diff options
Diffstat (limited to 'app-admin/vaultwarden/files')
-rw-r--r-- | app-admin/vaultwarden/files/conf | 9 | ||||
-rw-r--r-- | app-admin/vaultwarden/files/init | 13 | ||||
-rw-r--r-- | app-admin/vaultwarden/files/vaultwarden | 16 | ||||
-rw-r--r-- | app-admin/vaultwarden/files/vaultwarden.service | 50 |
4 files changed, 88 insertions, 0 deletions
diff --git a/app-admin/vaultwarden/files/conf b/app-admin/vaultwarden/files/conf new file mode 100644 index 0000000..3928906 --- /dev/null +++ b/app-admin/vaultwarden/files/conf @@ -0,0 +1,9 @@ +# /etc/conf.d/vaultwarden: config file for /etc/init.d/vaultwarden +# vim: set filetype=gentoo-conf-d: + +# User and group +VAULTWARDEN_USER="vaultwarden" +VAULTWARDEN_GROUP="vaultwarden" + +# Environment config file (will be sourced) +VAULTWARDEN_CONFIG="/etc/vaultwarden.env" diff --git a/app-admin/vaultwarden/files/init b/app-admin/vaultwarden/files/init new file mode 100644 index 0000000..66fd2ea --- /dev/null +++ b/app-admin/vaultwarden/files/init @@ -0,0 +1,13 @@ +#!/sbin/openrc-run +# Copyright 1999-2021 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/var/lib/vaultwarden/vaultwarden" +pidfile="/run/vaultwarden.pid" +description="Unofficial Vaultwarden compatible server written in Rust" +start_stop_daemon_args="--env VAULTWARDEN_CONFIG=$VAULTWARDEN_CONFIG --user ${VAULTWARDEN_USER} --group ${VAULTWARDEN_GROUP} --pidfile ${pidfile} --make-pidfile --background" + +depend() { + need net + use mysql postgresql +} diff --git a/app-admin/vaultwarden/files/vaultwarden b/app-admin/vaultwarden/files/vaultwarden new file mode 100644 index 0000000..8400dfb --- /dev/null +++ b/app-admin/vaultwarden/files/vaultwarden @@ -0,0 +1,16 @@ +#!/bin/bash + +# Load config +set -o allexport +source "$VAULTWARDEN_CONFIG" +set +o allexport + +# Create data dir +cd /var/lib/vaultwarden +mkdir -p "${DATA_FOLDER:-data}" + +# Use default web vault folder +export WEB_VAULT_FOLDER="${WEB_VAULT_FOLDER:-"/usr/share/vaultwarden-web-vault/htdocs"}" + +# Exec vaultwarden +exec /usr/bin/vaultwarden diff --git a/app-admin/vaultwarden/files/vaultwarden.service b/app-admin/vaultwarden/files/vaultwarden.service new file mode 100644 index 0000000..4b6cbfc --- /dev/null +++ b/app-admin/vaultwarden/files/vaultwarden.service @@ -0,0 +1,50 @@ +[Unit] +Description=Unofficial Bitwarden compatible server written in Rust +Documentation=https://github.com/dani-garcia/vaultwarden +After=network.target mariadb.service mysqld.service postgresql.service + +[Service] +ExecStart=/usr/bin/vaultwarden +WorkingDirectory=/var/lib/vaultwarden +User=vaultwarden +Group=vaultwarden + +# Allow vaultwarden to bind ports in the range of 0-1024 +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE + +NoNewPrivileges=yes + +LimitNOFILE=1048576 +UMask=0077 +LimitNPROC=64 + +ProtectSystem=strict +ProtectHome=true +ReadWriteDirectories=/var/lib/vaultwarden +PrivateUsers=yes +PrivateTmp=true +PrivateDevices=true +ProtectHostname=yes +ProtectClock=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectKernelLogs=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RemoveIPC=yes + +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallArchitectures=native + +Environment="WEB_VAULT_FOLDER=/usr/share/vaultwarden-web-vault/htdocs" +EnvironmentFile=/etc/vaultwarden.env + +[Install] +WantedBy=multi-user.target |