web vault settings -WEB_VAULT_FOLDER=web-vault/ -WEB_VAULT_ENABLED=true - -## Enables websocket notifications -WEBSOCKET_ENABLED=true - -## Controls the WebSocket server address and port -WEBSOCKET_ADDRESS=127.0.0.1 -WEBSOCKET_PORT=__PORT_WEBSOCKET__ - -## Controls whether users are allowed to create Bitwarden Sends. -## This setting applies globally to all users. -## To control this on a per-org basis instead, use the "Disable Send" org policy. -# SENDS_ALLOWED=true - -## Controls whether users can enable emergency access to their accounts. -## This setting applies globally to all users. -# EMERGENCY_ACCESS_ALLOWED=true +##################### +### Schedule jobs ### +##################### ## Job scheduler settings ## ## Job schedules use a cron-like syntax (as parsed by https://crates.io/crates/cron), ## and are always in terms of UTC time (regardless of your local time zone settings). ## +## The schedule format is a bit different from crontab as crontab does not contains seconds. +## You can test the the format here: https://crontab.guru, but remove the first digit! +## SEC MIN HOUR DAY OF MONTH MONTH DAY OF WEEK +## "0 30 9,12,15 1,15 May-Aug Mon,Wed,Fri" +## "0 30 * * * * " +## "0 30 1 * * * " +## ## How often (in ms) the job scheduler thread checks for jobs that need running. ## Set to 0 to globally disable scheduled jobs. # JOB_POLL_INTERVAL_MS=30000 @@ -102,66 +135,80 @@ WEBSOCKET_PORT=__PORT_WEBSOCKET__ # INCOMPLETE_2FA_SCHEDULE="30 * * * * *" ## ## Cron schedule of the job that sends expiration reminders to emergency access grantors. -## Defaults to hourly (5 minutes after the hour). Set blank to disable this job. -# EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE="0 5 * * * *" +## Defaults to hourly (3 minutes after the hour). Set blank to disable this job. +# EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE="0 3 * * * *" ## ## Cron schedule of the job that grants emergency access requests that have met the required wait time. -## Defaults to hourly (5 minutes after the hour). Set blank to disable this job. -# EMERGENCY_REQUEST_TIMEOUT_SCHEDULE="0 5 * * * *" - -## Enable extended logging, which shows timestamps and targets in the logs -# EXTENDED_LOGGING=true - -## Timestamp format used in extended logging. -## Format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime -# LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f" - -## Logging to file -LOG_FILE=/var/log/__APP__/__APP__.log - -## Logging to Syslog -## This requires extended logging -# USE_SYSLOG=false - -## Log level -## Change the verbosity of the log output -## Valid values are "trace", "debug", "info", "warn", "error" and "off" -## Setting it to "trace" or "debug" would also show logs for mounted -## routes and static file, websocket and alive requests -# LOG_LEVEL=Info - -## Enable WAL for the DB -## Set to false to avoid enabling WAL during startup. -## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB, -## this setting only prevents vaultwarden from automatically enabling it on start. -## Please read project wiki page about this setting first before changing the value as it can -## cause performance degradation or might render the service unable to start. -# ENABLE_DB_WAL=true - -## Database connection retries -## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely -# DB_CONNECTION_RETRIES=15 - -## Icon service -## The predefined icon services are: internal, bitwarden, duckduckgo, google. -## To specify a custom icon service, set a URL template with exactly one instance of `{}`, -## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`. +## Defaults to hourly (7 minutes after the hour). Set blank to disable this job. +# EMERGENCY_REQUEST_TIMEOUT_SCHEDULE="0 7 * * * *" ## -## `internal` refers to Vaultwarden's built-in icon fetching implementation. -## If an external service is set, an icon request to Vaultwarden will return an HTTP -## redirect to the corresponding icon at the external service. An external service may -## be useful if your Vaultwarden instance has no external network connectivity, or if -## you are concerned that someone may probe your instance to try to detect whether icons -## for certain sites have been cached. -# ICON_SERVICE=internal +## Cron schedule of the job that cleans old events from