diff options
author | Marcin Deranek <marcin.deranek@slonko.net> | 2021-04-30 10:48:58 +0200 |
---|---|---|
committer | Marcin Deranek <marcin.deranek@slonko.net> | 2021-04-30 10:48:58 +0200 |
commit | d8d6bd4dc3f8b19dea4396fa8d495725c69e02e5 (patch) | |
tree | b694e75e07d64ca3160d77dd621e3fb3b93ea554 /app-admin/vaultwarden/files | |
parent | 02b64cba610262c2e99086473eb56cdf358671a1 (diff) | |
download | portage-d8d6bd4dc3f8b19dea4396fa8d495725c69e02e5.tar.gz portage-d8d6bd4dc3f8b19dea4396fa8d495725c69e02e5.tar.bz2 portage-d8d6bd4dc3f8b19dea4396fa8d495725c69e02e5.zip |
Added vaultwarden
Diffstat (limited to 'app-admin/vaultwarden/files')
-rw-r--r-- | app-admin/vaultwarden/files/conf | 9 | ||||
-rw-r--r-- | app-admin/vaultwarden/files/init | 13 | ||||
-rw-r--r-- | app-admin/vaultwarden/files/vaultwarden | 16 | ||||
-rw-r--r-- | app-admin/vaultwarden/files/vaultwarden.service | 37 |
4 files changed, 75 insertions, 0 deletions
diff --git a/app-admin/vaultwarden/files/conf b/app-admin/vaultwarden/files/conf new file mode 100644 index 0000000..3928906 --- /dev/null +++ b/app-admin/vaultwarden/files/conf @@ -0,0 +1,9 @@ +# /etc/conf.d/vaultwarden: config file for /etc/init.d/vaultwarden +# vim: set filetype=gentoo-conf-d: + +# User and group +VAULTWARDEN_USER="vaultwarden" +VAULTWARDEN_GROUP="vaultwarden" + +# Environment config file (will be sourced) +VAULTWARDEN_CONFIG="/etc/vaultwarden.env" diff --git a/app-admin/vaultwarden/files/init b/app-admin/vaultwarden/files/init new file mode 100644 index 0000000..66fd2ea --- /dev/null +++ b/app-admin/vaultwarden/files/init @@ -0,0 +1,13 @@ +#!/sbin/openrc-run +# Copyright 1999-2021 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/var/lib/vaultwarden/vaultwarden" +pidfile="/run/vaultwarden.pid" +description="Unofficial Vaultwarden compatible server written in Rust" +start_stop_daemon_args="--env VAULTWARDEN_CONFIG=$VAULTWARDEN_CONFIG --user ${VAULTWARDEN_USER} --group ${VAULTWARDEN_GROUP} --pidfile ${pidfile} --make-pidfile --background" + +depend() { + need net + use mysql postgresql +} diff --git a/app-admin/vaultwarden/files/vaultwarden b/app-admin/vaultwarden/files/vaultwarden new file mode 100644 index 0000000..8400dfb --- /dev/null +++ b/app-admin/vaultwarden/files/vaultwarden @@ -0,0 +1,16 @@ +#!/bin/bash + +# Load config +set -o allexport +source "$VAULTWARDEN_CONFIG" +set +o allexport + +# Create data dir +cd /var/lib/vaultwarden +mkdir -p "${DATA_FOLDER:-data}" + +# Use default web vault folder +export WEB_VAULT_FOLDER="${WEB_VAULT_FOLDER:-"/usr/share/vaultwarden-web-vault/htdocs"}" + +# Exec vaultwarden +exec /usr/bin/vaultwarden diff --git a/app-admin/vaultwarden/files/vaultwarden.service b/app-admin/vaultwarden/files/vaultwarden.service new file mode 100644 index 0000000..12ba0d4 --- /dev/null +++ b/app-admin/vaultwarden/files/vaultwarden.service @@ -0,0 +1,37 @@ +[Unit] +Description=Unofficial Bitwarden compatible server written in Rust +Documentation=https://github.com/dani-garcia/vaultwarden +After=network.target mariadb.service mysqld.service postgresql.service + +[Service] +User=vaultwarden +Group=vaultwarden +Environment="WEB_VAULT_FOLDER=/usr/share/vaultwarden-web-vault/htdocs" +EnvironmentFile=/etc/vaultwarden.env +ExecStart=/usr/bin/vaultwarden + +LimitNOFILE=1048576 +LimitNPROC=256 + +PrivateTmp=true +PrivateDevices=true +ProtectHome=true +ProtectSystem=strict +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectControlGroups=yes + +RestrictNamespaces=yes + +SystemCallArchitectures=native +SystemCallFilter=@system-service +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 + +WorkingDirectory=/var/lib/vaultwarden +ReadWriteDirectories=/var/lib/vaultwarden +# Allow vaultwarden to bind ports in the range of 0-1024 +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target |