#!/usr/bin/env bash
YW = ` echo "\033[33m" `
RD = ` echo "\033[01;31m" `
BL = ` echo "\033[36m" `
GN = ` echo "\033[1;92m" `
CL = ` echo "\033[m" `
RETRY_NUM = 10
RETRY_EVERY = 3
NUM = $RETRY_NUM
CM = " ${ GN } ✓ ${ CL } "
CROSS = " ${ RD } ✗ ${ CL } "
BFR = "\\r\\033[K"
HOLD = "-"
set -o errexit
set -o errtrace
set -o nounset
set -o pipefail
shopt -s expand_aliases
alias die = 'EXIT=$? LINE=$LINENO error_exit'
trap die ERR
function error_exit( ) {
trap - ERR
local reason = "Unknown failure occurred."
local msg = " ${ 1 :- $reason } "
local flag = " ${ RD } ‼ ERROR ${ CL } $EXIT @ $LINE "
echo -e " $flag $msg " 1>& 2
exit $EXIT
}
function msg_info( ) {
local msg = " $1 "
echo -ne " ${ HOLD } ${ YW } ${ msg } ... "
}
function msg_ok( ) {
local msg = " $1 "
echo -e " ${ BFR } ${ CM } ${ GN } ${ msg } ${ CL } "
}
function msg_error( ) {
local msg = " $1 "
echo -e " ${ BFR } ${ CROSS } ${ RD } ${ msg } ${ CL } "
}
msg_info "Setting up Container OS "
sed -i " / $LANG / s/\(^# \)// " /etc/locale.gen
locale-gen >/dev/null
while [ " $( hostname -I) " = "" ] ; do
1>& 2 echo -en " ${ CROSS } ${ RD } No Network! "
sleep $RETRY_EVERY
( ( NUM--) )
if [ $NUM -eq 0 ]
then
1>& 2 echo -e " ${ CROSS } ${ RD } No Network After $RETRY_NUM Tries ${ CL } "
exit 1
fi
done
msg_ok "Set up Container OS"
msg_ok " Network Connected: ${ BL } $( hostname -I) "
if nc -zw1 8.8.8.8 443; then msg_ok "Internet Connected" ; else msg_error "Internet NOT Connected" ; exit 1; fi ;
RESOLVEDIP = $( nslookup "github.com" | awk -F':' '/^Address: / { matched = 1 } matched { print $2}' | xargs)
if [ [ -z " $RESOLVEDIP " ] ] ; then msg_error "DNS Lookup Failure" ; else msg_ok " DNS Resolved github.com to $RESOLVEDIP " ; fi ;
msg_info "Updating Container OS"
apt-get update & >/dev/null
apt-get -y upgrade & >/dev/null
msg_ok "Updated Container OS"
msg_info "Installing Dependencies"
apt-get update & >/dev/null
apt-get -qqy install \
git \
build-essential \
pkgconf \
libssl-dev \
libmariadb-dev-compat \
libpq-dev \
curl \
sudo & >/dev/null
msg_ok "Installed Dependencies"
WEBVAULT = $( curl -s https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest \
| grep "tag_name" \
| awk '{print substr($2, 2, length($2)-3) }' )
VAULT = $( curl -s https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest \
| grep "tag_name" \
| awk '{print substr($2, 2, length($2)-3) }' )
msg_info "Installing Rust"
curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal & >/dev/null
echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc & >/dev/null
export PATH = ~/.cargo/bin:$PATH & >/dev/null
which rustc & >/dev/null
msg_ok "Installed Rust"
msg_info " Building Vaultwarden ${ VAULT } (Patience) "
git clone https://github.com/dani-garcia/vaultwarden & >/dev/null
cd vaultwarden
cargo build --features "sqlite,mysql,postgresql" --release & >/dev/null
