diff --git a/Personal Server Scripts/vaultwarden.sh b/Personal Server Scripts/vaultwarden.sh new file mode 100644 index 0000000..baeaf73 --- /dev/null +++ b/Personal Server Scripts/vaultwarden.sh @@ -0,0 +1,251 @@ +#!/bin/bash + +# Check if script is run as root +if [ "$EUID" -ne 0 ]; then + echo "This script must be run as root. Please use sudo or run as root." + exit 1 +fi + +# Function to install necessary packages +install_dependencies() { + echo "Installing necessary packages..." + sudo apt update && apt upgrade -y + sudo apt install -y wget curl sudo +} + +# Function to create vaultwarden user if it doesn't exist +create_vaultwarden_user() { + if ! command -v useradd &> /dev/null; then + echo "useradd command not found. Installing..." + sudo apt install -y passwd + fi + + if ! id "vaultwarden" &>/dev/null; then + echo "Creating vaultwarden user..." + sudo useradd -r -s /bin/false vaultwarden + echo "Vaultwarden user created." + else + echo "Vaultwarden user already exists." + fi +} + +# Function to extract without Docker +extract_without_docker() { + echo "Extracting binaries without Docker..." + mkdir -p vw-image + cd vw-image + if ! wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract; then + echo "Failed to download docker-image-extract script. Exiting." + exit 1 + fi + chmod +x docker-image-extract + if ! ./docker-image-extract vaultwarden/server:latest-alpine; then + echo "Failed to extract Vaultwarden image. Exiting." + exit 1 + fi + sudo mv output/vaultwarden /home/vaultwarden/ || { echo "Failed to move vaultwarden binary. Exiting."; exit 1; } + sudo mv output/web-vault /home/vaultwarden/ || { echo "Failed to move web-vault. Exiting."; exit 1; } + cd .. + rm -rf vw-image + sudo mkdir -p /home/vaultwarden/data + echo "Extraction complete." +} + +# Create systemd service file +create_systemd_service() { + sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF +[Unit] +Description=Vaultwarden Server +After=network.target + +[Service] +User=vaultwarden +Group=vaultwarden +ExecStart=/home/vaultwarden/vaultwarden +WorkingDirectory=/home/vaultwarden +EnvironmentFile=/home/vaultwarden/.env + +[Install] +WantedBy=multi-user.target +EOF +} + +# Function to create .env file +create_env_file() { + echo "Setting up Vaultwarden configuration..." + read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN + + sudo tee /home/vaultwarden/.env > /dev/null << EOF +DOMAIN=https://$DOMAIN +ROCKET_PORT=8000 +DATA_FOLDER=/home/vaultwarden/data +WEB_VAULT_FOLDER=/home/vaultwarden/web-vault +EOF + + sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env + sudo chmod 600 /home/vaultwarden/.env +} + +# Function to install Certbot +install_certbot() { + echo "Installing Certbot..." + sudo apt update + sudo apt install -y snapd + sudo snap install core + sudo snap refresh core + sudo snap install --classic certbot + sudo ln -s /snap/bin/certbot /usr/bin/certbot +} + +# Function to set up Nginx +setup_nginx() { + if ! command -v nginx &> /dev/null; then + echo "Nginx not found. Installing..." + sudo apt update && sudo apt install -y nginx + fi + + sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF +server { + listen 80; + server_name $DOMAIN; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } +} +EOF + + sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/ + + # Install Certbot before testing Nginx configuration + install_certbot + + # Now test and reload Nginx + sudo nginx -t && sudo systemctl reload nginx + + echo "Nginx configured." +}install_certbot() { + if ! command -v certbot &> /dev/null; then + echo "Installing Certbot..." + sudo apt update + sudo apt install -y certbot python3-certbot-nginx + else + echo "Certbot is already installed." + fi +} + +# Function to set up admin panel +setup_admin_panel() { + echo "Setting up admin panel..." + + # Install argon2 if not already installed + if ! command -v argon2 &> /dev/null; then + echo "Installing argon2..." + sudo apt update + sudo apt install -y argon2 + fi + + # Prompt for admin password + read -sp "Enter the admin password: " admin_password + echo + + # Generate argon2 hash + admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4) + + # Append admin token to .env file + echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null + echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null + + echo "Admin panel has been enabled." +} + +# Main script starts here + +# Welcome Message +cat <<"EOF" +! +! ███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗ +! ██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝ +! ███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝ +! ╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗ +! ███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗ +! ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ +! +EOF + +echo "Thanks for using Enki's Vault Warden script" +echo "This script will install Vault Warden and add it to the system files so it can start at boot." +echo "This also sets up Nginx for your domain as an option." +if [ -t 0 ]; then + echo "To continue, hit any key." + read -n 1 -s -r -p "" +fi + +echo "Starting Vaultwarden installation..." + +# Install dependencies +install_dependencies + +# Create vaultwarden user +create_vaultwarden_user + +# Create vaultwarden directory +sudo mkdir -p /home/vaultwarden + +# Extract Vaultwarden +extract_without_docker + +# Create .env file +create_env_file + +# Create systemd service +create_systemd_service + +# Set correct permissions +sudo chown -R vaultwarden:vaultwarden /home/vaultwarden + +# Offer to set up Nginx +read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer +if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then + setup_nginx +fi + +# Enable and start Vaultwarden service +sudo systemctl enable vaultwarden +sudo systemctl start vaultwarden + +echo "Vaultwarden has been installed, configured, and started." +echo "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)." +echo "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well." + +# Offer to set up admin panel +read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer +if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then + setup_admin_panel + # Restart Vaultwarden to apply changes + sudo systemctl restart vaultwarden +fi + + +if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then + echo "" + echo "IMPORTANT: SSL/HTTPS Setup Instructions" + echo "----------------------------------------" + echo "1. Ensure you have pointed your domain's A record to this server's IP address." + echo "2. Once DNS propagation is complete (this can take up to 48 hours but in most cases it only takes a few minutes), run the following command:" + echo " sudo certbot --nginx -d $DOMAIN" + echo "3. Follow the prompts to complete the SSL certificate installation." + echo "4. Certbot will automatically modify your Nginx configuration to use HTTPS." + echo "" + echo "For more information on using Certbot, visit: https://certbot.eff.org/" +fi + +if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then + echo "" + echo "Admin panel has been enabled. You can access it at https://$DOMAIN/admin" + echo "Use the password you provided to log in." +fi \ No newline at end of file