the event table. +## Defaults to daily. Set blank to disable this job. Also without EVENTS_DAYS_RETAIN set, this job will not start. +# EVENT_CLEANUP_SCHEDULE="0 10 0 * * *" +## Number of days to retain events stored in the database. +## If unset (the default), events are kept indefinitely and the scheduled job is disabled! +# EVENTS_DAYS_RETAIN= +## +## Cron schedule of the job that cleans old auth requests from the auth request. +## Defaults to every minute. Set blank to disable this job. +# AUTH_REQUEST_PURGE_SCHEDULE="30 * * * * *" -## Icon redirect code -## The HTTP status code to use for redirects to an external icon service. -## The supported codes are 301 (legacy permanent), 302 (legacy temporary), 307 (temporary), and 308 (permanent). -## Temporary redirects are useful while testing different icon services, but once a service -## has been decided on, consider using permanent redirects for cacheability. The legacy codes -## are currently better supported by the Bitwarden clients. -# ICON_REDIRECT_CODE=302 +######################## +### General settings ### +######################## + +## Domain settings +## The domain must match the address from where you access the server +## It's recommended to configure this value, otherwise certain functionality might not work, +## like attachment downloads, email links and U2F. +## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs +## To use HTTPS, the recommended way is to put Vaultwarden behind a reverse proxy +## Details: +## - https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS +## - https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples +## For development +# DOMAIN=http://localhost +## For public server +# DOMAIN=https://vw.domain.tld +## For public server (URL with port number) +# DOMAIN=https://vw.domain.tld:8443 +## For public server (URL with path) +# DOMAIN=https://domain.tld/vw +DOMAIN=https://__DOMAIN____PATH__ + +## Controls whether users are allowed to create Bitwarden Sends. +## This setting applies globally to all users. +## To control this on a per-org basis instead, use the "Disable Send" org policy. +# SENDS_ALLOWED=true + +## HIBP Api Key +## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key +# HIBP_API_KEY= + +## Per-organization attachment storage limit (KB) +## Max kilobytes of attachment storage allowed per organization. +## When this limit is reached, organization members will not be allowed to upload further attachments for ciphers owned by that organization. +# ORG_ATTACHMENT_LIMIT= +## Per-user attachment storage limit (KB) +## Max kilobytes of attachment storage allowed per user. +## When this limit is reached, the user will not be allowed to upload further attachments. +# USER_ATTACHMENT_LIMIT= +## Per-user send storage limit (KB) +## Max kilobytes of send storage allowed per user. +## When this limit is reached, the user will not be allowed to upload further sends. +# USER_SEND_LIMIT= + +## Number of days to wait before auto-deleting a trashed item. +## If unset (the default), trashed items are not auto-deleted. +## This setting applies globally, so make sure to inform all users of any changes to this setting. +# TRASH_AUTO_DELETE_DAYS= + +## Number of minutes to wait before a 2FA-enabled login is considered incomplete, +## resulting in an email notification. An incomplete 2FA login is one where the correct +## master password was provided but the required 2FA step was not completed, which +## potentially indicates a master password compromise. Set to 0 to disable this check. +## This setting applies globally to all users. +# INCOMPLETE_2FA_TIME_LIMIT=3 ## Disable icon downloading ## Set to true to disable icon downloading in the internal icon service. @@ -170,38 +217,6 @@ LOG_FILE=/var/log/__APP__/__APP__.log ## will be deleted eventually, but won't be downloaded again. # DISABLE_ICON_DOWNLOAD=false -## Icon download timeout -## Configure the timeout value when downloading the favicons. -## The default is 10 seconds, but this could be to low on slower network connections -# ICON_DOWNLOAD_TIMEOUT=10 - -## Icon blacklist Regex -## Any domains or IPs that match this regex won't be fetched by the icon service. -## Useful to hide other servers in the local network. Check the WIKI for more details -## NOTE: Always enclose this regex withing single quotes! -# ICON_BLACKLIST_REGEX='^(192\.168\.0\.