diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b8dc69c..58af261 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,6 +34,6 @@ jobs: docker rm -v "$id" tar -cvf vaultwarden-"$arch2".tar.gz "$arch2/vaultwarden" "$arch2/web-vault" done - gh release create "$latestVersion" --repo "$GITHUB_REPOSITORY" --notes "Update to [$latestVersion](https://github.com/dani-garcia/vaultwarden/releases/tag/$latestVersion)" *.tar.gz + gh release create "$latestVersion" --title "$latestVersion" --repo "$GITHUB_REPOSITORY" --notes "Update to [$latestVersion](https://github.com/dani-garcia/vaultwarden/releases/tag/$latestVersion)" *.tar.gz env: GH_TOKEN: ${{ github.token }} diff --git a/README.md b/README.md index 21f0fcc..9e20070 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,62 @@ -# VaultWarden Binary +# Vaultwarden Binary -Extracts binaries from [VaultWarden](https://github.com/dani-garcia/vaultwarden) Docker images automatically. +This repository contains the pre-compiled binary releases of [Vaultwarden](https://github.com/dani-garcia/vaultwarden), the lightweight Bitwarden server API implementation written in Rust. This project aims to provide users with easy access to the Vaultwarden binaries for various platforms. -Downloads are available in [releases](https://github.com/1f349/vaultwarden-binary/releases) +## Table of Contents + +- [Vaultwarden Binary](#vaultwarden-binary) + - [Table of Contents](#table-of-contents) + - [Introduction](#introduction) + - [Download](#download) + - [Installation](#installation) + - [Usage](#usage) + - [Configuration](#configuration) + + +## Introduction + +Vaultwarden is an alternative implementation of the Bitwarden server API. It is lightweight and perfect for self-hosting password management solutions. This repository hosts the binary releases of Vaultwarden for various operating systems, allowing users to quickly download and run Vaultwarden without the need to compile it from source. + +## Download + +You can download the latest version of the Vaultwarden binary for your platform from the [releases page](https://github.com/1f349/vaultwarden-binary/releases). + +Available platforms: +- Linux +- Windows +- macOS + +## Installation + +### Linux + +1. Download the binary from the [releases page](https://github.com/1f349/vaultwarden-binary/releases). +2. Make the binary executable: + ```bash + chmod +x vaultwarden + ``` +3. Move the binary to a directory in your PATH, for example: + ```bash + sudo mv vaultwarden /usr/local/bin/ + ``` + +## Usage + +Once the binary is installed, you can start the Vaultwarden server by running: + +```bash +vaultwarden +``` +By default, Vaultwarden will listen on port 8080. You can access the web vault by navigating to http://localhost:8080 in your web browser. + +## Configuration + +Vaultwarden can be configured using environment variables. For a full list of configuration options, refer to the official Vaultwarden documentation. + +Example: + +```bash +export ROCKET_PORT=8080 +export DATABASE_URL=data/db.sqlite3 +vaultwarden +``` diff --git a/example/deploy-vaultwarden-without-docker.md b/example/deploy-vaultwarden-without-docker.md new file mode 100644 index 0000000..cb71384 --- /dev/null +++ b/example/deploy-vaultwarden-without-docker.md @@ -0,0 +1,121 @@ +# Deploy Vaultwarden Without Docker + +This is an example on how to deploy Vaultwarden without Docker. We will use Vaultwarden binary with systemd service. + +## Directory Structure + +```bash +/opt/vaultwarden +|-- .env +|-- bin +| `-- vaultwarden +|-- lib + |-- data + `-- web-vault +``` + +## .env File + +Refer to [.env.template](https://github.com/dani-garcia/vaultwarden/blob/main/.env.template) + +```bash +ROCKET_ADDRESS=0.0.0.0 +ROCKET_PORT=8080 +DOMAIN=https://your-domain.tld +LOG_LEVEL=error +ORG_EVENTS_ENABLED=true +EVENTS_DAYS_RETAIN=7 + +# https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#using-argon2 +ADMIN_TOKEN='please-fill-it' +ADMIN_RATELIMIT_SECONDS=300 +ADMIN_RATELIMIT_MAX_BURST=3 +ADMIN_SESSION_LIFETIME=20 + +# Behind cloudflare proxy +# IP_HEADER=CF-Connecting-IP + +SIGNUPS_ALLOWED=false +SIGNUPS_VERIFY=true +SIGNUPS_DOMAINS_WHITELIST=your-domain.tld + +# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration +SMTP_HOST="" +SMTP_FROM="" +SMTP_FROM_NAME="" +SMTP_SECURITY=starttls +SMTP_PORT=587 +SMTP_USERNAME="" +SMTP_PASSWORD="" + +# https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification +PUSH_ENABLED=true +PUSH_INSTALLATION_ID="" +PUSH_INSTALLATION_KEY="" + +# I am using PostgresSQL instead of sqlite +DATABASE_URL=postgresql://db_user:db_pass@db_host:5432/db_name + +DATA_FOLDER=data +WEB_VAULT_ENABLED=true +WEB_VAULT_FOLDER=web-vault/ +``` + +## Systemd Service + +Refer to [vaultwarden/wiki](https://github.com/dani-garcia/vaultwarden/wiki/Setup-as-a-systemd-service) + +```bash +sudo nano /etc/systemd/system/vaultwarden.service +``` + +```ini +[Unit] +Description=Vaultwarden +Documentation=https://github.com/dani-garcia/vaultwarden + +# In this example I use PostgreSQL instead of sqlite +After=network.target postgresql.service +Requires=postgresql.service + + +[Service] +# The user/group vaultwarden is run under. the working directory (see below) should allow write and read access to this user/group +User=your-user +Group=your-user +# Use an environment file for configuration. +EnvironmentFile=/opt/vaultwarden/.env +# The location of the compiled binary +ExecStart=/opt/vaultwarden/bin/vaultwarden +# Set reasonable connection and process limits +LimitNOFILE=1048576 +LimitNPROC=64 +# Isolate vaultwarden from the rest of the system +PrivateTmp=true +PrivateDevices=true +ProtectHome=true +ProtectSystem=strict +# Only allow writes to the following directory and set it to the working directory (user and password data are stored here) +WorkingDirectory=/opt/vaultwarden/lib +ReadWritePaths=/opt/vaultwarden/lib +``` + +To make systemd aware of your new file or any changes you made, run + +```bash +$ sudo systemctl daemon-reload +``` + +To start this "service", run + +```bash +$ sudo systemctl start vaultwarden.service +``` + +To enable autostart, run + +```bash +$ sudo systemctl enable vaultwarden.service +``` + +In the same way you can `stop`, `restart` and `disable` the service.