msg_ok " Built Vaultwarden ${ VAULT } "
addgroup --system vaultwarden & >/dev/null
adduser --system --home /opt/vaultwarden --shell /usr/sbin/nologin --no-create-home --gecos 'vaultwarden' --ingroup vaultwarden --disabled-login --disabled-password vaultwarden & >/dev/null
mkdir -p /opt/vaultwarden/bin
mkdir -p /opt/vaultwarden/data
cp target/release/vaultwarden /opt/vaultwarden/bin/
msg_info " Downloading Web-Vault ${ WEBVAULT } "
curl -fsSLO https://github.com/dani-garcia/bw_web_builds/releases/download/$WEBVAULT /bw_web_$WEBVAULT .tar.gz & >/dev/null
tar -xzf bw_web_$WEBVAULT .tar.gz -C /opt/vaultwarden/ & >/dev/null
msg_ok " Downloaded Web-Vault ${ WEBVAULT } "
cat <<EOF > /opt/vaultwarden/.env
ADMIN_TOKEN = $( openssl rand -base64 48)
ROCKET_ADDRESS = 0.0.0.0
DATA_FOLDER = /opt/vaultwarden/data
DATABASE_MAX_CONNS = 10
WEB_VAULT_FOLDER = /opt/vaultwarden/web-vault
WEB_VAULT_ENABLED = true
EOF
msg_info "Creating Service"
chown -R vaultwarden:vaultwarden /opt/vaultwarden/
chown root:root /opt/vaultwarden/bin/vaultwarden
chmod +x /opt/vaultwarden/bin/vaultwarden
chown -R root:root /opt/vaultwarden/web-vault/
chmod +r /opt/vaultwarden/.env
service_path = "/etc/systemd/system/vaultwarden.service" & >/dev/null
echo " [Unit]
Description = Bitwarden Server ( Powered by Vaultwarden)
Documentation = https://github.com/dani-garcia/vaultwarden
After = network.target
[ Service]
User = vaultwarden
Group = vaultwarden
EnvironmentFile = -/opt/vaultwarden/.env
ExecStart = /opt/vaultwarden/bin/vaultwarden
LimitNOFILE = 65535
LimitNPROC = 4096
PrivateTmp = true
PrivateDevices = true
ProtectHome = true
ProtectSystem = strict
DevicePolicy = closed
ProtectControlGroups = yes
ProtectKernelModules = yes
ProtectKernelTunables = yes
RestrictNamespaces = yes
RestrictRealtime = yes
MemoryDenyWriteExecute = yes
LockPersonality = yes
WorkingDirectory = /opt/vaultwarden
ReadWriteDirectories = /opt/vaultwarden/data
AmbientCapabilities = CAP_NET_BIND_SERVICE
[ Install]
WantedBy = multi-user.target" > $service_path
systemctl daemon-reload
systemctl enable --now vaultwarden.service & >/dev/null
msg_ok "Created Service"
PASS = $( grep -w "root" /etc/shadow | cut -b6) ;
if [ [ $PASS != $ ] ] ; then
msg_info "Customizing Container"
rm /etc/motd
rm /etc/update-motd.d/10-uname
touch ~/.hushlogin
GETTY_OVERRIDE = "/etc/systemd/system/container-getty@1.service.d/override.conf"
mkdir -p $( dirname $GETTY_OVERRIDE )
cat << EOF > $GE TTY_OVERRIDE
[ Service]
ExecStart =
ExecStart = -/sbin/agetty --autologin root --noclear --keep-baud tty%I 115200,38400,9600 \$ TERM
EOF
systemctl daemon-reload
systemctl restart $( basename $( dirname $GETTY_OVERRIDE ) | sed 's/\.d//' )
msg_ok "Customized Container"
fi
msg_info "Cleaning up"
apt-get autoremove >/dev/null
apt-get autoclean >/dev/null
rm -rf /var/{ cache,log} /* /var/lib/apt/lists/*
msg_ok "Cleaned"
