Compare commits
2 Commits
2704f37c41
...
e26b6c45a0
Author | SHA1 | Date | |
---|---|---|---|
e26b6c45a0 | |||
c92824b073 |
251
Personal Server Scripts/vaultwarden.sh
Normal file
251
Personal Server Scripts/vaultwarden.sh
Normal file
@ -0,0 +1,251 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Check if script is run as root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "This script must be run as root. Please use sudo or run as root."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Function to install necessary packages
|
||||
install_dependencies() {
|
||||
echo "Installing necessary packages..."
|
||||
sudo apt update && apt upgrade -y
|
||||
sudo apt install -y wget curl sudo
|
||||
}
|
||||
|
||||
# Function to create vaultwarden user if it doesn't exist
|
||||
create_vaultwarden_user() {
|
||||
if ! command -v useradd &> /dev/null; then
|
||||
echo "useradd command not found. Installing..."
|
||||
sudo apt install -y passwd
|
||||
fi
|
||||
|
||||
if ! id "vaultwarden" &>/dev/null; then
|
||||
echo "Creating vaultwarden user..."
|
||||
sudo useradd -r -s /bin/false vaultwarden
|
||||
echo "Vaultwarden user created."
|
||||
else
|
||||
echo "Vaultwarden user already exists."
|
||||
fi
|
||||
}
|
||||
|
||||
# Function to extract without Docker
|
||||
extract_without_docker() {
|
||||
echo "Extracting binaries without Docker..."
|
||||
mkdir -p vw-image
|
||||
cd vw-image
|
||||
if ! wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract; then
|
||||
echo "Failed to download docker-image-extract script. Exiting."
|
||||
exit 1
|
||||
fi
|
||||
chmod +x docker-image-extract
|
||||
if ! ./docker-image-extract vaultwarden/server:latest-alpine; then
|
||||
echo "Failed to extract Vaultwarden image. Exiting."
|
||||
exit 1
|
||||
fi
|
||||
sudo mv output/vaultwarden /home/vaultwarden/ || { echo "Failed to move vaultwarden binary. Exiting."; exit 1; }
|
||||
sudo mv output/web-vault /home/vaultwarden/ || { echo "Failed to move web-vault. Exiting."; exit 1; }
|
||||
cd ..
|
||||
rm -rf vw-image
|
||||
sudo mkdir -p /home/vaultwarden/data
|
||||
echo "Extraction complete."
|
||||
}
|
||||
|
||||
# Create systemd service file
|
||||
create_systemd_service() {
|
||||
sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF
|
||||
[Unit]
|
||||
Description=Vaultwarden Server
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=vaultwarden
|
||||
Group=vaultwarden
|
||||
ExecStart=/home/vaultwarden/vaultwarden
|
||||
WorkingDirectory=/home/vaultwarden
|
||||
EnvironmentFile=/home/vaultwarden/.env
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
}
|
||||
|
||||
# Function to create .env file
|
||||
create_env_file() {
|
||||
echo "Setting up Vaultwarden configuration..."
|
||||
read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN
|
||||
|
||||
sudo tee /home/vaultwarden/.env > /dev/null << EOF
|
||||
DOMAIN=https://$DOMAIN
|
||||
ROCKET_PORT=8000
|
||||
DATA_FOLDER=/home/vaultwarden/data
|
||||
WEB_VAULT_FOLDER=/home/vaultwarden/web-vault
|
||||
EOF
|
||||
|
||||
sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env
|
||||
sudo chmod 600 /home/vaultwarden/.env
|
||||
}
|
||||
|
||||
# Function to install Certbot
|
||||
install_certbot() {
|
||||
echo "Installing Certbot..."
|
||||
sudo apt update
|
||||
sudo apt install -y snapd
|
||||
sudo snap install core
|
||||
sudo snap refresh core
|
||||
sudo snap install --classic certbot
|
||||
sudo ln -s /snap/bin/certbot /usr/bin/certbot
|
||||
}
|
||||
|
||||
# Function to set up Nginx
|
||||
setup_nginx() {
|
||||
if ! command -v nginx &> /dev/null; then
|
||||
echo "Nginx not found. Installing..."
|
||||
sudo apt update && sudo apt install -y nginx
|
||||
fi
|
||||
|
||||
sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF
|
||||
server {
|
||||
listen 80;
|
||||
server_name $DOMAIN;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8000;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/
|
||||
|
||||
# Install Certbot before testing Nginx configuration
|
||||
install_certbot
|
||||
|
||||
# Now test and reload Nginx
|
||||
sudo nginx -t && sudo systemctl reload nginx
|
||||
|
||||
echo "Nginx configured."
|
||||
}install_certbot() {
|
||||
if ! command -v certbot &> /dev/null; then
|
||||
echo "Installing Certbot..."
|
||||
sudo apt update
|
||||
sudo apt install -y certbot python3-certbot-nginx
|
||||
else
|
||||
echo "Certbot is already installed."
