This updates the readme and adds a vault warden Script

Personal Server Scripts/vaultwarden.sh

@@ -0,0 +1,251 @@
+#!/bin/bash
+
+# Check if script is run as root
+if [ "$EUID" -ne 0 ]; then
+    echo "This script must be run as root. Please use sudo or run as root."
+    exit 1
+fi
+
+# Function to install necessary packages
+install_dependencies() {
+    echo "Installing necessary packages..."
+    sudo apt update && apt upgrade -y
+    sudo apt install -y wget curl sudo
+}
+
+# Function to create vaultwarden user if it doesn't exist
+create_vaultwarden_user() {
+    if ! command -v useradd &> /dev/null; then
+        echo "useradd command not found. Installing..."
+        sudo apt install -y passwd
+    fi
+
+    if ! id "vaultwarden" &>/dev/null; then
+        echo "Creating vaultwarden user..."
+        sudo useradd -r -s /bin/false vaultwarden
+        echo "Vaultwarden user created."
+    else
+        echo "Vaultwarden user already exists."
+    fi
+}
+
+# Function to extract without Docker
+extract_without_docker() {
+    echo "Extracting binaries without Docker..."
+    mkdir -p vw-image
+    cd vw-image
+    if ! wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract; then
+        echo "Failed to download docker-image-extract script. Exiting."
+        exit 1
+    fi
+    chmod +x docker-image-extract
+    if ! ./docker-image-extract vaultwarden/server:latest-alpine; then
+        echo "Failed to extract Vaultwarden image. Exiting."
+        exit 1
+    fi
+    sudo mv output/vaultwarden /home/vaultwarden/ || { echo "Failed to move vaultwarden binary. Exiting."; exit 1; }
+    sudo mv output/web-vault /home/vaultwarden/ || { echo "Failed to move web-vault. Exiting."; exit 1; }
+    cd ..
+    rm -rf vw-image
+    sudo mkdir -p /home/vaultwarden/data
+    echo "Extraction complete."
+}
+
+# Create systemd service file
+create_systemd_service() {
+    sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF
+[Unit]
+Description=Vaultwarden Server
+After=network.target
+
+[Service]
+User=vaultwarden
+Group=vaultwarden
+ExecStart=/home/vaultwarden/vaultwarden
+WorkingDirectory=/home/vaultwarden
+EnvironmentFile=/home/vaultwarden/.env
+
+[Install]
+WantedBy=multi-user.target
+EOF
+}
+
+# Function to create .env file
+create_env_file() {
+    echo "Setting up Vaultwarden configuration..."
+    read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN
+
+    sudo tee /home/vaultwarden/.env > /dev/null << EOF
+DOMAIN=https://$DOMAIN
+ROCKET_PORT=8000
+DATA_FOLDER=/home/vaultwarden/data
+WEB_VAULT_FOLDER=/home/vaultwarden/web-vault
+EOF
+
+    sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env
+    sudo chmod 600 /home/vaultwarden/.env
+}
+
+# Function to install Certbot
+install_certbot() {
+    echo "Installing Certbot..."
+    sudo apt update
+    sudo apt install -y snapd
+    sudo snap install core
+    sudo snap refresh core
+    sudo snap install --classic certbot
+    sudo ln -s /snap/bin/certbot /usr/bin/certbot
+}
+
+# Function to set up Nginx
+setup_nginx() {
+    if ! command -v nginx &> /dev/null; then
+        echo "Nginx not found. Installing..."
+        sudo apt update && sudo apt install -y nginx
+    fi
+
+    sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF
+server {
+    listen 80;
+    server_name $DOMAIN;
+    
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+}
+EOF
+
+    sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/
+    
+    # Install Certbot before testing Nginx configuration
+    install_certbot
+    
+    # Now test and reload Nginx
+    sudo nginx -t && sudo systemctl reload nginx
+    
+    echo "Nginx configured."
+}install_certbot() {
+    if ! command -v certbot &> /dev/null; then
+        echo "Installing Certbot..."
+        sudo apt update
+        sudo apt install -y certbot python3-certbot-nginx
+    else
+        echo "Certbot is already installed."
+    fi
+}
+
+# Function to set up admin panel
+setup_admin_panel() {
+    echo "Setting up admin panel..."
