TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f16556dfc0
docker-apps/vaultwarden/vaultwarden_jm.txt
Chris d067d5f1f7 first commit
2025-04-03 22:57:52 +02:00

106 lines
4.8 KiB
Plaintext
Raw Blame History

Create user and group
---------------------
Credentials -> Local Users -> Add
Full Name: vaultwdn
Username: vaultwdn
Disable Password: <selected>
Email: <leave blank>
Create New Primary Group: <selected>
Create Home Directory: <unchecked>
Samba Authentication: <unchecked>
Save
PUID: 3013
PGID: 3012
Update .env file accordingly (PUID, PGID)
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*vaultwarden"
# create following datasets if not present
zfs create SSD1/docker/data/vaultwarden
zfs create SSD1/docker/data/vaultwarden/appdata
zfs create SSD1/docker/data/vaultwarden/config
zfs create SSD1/docker/data/vaultwarden/pgdata
zfs create SSD1/docker/data/vaultwarden/pgbackups
chown -R vaultwdn:vaultwdn /mnt/SSD1/docker/data/vaultwarden
chown -R postgres:postgres /mnt/SSD1/docker/data/vaultwarden/pgdata
chown -R postgres:postgres /mnt/SSD1/docker/data/vaultwarden/pgbackups
chmod 700 /mnt/SSD1/docker/data/vaultwarden/pgdata
chmod 700 /mnt/SSD1/docker/data/vaultwarden/pgbackups
Create folder
-------------
# In Truenas shell:
mkdir -p /mnt/SSD1/docker/stacks/vaultwarden/secrets
mkdir /mnt/SSD1/docker/stacks/vaultwarden/scripts
chown -R vaultwdn:vaultwdn /mnt/SSD1/docker/stacks/vaultwarden/scripts/
Create secrets
--------------
In Truenas shell:
cd /mnt/SSD1/docker/stacks/vaultwarden/secrets/
# database secrets
echo -n 'vaultwarden' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_database
echo -n 'vaultwarden' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_username
openssl rand 64 | base64 -w 0 | sed 's/[\$,\#,/,+,=]//g' | cut -c -64 | tr -d '\n' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_password
# for vaultwarden's benefit
cd /mnt/SSD1/docker/stacks/vaultwarden/secrets/
echo -n "postgres://$(cat vaultwarden_postgresql_username):$(cat vaultwarden_postgresql_password)@vaultwarden_postgresql:5432/$(cat vaultwarden_postgresql_database)" > vaultwarden_database_url
# smtp email secrets
echo -n 'your_smtp_destination' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_destination
echo -n 'your_smtp_from' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_from
echo -n 'your_smtp_host' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_host
echo -n 'your_smtp_username' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_username
echo -n 'your_smtp_password' > /mnt/SSD1/docker/stacks/vaultwarden/secrets/smtp_password
# restrict access
chown -R vaultwdn:vaultwdn /mnt/SSD1/docker/stacks/vaultwarden/secrets/
chmod -R 400 /mnt/SSD1/docker/stacks/vaultwarden/secrets/
# read existing acl permissions, if any
getfacl /mnt/SSD1/docker/stacks/vaultwarden/secrets
# set acl permissions
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/vaultwarden/secrets
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_password
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_username
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/vaultwarden/secrets/vaultwarden_postgresql_database
# NB! if you want to remove all acl entries from a folder recursively, use setfacl -b -R <foldername>
# to list secrets in secrets dir
cd /mnt/SSD1/docker/stacks/vaultwarden/secrets
for i in $(ls -1); do echo $i = `cat $i`; done | sort
Copy folder to docker stacks
----------------------------
In Windows cmd shell in vaultwarden parent (apps) folder, enter:
./cp2nas 10.0.0.20 vaultwarden
# or
pscp -P 22 -r vaultwarden/stacks/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/vaultwarden/
Generating admin token
----------------------
# Start vaultwarden using Dockge
# In docker shell, enter:
docker exec -it vaultwarden-vaultwarden-1 /vaultwarden hash
# Enter strong but memorable password
# Add the string starting with ADMIN_TOKEN to the .vaultwarden.env file
# Edit the string replacing all $ with $$ and removing single quotes around the string value. After the edit, there should be 5 x $$ in the string and no single quotes.
# For example (before and after edit):
# before: ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$Dc3fvaWmkxiZ3PPeVxLNZkTwKghY31S+2bHjN0qZ8PQ$C7p/sWCzfa137Q2coqphcz3WSp2aw4v4TZ/JT9ascTY'
# after : ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$Dc3fvaWmkxiZ3PPeVxLNZkTwKghY31S+2bHjN0qZ8PQ$$C7p/sWCzfa137Q2coqphcz3WSp2aw4v4TZ/JT9ascTY
# Restart vaultwarden stack
# You can login as admin using https://vaultwarden.sthome.org/admin and entering the password used to generate the ADMIN_TOKEN
Changing URL on Opera browser Bitwarden extension
-------------------------------------------------
Left click on Bitwarden icon (left bottom corner)
Click on Log out
Underneath email address, left click down arrow next to self-hosted
Click on self-hosted
Change the Server URL
Click on Save
Click on Continue
Enter master password of new vaultwarden URL
Click Log in with master password
Reference in New Issue View Git Blame Copy Permalink