[0-9]+|192\.168\.1\.[0-9]+)$' - -## Any IP which is not defined as a global IP will be blacklisted. -## Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block -# ICON_BLACKLIST_NON_GLOBAL_IPS=true - -## Disable 2FA remember -## Enabling this would force the users to use a second factor to login every time. -## Note that the checkbox would still be present, but ignored. -# DISABLE_2FA_REMEMBER=false - -## Maximum attempts before an email token is reset and a new email will need to be sent. -# EMAIL_ATTEMPTS_LIMIT=3 - -## Token expiration time -## Maximum time in seconds a token is valid. The time the user has to open email client and copy token. -# EMAIL_EXPIRATION_TIME=600 - -## Email token size -## Number of digits in an email 2FA token (min: 6, max: 255). -## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting! -# EMAIL_TOKEN_SIZE=6 - ## Controls if new users can register SIGNUPS_ALLOWED=false @@ -223,6 +238,11 @@ SIGNUPS_ALLOWED=false ## even if SIGNUPS_ALLOWED is set to false # SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org +## Controls whether event logging is enabled for organizations +## This setting applies to organizations. +## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings. +# ORG_EVENTS_ENABLED=false + ## Controls which users can create new orgs. ## Blank or 'all' means all users can create orgs (this is the default): # ORG_CREATION_USERS= @@ -231,44 +251,26 @@ SIGNUPS_ALLOWED=false ## A comma-separated list means only those users can create orgs: # ORG_CREATION_USERS=admin1@example.com,admin2@example.com -## Token for the admin interface, preferably use a long random string -## One option is to use 'openssl rand -base64 48' -## If not set, the admin panel is disabled -ADMIN_TOKEN=__ADMIN_TOKEN__ - -## Enable this to bypass the admin panel security. This option is only -## meant to be used with the use of a separate auth layer in front -# DISABLE_ADMIN_TOKEN=false - ## Invitations org admins to invite users, even when signups are disabled # INVITATIONS_ALLOWED=true ## Name shown in the invitation emails that don't come from a specific organization # INVITATION_ORG_NAME=Vaultwarden -## Per-organization attachment storage limit (KB) -## Max kilobytes of attachment storage allowed per organization. -## When this limit is reached, organization members will not be allowed to upload further attachments for ciphers owned by that organization. -# ORG_ATTACHMENT_LIMIT= -## Per-user attachment storage limit (KB) -## Max kilobytes of attachment storage allowed per user. -## When this limit is reached, the user will not be allowed to upload further attachments. -# USER_ATTACHMENT_LIMIT= +## The number of hours after which an organization invite token, emergency access invite token, +## email verification token and deletion request token will expire (must be at least 1) +# INVITATION_EXPIRATION_HOURS=120 -## Number of days to wait before auto-deleting a trashed item. -## If unset (the default), trashed items are not auto-deleted. -## This setting applies globally, so make sure to inform all users of any changes to this setting. -# TRASH_AUTO_DELETE_DAYS= - -## Number of minutes to wait before a 2FA-enabled login is considered incomplete, -## resulting in an email notification. An incomplete 2FA login is one where the correct -## master password was provided but the required 2FA step was not completed, which -## potentially indicates a master password compromise. Set to 0 to disable this check. +## Controls whether users can enable emergency access to their accounts. ## This setting applies globally to all users. -# INCOMPLETE_2FA_TIME_LIMIT=3 +# EMERGENCY_ACCESS_ALLOWED=true -## Controls the PBBKDF password iterations to apply on the server -## The change only applies when the password is changed -# PASSWORD_ITERATIONS=100000 +## Controls whether users can change their email. +## This setting applies globally to all users +# EMAIL_CHANGE_ALLOWED=true + +## Number of server-side passwords hashing iterations for the password hash. +## The default for new users. If changed, it will be updated during login for existing users. +# PASSWORD_ITERATIONS=600000 ## Controls whether users can set password hints. This setting