Compare commits
2 Commits
2704f37c41
...
e26b6c45a0
Author | SHA1 | Date | |
---|---|---|---|
e26b6c45a0 | |||
c92824b073 |
251
Personal Server Scripts/vaultwarden.sh
Normal file
251
Personal Server Scripts/vaultwarden.sh
Normal file
@ -0,0 +1,251 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Check if script is run as root
|
||||||
|
if [ "$EUID" -ne 0 ]; then
|
||||||
|
echo "This script must be run as root. Please use sudo or run as root."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Function to install necessary packages
|
||||||
|
install_dependencies() {
|
||||||
|
echo "Installing necessary packages..."
|
||||||
|
sudo apt update && apt upgrade -y
|
||||||
|
sudo apt install -y wget curl sudo
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to create vaultwarden user if it doesn't exist
|
||||||
|
create_vaultwarden_user() {
|
||||||
|
if ! command -v useradd &> /dev/null; then
|
||||||
|
echo "useradd command not found. Installing..."
|
||||||
|
sudo apt install -y passwd
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! id "vaultwarden" &>/dev/null; then
|
||||||
|
echo "Creating vaultwarden user..."
|
||||||
|
sudo useradd -r -s /bin/false vaultwarden
|
||||||
|
echo "Vaultwarden user created."
|
||||||
|
else
|
||||||
|
echo "Vaultwarden user already exists."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to extract without Docker
|
||||||
|
extract_without_docker() {
|
||||||
|
echo "Extracting binaries without Docker..."
|
||||||
|
mkdir -p vw-image
|
||||||
|
cd vw-image
|
||||||
|
if ! wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract; then
|
||||||
|
echo "Failed to download docker-image-extract script. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
chmod +x docker-image-extract
|
||||||
|
if ! ./docker-image-extract vaultwarden/server:latest-alpine; then
|
||||||
|
echo "Failed to extract Vaultwarden image. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
sudo mv output/vaultwarden /home/vaultwarden/ || { echo "Failed to move vaultwarden binary. Exiting."; exit 1; }
|
||||||
|
sudo mv output/web-vault /home/vaultwarden/ || { echo "Failed to move web-vault. Exiting."; exit 1; }
|
||||||
|
cd ..
|
||||||
|
rm -rf vw-image
|
||||||
|
sudo mkdir -p /home/vaultwarden/data
|
||||||
|
echo "Extraction complete."
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create systemd service file
|
||||||
|
create_systemd_service() {
|
||||||
|
sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF
|
||||||
|
[Unit]
|
||||||
|
Description=Vaultwarden Server
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=vaultwarden
|
||||||
|
Group=vaultwarden
|
||||||
|
ExecStart=/home/vaultwarden/vaultwarden
|
||||||
|
WorkingDirectory=/home/vaultwarden
|
||||||
|
EnvironmentFile=/home/vaultwarden/.env
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to create .env file
|
||||||
|
create_env_file() {
|
||||||
|
echo "Setting up Vaultwarden configuration..."
|
||||||
|
read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN
|
||||||
|
|
||||||
|
sudo tee /home/vaultwarden/.env > /dev/null << EOF
|
||||||
|
DOMAIN=https://$DOMAIN
|
||||||
|
ROCKET_PORT=8000
|
||||||
|
DATA_FOLDER=/home/vaultwarden/data
|
||||||
|
WEB_VAULT_FOLDER=/home/vaultwarden/web-vault
|
||||||
|
EOF
|
||||||
|
|
||||||
|
sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env
|
||||||
|
sudo chmod 600 /home/vaultwarden/.env
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to install Certbot
|
||||||
|
install_certbot() {
|
||||||
|
echo "Installing Certbot..."
|
||||||
|
sudo apt update
|
||||||
|
sudo apt install -y snapd
|
||||||
|
sudo snap install core
|
||||||
|
sudo snap refresh core
|
||||||
|
sudo snap install --classic certbot
|
||||||
|
sudo ln -s /snap/bin/certbot /usr/bin/certbot
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to set up Nginx
|
||||||
|
setup_nginx() {
|
||||||
|
if ! command -v nginx &> /dev/null; then
|
||||||
|
echo "Nginx not found. Installing..."
|
||||||
|
sudo apt update && sudo apt install -y nginx
|
||||||
|
fi
|
||||||
|
|
||||||
|
sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name $DOMAIN;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:8000;
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
proxy_set_header X-Real-IP \$remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/
|
||||||
|
|
||||||
|
# Install Certbot before testing Nginx configuration
|
||||||
|
install_certbot
|
||||||
|
|
||||||
|
# Now test and reload Nginx
|
||||||
|
sudo nginx -t && sudo systemctl reload nginx
|
||||||
|
|
||||||
|
echo "Nginx configured."
|
||||||
|
}install_certbot() {
|
||||||
|
if ! command -v certbot &> /dev/null; then
|
||||||
|
echo "Installing Certbot..."
|
||||||
|
sudo apt update
|
||||||
|
sudo apt install -y certbot python3-certbot-nginx
|
||||||
|
else
|
||||||
|
echo "Certbot is already installed."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to set up admin panel
|
||||||
|
setup_admin_panel() {
|
||||||
|
echo "Setting up admin panel..."
|
||||||
|
|
||||||
|
# Install argon2 if not already installed
|
||||||
|
if ! command -v argon2 &> /dev/null; then
|
||||||
|
echo "Installing argon2..."
