scale-catalog/blueprints/bitwarden/install.sh

#!/usr/local/bin/bash
# This file contains the install script for bitwarden

# Initialise defaults
JAIL_IP="jail_${1}_ip4_addr"
JAIL_IP="${!JAIL_IP%/*}"
HOST_NAME="jail_${1}_host_name"

DB_DATABASE="jail_${1}_db_database"
DB_DATABASE="${!DB_DATABASE:-$1}"

DB_USER="jail_${1}_db_user"
DB_USER="${!DB_USER:-$DB_DATABASE}"

# shellcheck disable=SC2154
INSTALL_TYPE="jail_${1}_db_type"
INSTALL_TYPE="${!INSTALL_TYPE:-mariadb}"

DB_JAIL="jail_${1}_db_jail"
# shellcheck disable=SC2154
DB_HOST="jail_${!DB_JAIL}_ip4_addr"
DB_HOST="${!DB_HOST%/*}:3306"

# shellcheck disable=SC2154
DB_PASSWORD="jail_${1}_db_password"
DB_STRING="mysql://${DB_USER}:${!DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}"
# shellcheck disable=SC2154
ADMIN_TOKEN="jail_${1}_admin_token"

if [ -z "${!DB_PASSWORD}" ]; then
	echo "db_password can't be empty"
	exit 1
fi

if [ -z "${!DB_JAIL}" ]; then
	echo "db_jail can't be empty"
	exit 1
fi

if [ -z "${!JAIL_IP}" ]; then
	echo "ip4_addr can't be empty"
	exit 1
fi

if [ -z "${!ADMIN_TOKEN}" ]; then
ADMIN_TOKEN=$(openssl rand -base64 16)
fi

# install latest rust version, pkg version is outdated and can't build bitwarden_rs
iocage exec "${1}" "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"

# Install Bitwarden_rs
iocage exec "${1}" mkdir -p /usr/local/share/bitwarden/src
iocage exec "${1}" git clone https://github.com/dani-garcia/bitwarden_rs/ /usr/local/share/bitwarden/src
TAG=$(iocage exec "${1}" "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1")
iocage exec "${1}" "git -C /usr/local/share/bitwarden/src checkout ${TAG}"
#TODO replace with: cargo build --features mysql --release
if [ "${INSTALL_TYPE}" == "mariadb" ]; then
	iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release"
	iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql"
else
	iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release"
	iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled"
fi


iocage exec "${1}" cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin

# Download and install webvault
WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest)
WEB_TAG="${WEB_RELEASE_URL##*/}"
iocage exec "${1}" "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden"
iocage exec "${1}" "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/"
iocage exec "${1}" rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz

# shellcheck disable=SC2154
if [ -f "/mnt/${global_dataset_config}/${1}/ssl/bitwarden-ssl.crt" ]; then
    echo "certificate exist... Skipping cert generation"
else
	"No ssl certificate present, generating self signed certificate"
	if [ ! -d "/mnt/${global_dataset_config}/${1}/ssl" ]; then
		echo "cert folder not existing... creating..."
		iocage exec "${1}" mkdir /config/ssl
	fi
	openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.key -out /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.crt
fi

if [ -f "/mnt/${global_dataset_config}/${1}/bitwarden.log" ]; then
	echo "Reinstall of Bitwarden detected... using existing config and database"
elif [ "${INSTALL_TYPE}" == "mariadb" ]; then
	echo "No config detected, doing clean install, utilizing the Mariadb database ${DB_HOST}"
	iocage exec "${!DB_JAIL}" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};"
	iocage exec "${!DB_JAIL}" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${!DB_PASSWORD}';"
	iocage exec "${!DB_JAIL}" mysqladmin reload
else
	echo "No config detected, doing clean install."
fi

iocage exec "${1}" "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin"
iocage exec "${1}" chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config
iocage exec "${1}" mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d
# shellcheck disable=SC2154
cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/bitwarden
cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden
echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden
echo 'export ADMIN_TOKEN="'"${!ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden

if [ "${!ADMIN_TOKEN}" == "NONE" ]; then
	echo "Admin_token set to NONE, disabling admin portal"
else
	echo "Admin_token set and admin portal enabled"
	iocage exec "${1}" echo "${DB_NAME} Admin Token is ${!ADMIN_TOKEN}" > /root/"${1}"_admin_token.txt
fi

