VaultWarden: Difference between revisions

From FlowerHouseWiki
Line 96: Line 96:


=== systemd service ===
=== systemd service ===
<p>Create a service file for bitwarden_rs and paste this:</p>
<p>Create a service file for bitwarden_rs:</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
nano /etc/systemd/system/bitwarden.service
nano /etc/systemd/system/bitwarden.service
</syntaxhighlight>
<p>And paste following:</p>
<syntaxhighlight lang="console" line>
[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
# If you use a database like mariadb,mysql or postgresql,
# you have to add them like the following and uncomment them
# by removing the `# ` before it. This makes sure that your
# database server is started before bitwarden_rs ("After") and has
# started successfully before starting bitwarden_rs ("Requires").
# Only sqlite
After=network.target
# MariaDB
# After=network.target mariadb.service
# Requires=mariadb.service
# Mysql
# After=network.target mysqld.service
# Requires=mysqld.service
# PostgreSQL
# After=network.target postgresql.service
# Requires=postgresql.service
[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User=bitwarden_rs
Group=bitwarden_rs
# The location of the .env file for configuration
EnvironmentFile=/etc/bitwarden_rs.env
# The location of the compiled binary
ExecStart=/usr/bin/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Isolate bitwarden_rs from the rest of the system
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/var/lib/bitwarden_rs
ReadWriteDirectories=/var/lib/bitwarden_rs
# Allow bitwarden_rs to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
</syntaxhighlight>
</syntaxhighlight>


Revision as of 20:43, 23 February 2021

Bitwarden.png

Network

IP: 192.168.88.??
MAC: B6:04:55:14:93:89
Domain: keys.flowerhouse.at

System

OS: Debian Buster
RAM: 512MB
Cores: 1
Privileged: No

The BitWarden-LXC is reachable under 192.168.88.?? which is located in the ServerVLAN.

The subdomain is keys.flowerhouse.at which is handled by the ReverseProxy.

Basic Setup

The original BitWarden-Server is only available with docker, this an alternative software programmed with rust.

Install the required packages:

apt install git curl wget htop pkg-config openssl libssl1.1 libssl-dev build-essential

Rust

Download script and follow installer:

curl https://sh.rustup.rs -sSf | sh

Create environment variable:

echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc
export PATH=~/.cargo/bin:$PATH

After running following command:

which rustc

It should show the path:

/root/.cargo/bin/rustc

NodeJS

Download latest NodeJS package:

wget https://nodejs.org/dist/latest/node-v15.10.0-linux-x64.tar.xz

Unpack and move folder:

tar -xvf nnode-v15.10.0-linux-x64.tar.xz
mv node-v15.10.0-linux-x64.tar.xz /opt/

Create link:

ln -sf /opt/node-v15.10.0-linux-x64 /opt/node

Build bitwarden_rs

To build bitwarden_rs, enough CPU and RAM is needed for it to work, with 4 Cores and 1GB RAM it worked fine.

Clone the bitwarden_rs repository and use cargo to build it:

git clone https://github.com/dani-garcia/bitwarden_rs && pushd bitwarden_rs 
cargo clean && cargo build --features sqlite --release
file target/release/bitwarden_rs

Create folder and move bitwarden_rs:

mkdir /opt/bitwarden
mkdir /opt/bitwarden/data
cd ~/bitwarden_rs/target/release
mv ~/bitwarden_rs/target/release/bitwarden_rs /opt/bitwarden
rm -r ~/bitwarden_rs

Create .env file and paste template configuration:

nano /opt/bitwarden/.env

Install WebVault

It is not needed to build WebVault, you can use one of the prepatched branches

Move to the bitwarden_rs release folder and download WebVault:

wget https://github.com/dani-garcia/bw_web_builds/releases/download/v2.18.1d/bw_web_v2.18.1d.tar.gz

Unpack and rename folder:

tar -xvf bw_web_v2.18.1d.tar.gz
mv bw_web_v2.18.1d.tar.gz web-vault

systemd service

Create a service file for bitwarden_rs:

nano /etc/systemd/system/bitwarden.service

And paste following:

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
# If you use a database like mariadb,mysql or postgresql, 
# you have to add them like the following and uncomment them 
# by removing the `# ` before it. This makes sure that your 
# database server is started before bitwarden_rs ("After") and has 
# started successfully before starting bitwarden_rs ("Requires").

# Only sqlite
After=network.target

# MariaDB
# After=network.target mariadb.service
# Requires=mariadb.service

# Mysql
# After=network.target mysqld.service
# Requires=mysqld.service

# PostgreSQL
# After=network.target postgresql.service
# Requires=postgresql.service


[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User=bitwarden_rs
Group=bitwarden_rs
# The location of the .env file for configuration
EnvironmentFile=/etc/bitwarden_rs.env
# The location of the compiled binary
ExecStart=/usr/bin/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Isolate bitwarden_rs from the rest of the system
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/var/lib/bitwarden_rs
ReadWriteDirectories=/var/lib/bitwarden_rs
# Allow bitwarden_rs to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Sources

Retrieved from "https://wiki.flowerhouse.at/index.php?title=VaultWarden&oldid=393"