|
||||
fi
|
||||
}
|
||||
|
||||
# Function to set up admin panel
|
||||
setup_admin_panel() {
|
||||
echo "Setting up admin panel..."
|
||||
|
||||
# Install argon2 if not already installed
|
||||
if ! command -v argon2 &> /dev/null; then
|
||||
echo "Installing argon2..."
|
||||
sudo apt update
|
||||
sudo apt install -y argon2
|
||||
fi
|
||||
|
||||
# Prompt for admin password
|
||||
read -sp "Enter the admin password: " admin_password
|
||||
echo
|
||||
|
||||
# Generate argon2 hash
|
||||
admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4)
|
||||
|
||||
# Append admin token to .env file
|
||||
echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null
|
||||
echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null
|
||||
|
||||
echo "Admin panel has been enabled."
|
||||
}
|
||||
|
||||
# Main script starts here
|
||||
|
||||
# Welcome Message
|
||||
cat <<"EOF"
|
||||
!
|
||||
! ███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗
|
||||
! ██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
|
||||
! ███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝
|
||||
! ╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗
|
||||
! ███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗
|
||||
! ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
|
||||
!
|
||||
EOF
|
||||
|
||||
echo "Thanks for using Enki's Vault Warden script"
|
||||
echo "This script will install Vault Warden and add it to the system files so it can start at boot."
|
||||
echo "This also sets up Nginx for your domain as an option."
|
||||
if [ -t 0 ]; then
|
||||
echo "To continue, hit any key."
|
||||
read -n 1 -s -r -p ""
|
||||
fi
|
||||
|
||||
echo "Starting Vaultwarden installation..."
|
||||
|
||||
# Install dependencies
|
||||
install_dependencies
|
||||
|
||||
# Create vaultwarden user
|
||||
create_vaultwarden_user
|
||||
|
||||
# Create vaultwarden directory
|
||||
sudo mkdir -p /home/vaultwarden
|
||||
|
||||
# Extract Vaultwarden
|
||||
extract_without_docker
|
||||
|
||||
# Create .env file
|
||||
create_env_file
|
||||
|
||||
# Create systemd service
|
||||
create_systemd_service
|
||||
|
||||
# Set correct permissions
|
||||
sudo chown -R vaultwarden:vaultwarden /home/vaultwarden
|
||||
|
||||
# Offer to set up Nginx
|
||||
read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer
|
||||
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
|
||||
setup_nginx
|
||||
fi
|
||||
|
||||
# Enable and start Vaultwarden service
|
||||
sudo systemctl enable vaultwarden
|
||||
sudo systemctl start vaultwarden
|
||||
|
||||
echo "Vaultwarden has been installed, configured, and started."
|
||||
echo "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)."
|
||||
echo "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well."
|
||||
|
||||
# Offer to set up admin panel
|
||||
read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer
|
||||
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
|
||||
setup_admin_panel
|
||||
# Restart Vaultwarden to apply changes
|
||||
sudo systemctl restart vaultwarden
|
||||
fi
|
||||
|
||||
|
||||
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
|
||||
echo ""
|
||||
echo "IMPORTANT: SSL/HTTPS Setup Instructions"
|
||||
echo "----------------------------------------"
|
||||
echo "1. Ensure you have pointed your domain's A record to this server's IP address."
|
||||
echo "2. Once DNS propagation is complete (this can take up to 48 hours but in most cases it only takes a few minutes), run the following command:"
|
||||
echo " sudo certbot --nginx -d $DOMAIN"
|
||||
echo "3. Follow the prompts to complete the SSL certificate installation."
|
||||
echo "4. Certbot will automatically modify your Nginx configuration to use HTTPS."
|
||||
echo ""
|
||||
echo "For more information on using Certbot, visit: https://certbot.eff.org/"
|
||||
fi
|
||||
|
||||
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
|
||||
echo ""
|
||||
echo "Admin panel has been enabled. You can access it at https://$DOMAIN/admin"
|
||||
echo "Use the password you provided to log in."
|
||||
fi
|
14
README.md
14
README.md
@ -39,11 +39,19 @@ If Git is installed use :
|
||||
`cd folder_name`\
|
||||
`sudo ./script_name.sh`
|
||||
|
||||
--------------------------------------
|
||||
## Scripts |
|
||||
### List of scripts and what they do |
|
||||
--------------------------------------
|
||||
|
||||
## Scripts
|
||||
### List of scripts and what they do.
|
||||
------------
|
||||
## Bitcoin |
|
||||
------------
|
||||
### coreinstall.sh
|
||||
- This script walks the user through the process of installing TOR, I2P, and Bitcoin Core plus configures Core to use whatever network is installed.
|
||||
|
||||
|
||||
----------------------
|
||||
### Personal Server |
|
||||
----------------------
|
||||
### Vault Warden
|
||||
- Installes and configures Vault Warden. Will also install nginx, certbot and add Vault Warden to systemd for easy managment.
|
Loading…
Reference in New Issue
Block a user