iocage exec "${1}" chmod u+x /usr/local/etc/rc.d/bitwarden
iocage exec "${1}" sysrc "bitwarden_enable=YES"
iocage exec "${1}" service bitwarden restart
echo "Jail ${1} finished Bitwarden install."
echo "Admin Token is ${!ADMIN_TOKEN}"
[WIP] Allow multiple installations of same blueprint (#88) * Multi-install support, Blueprints and config changes. Initial commit * Migrating jails to blueprints, first steps. Tested Working: - Transmission - Lidarr - Sonarr - Radarr fix lidarr config (+10 squashed commit) Squashed commit: [5f14653] always link ports folders [f18f2f0] Optional (blueprint) ports mount Fixes #89 [96ef7e7] chmod all the things [129e707] same mistake... again... [e1596dc] missing reference [6da3567] Forgot one reference [d78b5b6] Update wiki.yml [cecc53a] Update filecheck.yml [5244abd] basic settings changed. More involved blueprints still need changes, such as: Bitwarden, nextcloud, Mariadb [6568e92] jails -> blueprints * Added Tested Working: - KMS - Plex - Tautulli - Organizr - InfluxDB - MariaDB Many squashed small fixes included: Make .rc executable (+13 squashed commit) Squashed commit: [b28aa83] use .rc for rc.d config files [e940a48] some mariadb cleanup [dc27aff] testing another way [83bd91b] Mariadb root password alter instead of update, initial config for unifi [0ca3074] some light config cleanup [a0d4352] also remove database from influxdb example config (db should be created when required) [2c218cc] Prepare influxdb and remove unneeded content [1b34109] more shellcheck fixups [c96566c] Some shellcheck cleanup [8969ca7] bitwarden mostly done, some work on nextcloud and unifi [7f89bfa] initial mariadb patch [dd7e85f] missed one problem [f814cb7] Initial pseudo-compatibility patch for unifi Enable Bitwarden support and some small fixes/tweaks Fixes #95 more bugs and typo's (+3 squashed commit) Squashed commit: [3b5213e] Bitwarden not correctly installing db [b7438a5] yeah thats not gonna cut it... >.< [e7987c2] some slight bitwarden tweaks * Enable Unifi support and some small fixes/tweaks small unifi cleanup. Unifi is working (+3 squashed commit) Squashed commit: [d906d2d] chmod unifi [545e999] Add extra sanity, remove unneeded variables from example [b8c0b24] Some small Unifi Tweaks * Nextcloud Cleanup, Some fixes, Initial support for blueprintsystem Fixes #96 Fixes #97 Fixes #98 some bloat and syntax fixes (+5 squashed commit) Squashed commit: [78f6428] Some more nextcloud cleanup and tweaks - combines multiple variables for cert system selection (Fixes #98 ) - Default to self signed cert - Force manual admin password [7cacae4] slight fixes [3d81cda] More cleanup [50496cc] small mariadb fix and more nextcloud cleanup [c1b2c20] Cleaning nextcloud - Remove external DB (Fixes #97 ) - Remove Postgresql (Fixes #96 ) - Some preparation for blueprint * Nextcloud done and.. another... (+5 squashed commit) Squashed commit: [c65751b] caddy not installed right. [e5da66b] more fixes [a33300e] Damnit, two typo's same scentence [4292a7a] another typo [1b820cf] typo and example hotfix * Introduce version checking for config file 2020-05-02 15:45:13 +00:00			`#!/usr/local/bin/bash`
			`# This file contains the install script for bitwarden`

			`# Initialise defaults`
			`JAIL_IP="jail_${1}_ip4_addr"`
			`JAIL_IP="${!JAIL_IP%/*}"`
			`HOST_NAME="jail_${1}_host_name"`

			`DB_DATABASE="jail_${1}_db_database"`
			`DB_DATABASE="${!DB_DATABASE:-$1}"`

			`DB_USER="jail_${1}_db_user"`
			`DB_USER="${!DB_USER:-$DB_DATABASE}"`

			`# shellcheck disable=SC2154`
			`INSTALL_TYPE="jail_${1}_db_type"`
			`INSTALL_TYPE="${!INSTALL_TYPE:-mariadb}"`

			`DB_JAIL="jail_${1}_db_jail"`
			`# shellcheck disable=SC2154`
			`DB_HOST="jail_${!DB_JAIL}_ip4_addr"`
			`DB_HOST="${!DB_HOST%/*}:3306"`