|
||||||
|
sudo apt update
|
||||||
|
sudo apt install -y argon2
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Prompt for admin password
|
||||||
|
read -sp "Enter the admin password: " admin_password
|
||||||
|
echo
|
||||||
|
|
||||||
|
# Generate argon2 hash
|
||||||
|
admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4)
|
||||||
|
|
||||||
|
# Append admin token to .env file
|
||||||
|
echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null
|
||||||
|
echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null
|
||||||
|
|
||||||
|
echo "Admin panel has been enabled."
|
||||||
|
}
|
||||||
|
|
||||||
|
# Main script starts here
|
||||||
|
|
||||||
|
# Welcome Message
|
||||||
|
cat <<"EOF"
|
||||||
|
!
|
||||||
|
! ███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗
|
||||||
|
! ██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
|
||||||
|
! ███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝
|
||||||
|
! ╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗
|
||||||
|
! ███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗
|
||||||
|
! ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
|
||||||
|
!
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Thanks for using Enki's Vault Warden script"
|
||||||
|
echo "This script will install Vault Warden and add it to the system files so it can start at boot."
|
||||||
|
echo "This also sets up Nginx for your domain as an option."
|
||||||
|
if [ -t 0 ]; then
|
||||||
|
echo "To continue, hit any key."
|
||||||
|
read -n 1 -s -r -p ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Starting Vaultwarden installation..."
|
||||||
|
|
||||||
|
# Install dependencies
|
||||||
|
install_dependencies
|
||||||
|
|
||||||
|
# Create vaultwarden user
|
||||||
|
create_vaultwarden_user
|
||||||
|
|
||||||
|
# Create vaultwarden directory
|
||||||
|
sudo mkdir -p /home/vaultwarden
|
||||||
|
|
||||||
|
# Extract Vaultwarden
|
||||||
|
extract_without_docker
|
||||||
|
|
||||||
|
# Create .env file
|
||||||
|
create_env_file
|
||||||
|
|
||||||
|
# Create systemd service
|
||||||
|
create_systemd_service
|
||||||
|
|
||||||
|
# Set correct permissions
|
||||||
|
sudo chown -R vaultwarden:vaultwarden /home/vaultwarden
|
||||||
|
|
||||||
|
# Offer to set up Nginx
|
||||||
|
read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer
|
||||||
|
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
|
||||||
|
setup_nginx
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Enable and start Vaultwarden service
|
||||||
|
sudo systemctl enable vaultwarden
|
||||||
|
sudo systemctl start vaultwarden
|
||||||
|
|
||||||
|
echo "Vaultwarden has been installed, configured, and started."
|
||||||
|
echo "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)."
|
||||||
|
echo "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well."
|
||||||
|
|
||||||
|
# Offer to set up admin panel
|
||||||
|
read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer
|
||||||
|
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
|
||||||
|
setup_admin_panel
|
||||||
|
# Restart Vaultwarden to apply changes
|
||||||
|
sudo systemctl restart vaultwarden
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
|
||||||
|
echo ""
|
||||||
|
echo "IMPORTANT: SSL/HTTPS Setup Instructions"
|
||||||
|
echo "----------------------------------------"
|
||||||
|
echo "1. Ensure you have pointed your domain's A record to this server's IP address."
|
||||||
|
echo "2. Once DNS propagation is complete (this can take up to 48 hours but in most cases it only takes a few minutes), run the following command:"
|
||||||
|
echo " sudo certbot --nginx -d $DOMAIN"
|
||||||
|
echo "3. Follow the prompts to complete the SSL certificate installation."
|
||||||
|
echo "4. Certbot will automatically modify your Nginx configuration to use HTTPS."
|
||||||
|
echo ""
|
||||||
|
echo "For more information on using Certbot, visit: https://certbot.eff.org/"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
|
||||||
|
echo ""
|
||||||
|
echo "Admin panel has been enabled. You can access it at https://$DOMAIN/admin"
|
||||||
|
echo "Use the password you provided to log in."
|
||||||
|
fi
|
14
README.md
14
README.md
@ -39,11 +39,19 @@ If Git is installed use :
|
|||||||
`cd folder_name`\
|
`cd folder_name`\
|
||||||
`sudo ./script_name.sh`
|
`sudo ./script_name.sh`
|
||||||
|
|
||||||
|
--------------------------------------
|
||||||
|
## Scripts |
|
||||||
|
### List of scripts and what they do |
|
||||||
|
--------------------------------------
|
||||||
|
|
||||||
## Scripts
|
------------
|
||||||
### List of scripts and what they do.
|
## Bitcoin |
|
||||||
------------
|
------------
|
||||||
### coreinstall.sh
|
### coreinstall.sh
|
||||||
- This script walks the user through the process of installing TOR, I2P, and Bitcoin Core plus configures Core to use whatever network is installed.
|
- This script walks the user through the process of installing TOR, I2P, and Bitcoin Core plus configures Core to use whatever network is installed.
|
||||||
|
|
||||||
|
----------------------
|
||||||
|
### Personal Server |
|
||||||
|
----------------------
|
||||||
|
### Vault Warden
|
||||||
|
- Installes and configures Vault Warden. Will also install nginx, certbot and add Vault Warden to systemd for easy managment.
|
Loading…
Reference in New Issue
Block a user