applies globally to all users. # PASSWORD_HINTS_ALLOWED=true @@ -278,12 +280,115 @@ ADMIN_TOKEN=__ADMIN_TOKEN__ ## as this provides unauthenticated access to potentially sensitive data. # SHOW_PASSWORD_HINT=false -## Domain settings -## The domain must match the address from where you access the server -## It's recommended to configure this value, otherwise certain functionality might not work, -## like attachment downloads, email links and U2F. -## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs -DOMAIN=https://__DOMAIN____PATH__ +######################### +### Advanced settings ### +######################### + +## Client IP Header, used to identify the IP of the client, defaults to "X-Real-IP" +## Set to the string "none" (without quotes), to disable any headers and just use the remote IP +# IP_HEADER=X-Real-IP + +## Icon service +## The predefined icon services are: internal, bitwarden, duckduckgo, google. +## To specify a custom icon service, set a URL template with exactly one instance of `{}`, +## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`. +## +## `internal` refers to Vaultwarden's built-in icon fetching implementation. +## If an external service is set, an icon request to Vaultwarden will return an HTTP +## redirect to the corresponding icon at the external service. An external service may +## be useful if your Vaultwarden instance has no external network connectivity, or if +## you are concerned that someone may probe your instance to try to detect whether icons +## for certain sites have been cached. +# ICON_SERVICE=internal + +## Icon redirect code +## The HTTP status code to use for redirects to an external icon service. +## The supported codes are 301 (legacy permanent), 302 (legacy temporary), 307 (temporary), and 308 (permanent). +## Temporary redirects are useful while testing different icon services, but once a service +## has been decided on, consider using permanent redirects for cacheability. The legacy codes +## are currently better supported by the Bitwarden clients. +# ICON_REDIRECT_CODE=302 + +## Cache time-to-live for successfully obtained icons, in seconds (0 is "forever") +## Default: 2592000 (30 days) +# ICON_CACHE_TTL=2592000 +## Cache time-to-live for icons which weren't available, in seconds (0 is "forever") +## Default: 2592000 (3 days) +# ICON_CACHE_NEGTTL=259200 + +## Icon download timeout +## Configure the timeout value when downloading the favicons. +## The default is 10 seconds, but this could be to low on slower network connections +# ICON_DOWNLOAD_TIMEOUT=10 + +## Icon blacklist Regex +## Any domains or IPs that match this regex won't be fetched by the icon service. +## Useful to hide other servers in the local network. Check the WIKI for more details +## NOTE: Always enclose this regex withing single quotes! +# ICON_BLACKLIST_REGEX='^(192\.168\.0\.[0-9]+|192\.168\.1\.[0-9]+)$' + +## Any IP which is not defined as a global IP will be blacklisted. +## Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block +# ICON_BLACKLIST_NON_GLOBAL_IPS=true + +## Client Settings +## Enable experimental feature flags for clients. +## This is a comma-separated list of flags, e.g. "flag1,flag2,flag3". +## +## The following flags are available: +## - "autofill-overlay": Add an overlay menu to form fields for quick access to credentials. +## - "autofill-v2": Use the new autofill implementation. +## - "browser-fileless-import": Directly import credentials from other providers without a file. +## - "fido2-vault-credentials": Enable the use of FIDO2 security keys as second factor. +# EXPERIMENTAL_CLIENT_FEATURE_FLAGS=fido2-vault-credentials + +## Require new device emails. When a user logs in an email is required to be sent. +## If sending the email fails the login attempt will fail!! +# REQUIRE_DEVICE_EMAIL=false + +## Enable extended logging, which shows timestamps and targets in the logs +# EXTENDED_LOGGING=true + +## Timestamp format used in extended logging. +## Format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime +# LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f" + +## Logging to Syslog +## This requires extended logging +# USE_SYSLOG=false + +## Logging to file +LOG_FILE=/var/log/__APP__/__APP__.log + +## Log level +## Change the verbosity of the log output +## Valid values are "trace", "debug", "info", "warn", "error" and "off" +## Setting it to "trace" or "debug" would also show logs for mounted +## routes and static file, websocket and alive requests +# LOG_LEVEL=info + +## Token for the admin interface, preferably an Argon2 PCH string +## Vaultwarden has a built-in generator by calling `vaultwarden hash` +## For details see: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token +## If not set, the admin panel is disabled +## New Argon2 PHC string +## Note that for some environments, like docker-compose you need to escape all the dollar signs `$` with an extra dollar sign like `$$` +## Also, use single quotes (') instead of double quotes (") to enclose the string when needed +# ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78' +## Old plain text string (Will generate warnings in favor of Argon2) +ADMIN_TOKEN=__ADMIN_TOKEN__ + +## Enable this to bypass the admin panel security. This option is only +## meant to be used with the use of a separate auth layer in front +# DISABLE_ADMIN_TOKEN=false + +## Number of seconds, on average, between admin login requests from the same IP address before rate limiting kicks in. +# ADMIN_RATELIMIT_SECONDS=300 +## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`. +# ADMIN_RATELIMIT_MAX_BURST=3 + +## Set the lifetime of admin sessions to this value (in minutes). +# ADMIN_SESSION_LIFETIME=20 ## Allowed iframe ancestors (Know the risks!) ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors @@ -298,10 +403,16 @@ DOMAIN=https://__DOMAIN____PATH__ ## Note that this applies to both the login and the 2FA, so it's recommended to allow a burst size of at least 2. # LOGIN_RATELIMIT_MAX_BURST=10 -## Number of seconds, on average, between admin requests from the same IP address before rate limiting kicks in. -# ADMIN_RATELIMIT_SECONDS=300 -## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`. -# ADMIN_RATELIMIT_MAX_BURST=3 +## BETA FEATURE: Groups +## Controls whether group support is enabled for organizations +## This setting applies to organizations. +## Disabled by default because this is a beta feature, it contains known issues! +## KNOW WHAT YOU ARE DOING! +# ORG_GROUPS_ENABLED=false + +######################## +### MFA/2FA settings ### +######################## ## Yubico (Yubikey) Settings ## Set your Client ID and Secret Key for Yubikey OTP @@ -322,6 +433,30 @@ DOMAIN=https://__DOMAIN____PATH__ ## After that, you should be able to follow the rest of the guide linked above, ## ignoring the fields that ask for the values that you already configured beforehand. +## Email 2FA settings +## Email token size +## Number of digits in an email 2FA token (min: 6, max: 255). +## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting! +# EMAIL_TOKEN_SIZE=6 +## +## Token expiration time +## Maximum time in seconds a token is valid. The time the user has to open email client and copy token. +# EMAIL_EXPIRATION_TIME=600 +## +## Maximum attempts before an email token is reset and a new email will need to be sent. +# EMAIL_ATTEMPTS_LIMIT=3 +## +## Setup email 2FA regardless of any organization policy +# EMAIL_2FA_ENFORCE_ON_VERIFIED_INVITE=false +## Automatically setup email 2FA as fallback provider when needed +# EMAIL_2FA_AUTO_FALLBACK=false + +## Other MFA/2FA settings +## Disable 2FA remember +## Enabling this would force the users to use a second factor to login every time. +## Note that the checkbox would still be present, but ignored. +# DISABLE_2FA_REMEMBER=false +## ## Authenticator Settings ## Disable authenticator time drifted codes to be valid. ## TOTP codes of the previous and next 30 seconds will be invalid @@ -334,57 +469,74 @@ DOMAIN=https://__DOMAIN____PATH__ ## In any case, if a code has been used it can not be used again, also codes which predates it will be invalid. # AUTHENTICATOR_DISABLE_TIME_DRIFT=false -## Rocket specific settings -## See https://rocket.rs/v0.4/guide/configuration/ for more details. -ROCKET_ADDRESS=127.0.0.1 -ROCKET_PORT=__PORT_ROCKET__ -ROCKET_WORKERS=1 -# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} +########################### +### SMTP Email settings ### +########################### -## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service. +## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service. ## To make sure the email links are pointing to the correct host, set the DOMAIN variable. ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory SMTP_HOST=__DOMAIN__ SMTP_FROM=__APP__@__DOMAIN__ SMTP_FROM_NAME=Vaultwarden -SMTP_SECURITY=starttls -SMTP_PORT=25 SMTP_USERNAME=__APP__ SMTP_PASSWORD=__MAIL_PWD__ # SMTP_TIMEOUT=15 +## Choose the type of secure connection for SMTP. The default is "starttls". +## The available options are: +## - "starttls": The default port is 587. +## - "force_tls": The default port is 465. +## - "off": The default port is 25. +## Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS). +SMTP_SECURITY=starttls +SMTP_PORT=25 + +# Whether to send mail via the `sendmail` command +# USE_SENDMAIL=false +# Which sendmail command to use. The one found in the $PATH is used if not specified. +# SENDMAIL_COMMAND="/path/to/sendmail" + ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections. ## Possible values: ["Plain", "Login", "Xoauth2"]. ## Multiple options need to be separated by a comma ','. -# SMTP_AUTH_MECHANISM="Plain" +# SMTP_AUTH_MECHANISM= ## Server name sent during the SMTP HELO ## By default this value should be is on the machine's hostname, ## but might need to be changed in case it trips some anti-spam filters # HELO_NAME= +## Embed images as email attachments +# SMTP_EMBED_IMAGES=true + ## SMTP debugging ## When set to true this will output very detailed SMTP messages. ## WARNING: This could contain sensitive information like passwords and usernames! Only enable this during troubleshooting! # SMTP_DEBUG=false -## Accept Invalid Hostnames -## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks! -## Only use this as a last resort if you are not able to use a valid certificate. -# SMTP_ACCEPT_INVALID_HOSTNAMES=false - ## Accept Invalid Certificates ## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks! ## Only use this as a last resort if you are not able to use a valid certificate. ## If the Certificate is valid but the hostname doesn't match, please use SMTP_ACCEPT_INVALID_HOSTNAMES instead. # SMTP_ACCEPT_INVALID_CERTS=false -## Require new device emails. When a user logs in an email is required to be sent. -## If sending the email fails the login attempt will fail!! -# REQUIRE_DEVICE_EMAIL=false +## Accept Invalid Hostnames +## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks! +## Only use this as a last resort if you are not able to use a valid certificate. +# SMTP_ACCEPT_INVALID_HOSTNAMES=false + +####################### +### Rocket settings ### +####################### + +## Rocket specific settings +## See https://rocket.rs/v0.5/guide/configuration/ for more details. +ROCKET_ADDRESS=127.0.0.1 +## The default port is 8000, unless running in a Docker container, in which case it is 80. +ROCKET_PORT=__PORT_ROCKET__ +ROCKET_WORKERS=1 +# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} -## HIBP Api Key -## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key -# HIBP_API_KEY= # vim: syntax=ini From f076e8114dd37602a32dca7fa6fa300b5ad895b4 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 16 Jul 2024 16:36:43 +0200 Subject: [PATCH 28/32] YunoHost-specific section to simplify configuration file updates --- conf/vaultwarden.env | 63 +++++++++++++++++++++++++++++++------------- 1 file changed, 45 insertions(+), 18 deletions(-) diff --git a/conf/vaultwarden.env b/conf/vaultwarden.env index ff3dca2..8497597 100644 --- a/conf/vaultwarden.env +++ b/conf/vaultwarden.env @@ -15,7 +15,7 @@ #################### ## Main data folder -DATA_FOLDER=__DATA_DIR__ +# DATA_FOLDER=data ## Individual folders, these override %DATA_FOLDER% # RSA_KEY_FILENAME=data/rsa_key @@ -31,8 +31,8 @@ DATA_FOLDER=__DATA_DIR__ # RELOAD_TEMPLATES=false ## Web vault settings -WEB_VAULT_FOLDER=web-vault/ -WEB_VAULT_ENABLED=true +# WEB_VAULT_FOLDER=web-vault/ +# WEB_VAULT_ENABLED=true ######################### ### Database settings ### @@ -174,7 +174,6 @@ WEB_VAULT_ENABLED=true # DOMAIN=https://vw.domain.tld:8443 ## For public server (URL with path) # DOMAIN=https://domain.tld/vw -DOMAIN=https://__DOMAIN____PATH__ ## Controls whether users are allowed to create Bitwarden Sends. ## This setting applies globally to all users. @@ -218,7 +217,7 @@ DOMAIN=https://__DOMAIN____PATH__ # DISABLE_ICON_DOWNLOAD=false ## Controls if new users can register -SIGNUPS_ALLOWED=false +# SIGNUPS_ALLOWED=true ## Controls if new users need to verify their email address upon registration ## Note that setting this option to true prevents logins until the email address has been verified! @@ -358,7 +357,7 @@ SIGNUPS_ALLOWED=false # USE_SYSLOG=false ## Logging to file -LOG_FILE=/var/log/__APP__/__APP__.log +# LOG_FILE=/path/to/log ## Log level ## Change the verbosity of the log output @@ -376,7 +375,7 @@ LOG_FILE=/var/log/__APP__/__APP__.log ## Also, use single quotes (') instead of double quotes (") to enclose the string when needed # ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78' ## Old plain text string (Will generate warnings in favor of Argon2) -ADMIN_TOKEN=__ADMIN_TOKEN__ +# ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp ## Enable this to bypass the admin panel security. This option is only ## meant to be used with the use of a separate auth layer in front @@ -476,11 +475,11 @@ ADMIN_TOKEN=__ADMIN_TOKEN__ ## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service. ## To make sure the email links are pointing to the correct host, set the DOMAIN variable. ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory -SMTP_HOST=__DOMAIN__ -SMTP_FROM=__APP__@__DOMAIN__ -SMTP_FROM_NAME=Vaultwarden -SMTP_USERNAME=__APP__ -SMTP_PASSWORD=__MAIL_PWD__ +# SMTP_HOST=smtp.domain.tld +# SMTP_FROM=vaultwarden@domain.tld +# SMTP_FROM_NAME=Vaultwarden +# SMTP_USERNAME=username +# SMTP_PASSWORD=password # SMTP_TIMEOUT=15 ## Choose the type of secure connection for SMTP. The default is "starttls". @@ -489,8 +488,8 @@ SMTP_PASSWORD=__MAIL_PWD__ ## - "force_tls": The default port is 465. ## - "off": The default port is 25. ## Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS). -SMTP_SECURITY=starttls -SMTP_PORT=25 +# SMTP_SECURITY=starttls +# SMTP_PORT=587 # Whether to send mail via the `sendmail` command # USE_SENDMAIL=false @@ -532,11 +531,39 @@ SMTP_PORT=25 ## Rocket specific settings ## See https://rocket.rs/v0.5/guide/configuration/ for more details. -ROCKET_ADDRESS=127.0.0.1 +# ROCKET_ADDRESS=0.0.0.0 ## The default port is 8000, unless running in a Docker container, in which case it is 80. -ROCKET_PORT=__PORT_ROCKET__ -ROCKET_WORKERS=1 +# ROCKET_PORT=8000 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} +####################################### +### YunoHost Specific Configuration ### +####################################### -# vim: syntax=ini +DATA_FOLDER=__DATA_DIR__ + +WEB_VAULT_FOLDER=web-vault/ +WEB_VAULT_ENABLED=true + +DOMAIN=https://__DOMAIN____PATH__ + +SIGNUPS_ALLOWED=false + +LOG_FILE=/var/log/__APP__/__APP__.log + +ADMIN_TOKEN=__ADMIN_TOKEN__ + +SMTP_HOST=__DOMAIN__ +SMTP_FROM=__APP__@__DOMAIN__ +SMTP_FROM_NAME=Vaultwarden +SMTP_USERNAME=__APP__ +SMTP_PASSWORD=__MAIL_PWD__ + +SMTP_SECURITY=starttls +SMTP_PORT=25 + +ROCKET_ADDRESS=127.0.0.1 +ROCKET_PORT=__PORT_ROCKET__ +ROCKET_WORKERS=1 + +# vim: syntax=ini \ No newline at end of file From 313954863e570756d045e2a461c468bc86a69d66 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 16 Jul 2024 16:48:53 +0200 Subject: [PATCH 29/32] fix stop line_match --- scripts/change_url | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index c5f3d2d..d284b94 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Vaultwarden process exited" #================================================= # MODIFY URL IN NGINX CONF diff --git a/scripts/upgrade b/scripts/upgrade index 1f8b712..3233c61 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -17,7 +17,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopping Vaultwarden Server" +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Vaultwarden process exited" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE From c4d957b589c81f56302722529021b8f468e4dc52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 4 Aug 2024 08:23:29 +0200 Subject: [PATCH 30/32] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 1b33cac..b387024 100644 --- a/manifest.toml +++ b/manifest.toml @@ -19,7 +19,7 @@ userdoc = "https://help.bitwarden.com/" code = "https://github.com/dani-garcia/vaultwarden" [integration] -yunohost = ">= 11.2.20" +yunohost = ">= 12.0.0" architectures = "all" multi_instance = true From da82537a65296a136b9c291cfc5eb63256fdce34 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 4 Aug 2024 06:23:36 +0000 Subject: [PATCH 31/32] Auto-update READMEs --- ALL_README.md | 1 + README_id.