+    
+    # Install argon2 if not already installed
+    if ! command -v argon2 &> /dev/null; then
+        echo "Installing argon2..."
+        sudo apt update
+        sudo apt install -y argon2
+    fi
+
+    # Prompt for admin password
+    read -sp "Enter the admin password: " admin_password
+    echo
+
+    # Generate argon2 hash
+    admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4)
+
+    # Append admin token to .env file
+    echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null
+    echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null
+
+    echo "Admin panel has been enabled."
+}
+
+# Main script starts here
+
+# Welcome Message
+cat <<"EOF"
+!   
+!   ███████╗ ██████╗ ██╗   ██╗██████╗  █████╗ ███╗   ██╗    ███████╗███████╗██████╗ ██╗   ██╗███████╗██████╗     ██████╗  █████╗  ██████╗██╗  ██╗
+!   ██╔════╝██╔═══██╗██║   ██║██╔══██╗██╔══██╗████╗  ██║    ██╔════╝██╔════╝██╔══██╗██║   ██║██╔════╝██╔══██╗    ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
+!   ███████╗██║   ██║██║   ██║██████╔╝███████║██╔██╗ ██║    ███████╗█████╗  ██████╔╝██║   ██║█████╗  ██████╔╝    ██████╔╝███████║██║     █████╔╝ 
+!   ╚════██║██║   ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║    ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██╔══╝  ██╔══██╗    ██╔═══╝ ██╔══██║██║     ██╔═██╗ 
+!   ███████║╚██████╔╝ ╚████╔╝ ██║  ██║██║  ██║██║ ╚████║    ███████║███████╗██║  ██║ ╚████╔╝ ███████╗██║  ██║    ██║     ██║  ██║╚██████╗██║  ██╗
+!   ╚══════╝ ╚═════╝   ╚═══╝  ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝    ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚══════╝╚═╝  ╚═╝    ╚═╝     ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝
+!                                                                                                                                              
+EOF
+
+echo "Thanks for using Enki's Vault Warden script"
+echo "This script will install Vault Warden and add it to the system files so it can start at boot."
+echo "This also sets up Nginx for your domain as an option."
+if [ -t 0 ]; then
+    echo "To continue, hit any key."
+    read -n 1 -s -r -p ""
+fi
+
+echo "Starting Vaultwarden installation..."
+
+# Install dependencies
+install_dependencies
+
+# Create vaultwarden user
+create_vaultwarden_user
+
+# Create vaultwarden directory
+sudo mkdir -p /home/vaultwarden
+
+# Extract Vaultwarden
+extract_without_docker
+
+# Create .env file
+create_env_file
+
+# Create systemd service
+create_systemd_service
+
+# Set correct permissions
+sudo chown -R vaultwarden:vaultwarden /home/vaultwarden
+
+# Offer to set up Nginx
+read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer
+if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
+    setup_nginx
+fi
+
+# Enable and start Vaultwarden service
+sudo systemctl enable vaultwarden
+sudo systemctl start vaultwarden
+
+echo "Vaultwarden has been installed, configured, and started."
+echo "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)."
+echo "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well."
+
+# Offer to set up admin panel
+read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer
+if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
+    setup_admin_panel
+    # Restart Vaultwarden to apply changes
+    sudo systemctl restart vaultwarden
+fi
+
+
+if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
+    echo ""
+    echo "IMPORTANT: SSL/HTTPS Setup Instructions"
+    echo "----------------------------------------"
+    echo "1. Ensure you have pointed your domain's A record to this server's IP address."
+    echo "2. Once DNS propagation is complete (this can take up to 48 hours but in most cases it only takes a few minutes), run the following command:"
+    echo "   sudo certbot --nginx -d $DOMAIN"
+    echo "3. Follow the prompts to complete the SSL certificate installation."
+    echo "4. Certbot will automatically modify your Nginx configuration to use HTTPS."
+    echo ""
+    echo "For more information on using Certbot, visit: https://certbot.eff.org/"
+fi
+
+if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
+    echo ""
+    echo "Admin panel has been enabled. You can access it at https://$DOMAIN/admin"
+    echo "Use the password you provided to log in."
+fi