This updates the readme and adds a vault warden Script

This commit is contained in:
Enki 2024-07-17 14:19:55 -07:00
parent 2704f37c41
commit c92824b073

View File

@ -0,0 +1,251 @@
#!/bin/bash
# Check if script is run as root
if [ "$EUID" -ne 0 ]; then
echo "This script must be run as root. Please use sudo or run as root."
exit 1
fi
# Function to install necessary packages
install_dependencies() {
echo "Installing necessary packages..."
sudo apt update && apt upgrade -y
sudo apt install -y wget curl sudo
}
# Function to create vaultwarden user if it doesn't exist
create_vaultwarden_user() {
if ! command -v useradd &> /dev/null; then
echo "useradd command not found. Installing..."
sudo apt install -y passwd
fi
if ! id "vaultwarden" &>/dev/null; then
echo "Creating vaultwarden user..."
sudo useradd -r -s /bin/false vaultwarden
echo "Vaultwarden user created."
else
echo "Vaultwarden user already exists."
fi
}
# Function to extract without Docker
extract_without_docker() {
echo "Extracting binaries without Docker..."
mkdir -p vw-image
cd vw-image
if ! wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract; then
echo "Failed to download docker-image-extract script. Exiting."
exit 1
fi
chmod +x docker-image-extract
if ! ./docker-image-extract vaultwarden/server:latest-alpine; then
echo "Failed to extract Vaultwarden image. Exiting."
exit 1
fi
sudo mv output/vaultwarden /home/vaultwarden/ || { echo "Failed to move vaultwarden binary. Exiting."; exit 1; }
sudo mv output/web-vault /home/vaultwarden/ || { echo "Failed to move web-vault. Exiting."; exit 1; }
cd ..
rm -rf vw-image
sudo mkdir -p /home/vaultwarden/data
echo "Extraction complete."
}
# Create systemd service file
create_systemd_service() {
sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF
[Unit]
Description=Vaultwarden Server
After=network.target
[Service]
User=vaultwarden
Group=vaultwarden
ExecStart=/home/vaultwarden/vaultwarden
WorkingDirectory=/home/vaultwarden
EnvironmentFile=/home/vaultwarden/.env
[Install]
WantedBy=multi-user.target
EOF
}
# Function to create .env file
create_env_file() {
echo "Setting up Vaultwarden configuration..."
read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN
sudo tee /home/vaultwarden/.env > /dev/null << EOF
DOMAIN=https://$DOMAIN
ROCKET_PORT=8000
DATA_FOLDER=/home/vaultwarden/data
WEB_VAULT_FOLDER=/home/vaultwarden/web-vault
EOF
sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env
sudo chmod 600 /home/vaultwarden/.env
}
# Function to install Certbot
install_certbot() {
echo "Installing Certbot..."
sudo apt update
sudo apt install -y snapd
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
}
# Function to set up Nginx
setup_nginx() {
if ! command -v nginx &> /dev/null; then
echo "Nginx not found. Installing..."
sudo apt update && sudo apt install -y nginx
fi
sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF
server {
listen 80;
server_name $DOMAIN;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
EOF
sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/
# Install Certbot before testing Nginx configuration
install_certbot
# Now test and reload Nginx
sudo nginx -t && sudo systemctl reload nginx
echo "Nginx configured."
}install_certbot() {
if ! command -v certbot &> /dev/null; then
echo "Installing Certbot..."
sudo apt update
sudo apt install -y certbot python3-certbot-nginx
else
echo "Certbot is already installed."
fi
}
# Function to set up admin panel
setup_admin_panel() {
echo "Setting up admin panel..."
# Install argon2 if not already installed
if ! command -v argon2 &> /dev/null; then
echo "Installing argon2..."
sudo apt update
sudo apt install -y argon2
fi
# Prompt for admin password
read -sp "Enter the admin password: " admin_password
echo
# Generate argon2 hash
admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4)
# Append admin token to .env file
echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null
echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null
echo "Admin panel has been enabled."
}
# Main script starts here
# Welcome Message
cat <<"EOF"
!
! ███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗
! ██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
! ███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝
! ╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗
! ███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗
! ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
!
EOF
echo "Thanks for using Enki's Vault Warden script"
echo "This script will install Vault Warden and add it to the system files so it can start at boot."
echo "This also sets up Nginx for your domain as an option."
if [ -t 0 ]; then
echo "To continue, hit any key."
read -n 1 -s -r -p ""
fi
echo "Starting Vaultwarden installation..."
# Install dependencies
install_dependencies
# Create vaultwarden user
create_vaultwarden_user
# Create vaultwarden directory
sudo mkdir -p /home/vaultwarden
# Extract Vaultwarden
extract_without_docker
# Create .env file
create_env_file
# Create systemd service
create_systemd_service
# Set correct permissions
sudo chown -R vaultwarden:vaultwarden /home/vaultwarden
# Offer to set up Nginx
read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
setup_nginx
fi
# Enable and start Vaultwarden service
sudo systemctl enable vaultwarden
sudo systemctl start vaultwarden
echo "Vaultwarden has been installed, configured, and started."
echo "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)."
echo "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well."
# Offer to set up admin panel
read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
setup_admin_panel
# Restart Vaultwarden to apply changes
sudo systemctl restart vaultwarden
fi
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
echo ""
echo "IMPORTANT: SSL/HTTPS Setup Instructions"
echo "----------------------------------------"
echo "1. Ensure you have pointed your domain's A record to this server's IP address."
echo "2. Once DNS propagation is complete (this can take up to 48 hours but in most cases it only takes a few minutes), run the following command:"
echo " sudo certbot --nginx -d $DOMAIN"
echo "3. Follow the prompts to complete the SSL certificate installation."
echo "4. Certbot will automatically modify your Nginx configuration to use HTTPS."
echo ""
echo "For more information on using Certbot, visit: https://certbot.eff.org/"
fi
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
echo ""
echo "Admin panel has been enabled. You can access it at https://$DOMAIN/admin"
echo "Use the password you provided to log in."
fi