#!/bin/bash # Check if script is run as root if [ "$EUID" -ne 0 ]; then echo "This script must be run as root. Please use sudo or run as root." exit 1 fi # Function to install necessary packages install_dependencies() { echo "Installing necessary packages..." sudo apt update && apt upgrade -y sudo apt install -y wget curl sudo } # Function to create vaultwarden user if it doesn't exist create_vaultwarden_user() { if ! command -v useradd &> /dev/null; then echo "useradd command not found. Installing..." sudo apt install -y passwd fi if ! id "vaultwarden" &>/dev/null; then echo "Creating vaultwarden user..." sudo useradd -r -s /bin/false vaultwarden echo "Vaultwarden user created." else echo "Vaultwarden user already exists." fi } # Function to extract without Docker extract_without_docker() { echo "Extracting binaries without Docker..." mkdir -p vw-image cd vw-image if ! wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract; then echo "Failed to download docker-image-extract script. Exiting." exit 1 fi chmod +x docker-image-extract if ! ./docker-image-extract vaultwarden/server:latest-alpine; then echo "Failed to extract Vaultwarden image. Exiting." exit 1 fi sudo mv output/vaultwarden /home/vaultwarden/ || { echo "Failed to move vaultwarden binary. Exiting."; exit 1; } sudo mv output/web-vault /home/vaultwarden/ || { echo "Failed to move web-vault. Exiting."; exit 1; } cd .. rm -rf vw-image sudo mkdir -p /home/vaultwarden/data echo "Extraction complete." } # Create systemd service file create_systemd_service() { sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF [Unit] Description=Vaultwarden Server After=network.target [Service] User=vaultwarden Group=vaultwarden ExecStart=/home/vaultwarden/vaultwarden WorkingDirectory=/home/vaultwarden EnvironmentFile=/home/vaultwarden/.env [Install] WantedBy=multi-user.target EOF } # Function to create .env file create_env_file() { echo "Setting up Vaultwarden configuration..." read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN sudo tee /home/vaultwarden/.env > /dev/null << EOF DOMAIN=https://$DOMAIN ROCKET_PORT=8000 DATA_FOLDER=/home/vaultwarden/data WEB_VAULT_FOLDER=/home/vaultwarden/web-vault EOF sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env sudo chmod 600 /home/vaultwarden/.env } # Function to install Certbot install_certbot() { echo "Installing Certbot..." sudo apt update sudo apt install -y snapd sudo snap install core sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot } # Function to set up Nginx setup_nginx() { if ! command -v nginx &> /dev/null; then echo "Nginx not found. Installing..." sudo apt update && sudo apt install -y nginx fi sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF server { listen 80; server_name $DOMAIN; location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; } } EOF sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/ # Install Certbot before testing Nginx configuration install_certbot # Now test and reload Nginx sudo nginx -t && sudo systemctl reload nginx echo "Nginx configured." }install_certbot() { if ! command -v certbot &> /dev/null; then echo "Installing Certbot..." sudo apt update sudo apt install -y certbot python3-certbot-nginx else echo "Certbot is already installed." fi } # Function to set up admin panel setup_admin_panel() { echo "Setting up admin panel..." # Install argon2 if not already installed if ! command -v argon2 &> /dev/null; then echo "Installing argon2..." sudo apt update sudo apt install -y argon2 fi # Prompt for admin password read -sp "Enter the admin password: " admin_password echo # Generate argon2 hash admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4) # Append admin token to .env file echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null echo "Admin panel has been enabled." } # Main script starts here # Welcome Message cat <<"EOF" ! ! ███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗ ! ██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝ ! ███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝ ! ╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗ ! ███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗ ! ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ ! EOF echo "Thanks for using Enki's Vault Warden script" echo "This script will install Vault Warden and add it to the system files so it can start at boot." echo "This also sets up Nginx for your domain as an option." if [ -t 0 ]; then echo "To continue, hit any key." read -n 1 -s -r -p "" fi echo "Starting Vaultwarden installation..." # Install dependencies install_dependencies # Create vaultwarden user create_vaultwarden_user # Create vaultwarden directory sudo mkdir -p /home/vaultwarden # Extract Vaultwarden extract_without_docker # Create .env file create_env_file # Create systemd service create_systemd_service # Set correct permissions sudo chown -R vaultwarden:vaultwarden /home/vaultwarden # Offer to set up Nginx read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then setup_nginx fi # Enable and start Vaultwarden service sudo systemctl enable vaultwarden sudo systemctl start vaultwarden echo "Vaultwarden has been installed, configured, and started." echo "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)." echo "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well." # Offer to set up admin panel read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then setup_admin_panel # Restart Vaultwarden to apply changes sudo systemctl restart vaultwarden fi if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then echo "" echo "IMPORTANT: SSL/HTTPS Setup Instructions" echo "----------------------------------------" echo "1. Ensure you have pointed your domain's A record to this server's IP address." echo "2. Once DNS propagation is complete (this can take up to 48 hours but in most cases it only takes a few minutes), run the following command:" echo " sudo certbot --nginx -d $DOMAIN" echo "3. Follow the prompts to complete the SSL certificate installation." echo "4. Certbot will automatically modify your Nginx configuration to use HTTPS." echo "" echo "For more information on using Certbot, visit: https://certbot.eff.org/" fi if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then echo "" echo "Admin panel has been enabled. You can access it at https://$DOMAIN/admin" echo "Use the password you provided to log in." fi