====== Vaultwarden ohne Docker ======

Am einfachsten Vaultwarden ohne Docker zu installieren ist das Docker Image zu extrahieren. Dieses Vorgehen wird nachfolgend erläutert und basiert auf https://www.bloovis.com/posts/2023-10-06-vaultwarden-without-docker/.

===== Vaultwarden installieren =====

Vorbereitung zur Docker Extraktion:\\
<code>
mkdir vw-image
cd vw-image
wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract
chmod +x docker-image-extract
</code>

Extraktion des Docker Image:\\
<code>
./docker-image-extract vaultwarden/server:latest
</code>

Erstellung der notwendigen Verzeichnisse:\\
<code>
mkdir /opt/vaultwarden
mkdir /var/lib/vaultwarden
mkdir /var/lib/vaultwarden/data
</code>

Erstellung eines Benutzers und dessen Berechtigungen:\\
<code>
useradd vaultwarden
chown -R vaultwarden:vaultwarden /var/lib/vaultwarden
</code>

Verschieben der Vaultwarden Dateien in die neuen Verzeichnisse:\\
<code>
mv output/vaultwarden /opt/vaultwarden
mv output/web-vault /var/lib/vaultwarden
</code>

Löschen der nicht mehr benötigten Dateien:\\
<code>
rm -Rf output
rm -Rf docker-image-extract
</code>

===== Vaultwarden konfigurieren =====
Hash Generierung des Adminpassworts\\
<code>
/opt/vaultwarden/vaultwarden hash
</code>

Anlegen der Konfigurationsdatei ''%%/var/lib/vaultwarden/.env%%''\\
<code>
ROCKET_ADDRESS=<IP ADRESSE des Interface>
DOMAIN=https://www.example.com/vaultwarden/
ORG_CREATION_USERS=user@example.com
ADMIN_TOKEN='<hash produced by vaultwarden hash earlier>'
SIGNUPS_ALLOWED=false
SMTP_HOST=smtp.example.com
SMTP_FROM=vaultwarden@example.com
SMTP_FROM_NAME=Vaultwarden
SMTP_PORT=587          # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and us>
SMTP_SSL=true          # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_>
SMTP_EXPLICIT_TLS=false # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this o>
SMTP_USERNAME=user@example.com
SMTP_PASSWORD=mysmtppassword
SMTP_TIMEOUT=15
</code>

Erstellung der Dienstdatei\\
<code>
[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/vaultwarden
After=network.target

[Service]
User=vaultwarden
Group=vaultwarden
EnvironmentFile=/var/lib/vaultwarden/.env
ExecStart=/opt/vaultwarden/vaultwarden
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
WorkingDirectory=/var/lib/vaultwarden
ReadWriteDirectories=/var/lib/vaultwarden
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
</code>

Autostart des Dienst && starten des Dienstes\\
<code>
systemctl enable vaultwarden
systemctl start vaultwarden
systemctl status vaultwarden
</code>

===== Update Script =====
Create empty script file and make it executable.

<code>
touch /root/Update_Vaultwarden.sh
chmod +x /root/Update_Vaultwarden.sh
</code>

Paste the following content into the file
<code>
#!/bin/bash
### Author Oliver Lehmann
### Date: 12 January 2024


echo "Stopping service."
systemctl stop vaultwarden

echo "Creating Backup of Credentials Store."
rm -R /root/Backups
cd /var/lib/vaultwarden
mkdir /root/Backups
tar cfz /root/Backups/vaultwarden.tar.gz data .env &> /dev/null

echo "Removing old directories."
rm -R /opt/vaultwarden
rm -R /var/lib/vaultwarden

echo "Getting new Docker Version and Extractor"
mkdir /root/vw-image
cd /root/vw-image
wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract &> /dev/null
chmod +x docker-image-extract
./docker-image-extract vaultwarden/server:latest &> /dev/null
#./docker-image-extract vaultwarden/server:testing &> /dev/null

echo "Setting up directories & moving new files."
mkdir /opt/vaultwarden
mkdir /var/lib/vaultwarden
mv output/vaultwarden /opt/vaultwarden
mv output/web-vault /var/lib/vaultwarden

echo "Restoring backups and setting access permissions."
cd /var/lib/vaultwarden
tar xfz /root/Backups/vaultwarden.tar.gz
chown -R vaultwarden:vaultwarden /var/lib/vaultwarden

echo "Removing installation files."
cd
rm -R vw-image

echo "Starting vaultwarden."
systemctl start vaultwarden

echo "****************************************************************"
echo ""
echo "  The Backup will be removed with the next run of this script   "
echo ""
echo "****************************************************************"
</code>