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 README_id.md diff --git a/ALL_README.md b/ALL_README.md index 152f2e7..4ed64dd 100644 --- a/ALL_README.md +++ b/ALL_README.md @@ -5,4 +5,5 @@ - [Irakurri README euskaraz](README_eu.md) - [Lire le README en français](README_fr.md) - [Le o README en galego](README_gl.md) +- [Baca README dalam bahasa bahasa Indonesia](README_id.md) - [阅读中文(简体)的 README](README_zh_Hans.md) diff --git a/README_id.md b/README_id.md new file mode 100644 index 0000000..af5e7e7 --- /dev/null +++ b/README_id.md @@ -0,0 +1,52 @@ + + +# Vaultwarden untuk YunoHost + +[![Tingkat integrasi](https://dash.yunohost.org/integration/vaultwarden.svg)](https://ci-apps.yunohost.org/ci/apps/vaultwarden/) ![Status kerja](https://ci-apps.yunohost.org/ci/badges/vaultwarden.status.svg) ![Status pemeliharaan](https://ci-apps.yunohost.org/ci/badges/vaultwarden.maintain.svg) + +[![Pasang Vaultwarden dengan YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=vaultwarden) + +*[Baca README ini dengan bahasa yang lain.](./ALL_README.md)* + +> *Paket ini memperbolehkan Anda untuk memasang Vaultwarden secara cepat dan mudah pada server YunoHost.* +> *Bila Anda tidak mempunyai YunoHost, silakan berkonsultasi dengan [panduan](https://yunohost.org/install) untuk mempelajari bagaimana untuk memasangnya.* + +## Ringkasan + +Vaultwarden is a password manager, allowing generation and storage of passwords in a secure way. These are protected by a single password called the "master password". + +Clients exist for [Linux, macOS and Windows](https://bitwarden.com/#download), [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden), [iOS](https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8), and as a web browser plug-ins. It is also possible to manage passwords from the web interface. + + +**Versi terkirim:** 1.31.0~ynh1 + +**Demo:** + +## Tangkapan Layar + +![Tangkapan Layar pada Vaultwarden](./doc/screenshots/screenshot1.png) + +## Dokumentasi dan sumber daya + +- Dokumentasi pengguna resmi: +- Dokumentasi admin resmi: +- Depot kode aplikasi hulu: +- Gudang YunoHost: +- Laporkan bug: + +## Info developer + +Silakan kirim pull request ke [`testing` branch](https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing). + +Untuk mencoba branch `testing`, silakan dilanjutkan seperti: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing --debug +atau +sudo yunohost app upgrade vaultwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh/tree/testing --debug +``` + +**Info lebih lanjut mengenai pemaketan aplikasi:** From f89f70219fdbc34a38189e7123ec7e0b65078cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 4 Aug 2024 08:45:01 +0200 Subject: [PATCH 32/32] cleaning --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/install b/scripts/install index 1353c33..b4e45a0 100644 --- a/scripts/install +++ b/scripts/install @@ -63,7 +63,7 @@ ynh_use_logrotate # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" -yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log" +yunohost service add $app --description="$app daemon for Vaultwarden" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/restore b/scripts/restore index 65c3a5a..ffc6f4e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -39,7 +39,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log" +yunohost service add $app --description="$app daemon for Vaultwarden" --log="/var/log/$app/$app.log" # Create log file for fail2ban mkdir -p "/var/log/$app" diff --git a/scripts/upgrade b/scripts/upgrade index 3233c61..e3690bb 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,7 +22,6 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --li #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= - ynh_script_progression --message="Upgrading source files..." _download_vaultwarden_from_docker @@ -69,7 +68,7 @@ ynh_use_logrotate --non-append # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" -yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log" +yunohost service add $app --description="$app daemon for Vaultwarden" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE