Create user and group --------------------- Credentials -> Local Users -> Add Full Name: vaultwdn Username: vaultwdn Disable Password: Email: Create New Primary Group: Create Home Directory: Samba Authentication: Save PUID: 3013 PGID: 3012 Update .env file accordingly (PUID, PGID) Create datasets --------------- # In Truenas shell: # list datasets zfs list | grep -i "docker.*vaultwarden" # create following datasets if not present zfs create SSD1/docker/data/vaultwarden zfs create SSD1/docker/data/vaultwarden/appdata zfs create SSD1/docker/data/vaultwarden/config zfs create SSD1/docker/data/vaultwarden/pgdata zfs create SSD1/docker/data/vaultwarden/pgbackups chown -R vaultwdn:vaultwdn /mnt/SSD1/docker/data/vaultwarden chown -R postgres:postgres /mnt/SSD1/docker/data/vaultwarden/pgdata chown -R postgres:postgres /mnt/SSD1/docker/data/vaultwarden/pgbackups chmod 700 /mnt/SSD1/docker/data/vaultwarden/pgdata chmod 700 /mnt/SSD1/docker/data/vaultwarden/pgbackups Create folder ------------- # In Truenas shell: mkdir -p /mnt/SSD1/docker/stacks/vaultwarden/secrets mkdir /mnt/SSD1/docker/stacks/vaultwarden/scripts chown -R vaultwdn:vaultwdn /mnt/SSD1/docker/stacks/vaultwarden/scripts/ Create secrets -------------- In Truenas shell: cd /mnt/SSD1/docker/stacks/vaultwarden/secrets/ # database secrets echo -n 'vaultwarden' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_database echo -n 'vaultwarden' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_username openssl rand 64 | base64 -w 0 | sed 's/[\$,\#,/,+,=]//g' | cut -c -64 | tr -d '\n' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_password # for vaultwarden's benefit cd /mnt/SSD1/docker/stacks/vaultwarden/secrets/ echo -n "postgres://$(cat vaultwarden_postgresql_username):$(cat vaultwarden_postgresql_password)@vaultwarden_postgresql:5432/$(cat vaultwarden_postgresql_database)" > vaultwarden_database_url # smtp email secrets echo -n 'your_smtp_destination' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_destination echo -n 'your_smtp_from' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_from echo -n 'your_smtp_host' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_host echo -n 'your_smtp_username' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_username echo -n 'your_smtp_password' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_password # restrict access chown -R vaultwdn:vaultwdn /mnt/SSD1/docker/stacks/vaultwarden/secrets/ chmod -R 400 /mnt/SSD1/docker/stacks/vaultwarden/secrets/ # read existing acl permissions, if any getfacl /mnt/SSD1/docker/stacks/vaultwarden/secrets # set acl permissions setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/vaultwarden/secrets setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_password setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_username setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_database # NB! if you want to remove all acl entries from a folder recursively, use setfacl -b -R # to list secrets in secrets dir cd /mnt/SSD1/docker/stacks/vaultwarden/secrets for i in $(ls -1); do echo $i = `cat $i`; done | sort Copy folder to docker stacks ---------------------------- In Windows cmd shell in vaultwarden parent (apps) folder, enter: ./cp2nas 10.0.0.20 vaultwarden # or pscp -P 22 -r vaultwarden/stacks/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/vaultwarden/ Generating admin token ---------------------- # Start vaultwarden using Dockge # In docker shell, enter: docker exec -it vaultwarden-vaultwarden-1 /vaultwarden hash # Enter strong but memorable password # Add the string starting with ADMIN_TOKEN to the .vaultwarden.env file # Edit the string replacing all $ with $$ and removing single quotes around the string value. After the edit, there should be 5 x $$ in the string and no single quotes. # For example (before and after edit): # before: ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$Dc3fvaWmkxiZ3PPeVxLNZkTwKghY31S+2bHjN0qZ8PQ$C7p/sWCzfa137Q2coqphcz3WSp2aw4v4TZ/JT9ascTY' # after : ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$Dc3fvaWmkxiZ3PPeVxLNZkTwKghY31S+2bHjN0qZ8PQ$$C7p/sWCzfa137Q2coqphcz3WSp2aw4v4TZ/JT9ascTY # Restart vaultwarden stack # You can login as admin using https://vaultwarden.sthome.org/admin and entering the password used to generate the ADMIN_TOKEN Changing URL on Opera browser Bitwarden extension ------------------------------------------------- Left click on Bitwarden icon (left bottom corner) Click on Log out Underneath email address, left click down arrow next to self-hosted Click on self-hosted Change the Server URL Click on Save Click on Continue Enter master password of new vaultwarden URL Click Log in with master password