			`# shellcheck disable=SC2154`
			`DB_PASSWORD="jail_${1}_db_password"`
			`DB_STRING="mysql://${DB_USER}:${!DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}"`
			`# shellcheck disable=SC2154`
			`ADMIN_TOKEN="jail_${1}_admin_token"`

			`if [ -z "${!DB_PASSWORD}" ]; then`
			`echo "db_password can't be empty"`
			`exit 1`
			`fi`

			`if [ -z "${!DB_JAIL}" ]; then`
			`echo "db_jail can't be empty"`
			`exit 1`
			`fi`

			`if [ -z "${!JAIL_IP}" ]; then`
			`echo "ip4_addr can't be empty"`
			`exit 1`
			`fi`

			`if [ -z "${!ADMIN_TOKEN}" ]; then`
			`ADMIN_TOKEN=$(openssl rand -base64 16)`
			`fi`

			`# install latest rust version, pkg version is outdated and can't build bitwarden_rs`
			`iocage exec "${1}" "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \| sh -s -- -y"`

			`# Install Bitwarden_rs`
			`iocage exec "${1}" mkdir -p /usr/local/share/bitwarden/src`
			`iocage exec "${1}" git clone https://github.com/dani-garcia/bitwarden_rs/ /usr/local/share/bitwarden/src`
			`TAG=$(iocage exec "${1}" "git -C /usr/local/share/bitwarden/src tag --sort=v:refname \| tail -n1")`
			`iocage exec "${1}" "git -C /usr/local/share/bitwarden/src checkout ${TAG}"`
			`#TODO replace with: cargo build --features mysql --release`
			`if [ "${INSTALL_TYPE}" == "mariadb" ]; then`
			`iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release"`
			`iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql"`
			`else`
			`iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release"`
			`iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled"`
			`fi`


			`iocage exec "${1}" cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin`

			`# Download and install webvault`
			`WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest)`
			`WEB_TAG="${WEB_RELEASE_URL##*/}"`
			`iocage exec "${1}" "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden"`
			`iocage exec "${1}" "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/"`
			`iocage exec "${1}" rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz`

			`# shellcheck disable=SC2154`
			`if [ -f "/mnt/${global_dataset_config}/${1}/ssl/bitwarden-ssl.crt" ]; then`
			`echo "certificate exist... Skipping cert generation"`
			`else`
			`"No ssl certificate present, generating self signed certificate"`
			`if [ ! -d "/mnt/${global_dataset_config}/${1}/ssl" ]; then`
			`echo "cert folder not existing... creating..."`
			`iocage exec "${1}" mkdir /config/ssl`
			`fi`
			`openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.key -out /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.crt`
			`fi`

			`if [ -f "/mnt/${global_dataset_config}/${1}/bitwarden.log" ]; then`
			`echo "Reinstall of Bitwarden detected... using existing config and database"`
			`elif [ "${INSTALL_TYPE}" == "mariadb" ]; then`
			`echo "No config detected, doing clean install, utilizing the Mariadb database ${DB_HOST}"`
			`iocage exec "${!DB_JAIL}" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};"`
			`iocage exec "${!DB_JAIL}" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${!DB_PASSWORD}';"`
			`iocage exec "${!DB_JAIL}" mysqladmin reload`
			`else`
			`echo "No config detected, doing clean install."`
			`fi`

			`iocage exec "${1}" "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin"`
			`iocage exec "${1}" chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config`
			`iocage exec "${1}" mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d`
			`# shellcheck disable=SC2154`
			`cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/bitwarden`
			`cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden`
			`echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden`
			`echo 'export ADMIN_TOKEN="'"${!ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden`

			`if [ "${!ADMIN_TOKEN}" == "NONE" ]; then`
			`echo "Admin_token set to NONE, disabling admin portal"`
			`else`
			`echo "Admin_token set and admin portal enabled"`
			`iocage exec "${1}" echo "${DB_NAME} Admin Token is ${!ADMIN_TOKEN}" > /root/"${1}"_admin_token.txt`
			`fi`

			`iocage exec "${1}" chmod u+x /usr/local/etc/rc.d/bitwarden`
			`iocage exec "${1}" sysrc "bitwarden_enable=YES"`
			`iocage exec "${1}" service bitwarden restart`
			`echo "Jail ${1} finished Bitwarden install."`
			`echo "Admin Token is ${!ADMIN_TOKEN}"`