Differences

This shows you the differences between two versions of the page.

--- services:vaultwarden [2026/02/06 23:46] – external edit 127.0.0.1
+++ services:vaultwarden [2026/02/08 08:42] (current) – created - external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Vaultwarden ======
-Self-hosted Bitwarden-compatible password manager.
+Self-hosted Bitwarden-kompatibler Password Manager.
-===== Access =====
+===== Details =====
-^ Item ^ Value ^
+^ Key ^ Value ^
-| URL | [[https://vault.home.miskam.xyz]] |
-| Internal | [[https://vault.srv.internal]] |
-| Admin | [[https://vault.home.miskam.xyz/admin]] |
 | Container | CT 112 |
-| IP | 10.100.161.112:8080 |
+| IP | 10.100.161.112 |
+| Port | 8080 |
+| RAM | 512 MB |
+| URL | https://vault.home.miskam.xyz |
-===== Installation =====
+===== Deployment =====
-Vaultwarden hat keine offiziellen Binaries mehr — wir extrahieren aus dem Alpine Docker Image.
+Vaultwarden Binary wird aus dem Docker-Image extrahiert (keine prebuilt Binaries verfügbar).
+Tool: [[https://github.com/jjlin/docker-image-extract|docker-image-extract]]
 <code bash>
-# Container erstellen
+# Binary extrahieren
-pct create 112 local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst \
+./docker-image-extract vaultwarden/server:latest
-  --hostname vaultwarden \
+cp output/vaultwarden /opt/vaultwarden/
-  --memory 512 --swap 256 \
+cp -r output/web-vault/* /opt/vaultwarden/web-vault/
-  --cores 1 \
+</code>
-  --net0 name=eth0,bridge=vmbr0,tag=160,ip=10.100.161.112/23,gw=10.100.161.254 \
-  --features nesting=1 \
-  --unprivileged 1 \
-  --start 1
-# Dependencies
+===== Features =====
-pct exec 112 -- apt update
-pct exec 112 -- apt install -y wget ca-certificates libpq5
-# Binary aus Alpine Docker Image extrahieren (auf Host mit Docker)
+  * Bitwarden-kompatible API
-docker create --name vw-temp vaultwarden/server:alpine
+  * Browser Extensions
-docker cp vw-temp:/vaultwarden /tmp/vaultwarden
+  * Mobile Apps
-docker cp vw-temp:/web-vault /tmp/web-vault
+  * Organizations & Collections
-docker rm vw-temp
+  * Admin Panel
-# Auf Container kopieren
+===== Struktur =====
-pct push 112 /tmp/vaultwarden /usr/local/bin/vaultwarden
-pct push 112 /tmp/web-vault /var/lib/vaultwarden/web-vault --recursive
-pct exec 112 -- chmod +x /usr/local/bin/vaultwarden
-# PostgreSQL-Datenbank anlegen (auf CT 110)
+<code>
-pct exec 110 -- su - postgres -c "psql" << SQL
+/opt/vaultwarden/
-CREATE USER vaultwarden WITH PASSWORD 'DB_PASSWORD';
+├── vaultwarden          # Binary
-CREATE DATABASE vaultwarden OWNER vaultwarden;
+├── .env                 # Environment config
-SQL
+├── data/                # SQLite DB + Attachments
+└── web-vault/           # Web UI
+</code>
-# Systemd Service
+===== Datenbank =====
-pct exec 112 -- tee /etc/systemd/system/vaultwarden.service << SERVICE
-[Unit]
-Description=Vaultwarden
-After=network.target
-[Service]
+Zwei Optionen:
-Type=simple
+  * **SQLite** (default): /opt/vaultwarden/data/db.sqlite3
-User=root
+  * **PostgreSQL**: 10.100.161.110
-Environment=ROCKET_ADDRESS=0.0.0.0
-Environment=ROCKET_PORT=8080
-Environment=DATABASE_URL=postgresql://vaultwarden:DB_PASSWORD@10.100.161.110/vaultwarden
-Environment=ADMIN_TOKEN=ADMIN_TOKEN_HASH
-Environment=DOMAIN=https://vault.home.miskam.xyz
-Environment=WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault
-Environment=DATA_FOLDER=/var/lib/vaultwarden/data
-WorkingDirectory=/var/lib/vaultwarden
-ExecStart=/usr/local/bin/vaultwarden
-Restart=always
-[Install]
+===== Service =====
-WantedBy=multi-user.target
-SERVICE
-pct exec 112 -- mkdir -p /var/lib/vaultwarden/data
-pct exec 112 -- systemctl daemon-reload
-pct exec 112 -- systemctl enable --now vaultwarden
-</code>
-==== Admin Token generieren ====
 <code bash>
-# Argon2 Hash für Admin Token
+systemctl status vaultwarden
-echo -n 'DEIN_ADMIN_PASSWORD' | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4
+journalctl -u vaultwarden -f
 </code>
-===== Organizations =====
+===== Admin Panel =====
-^ Org ^ Collection ^ Zweck ^
+  * URL: https://vault.home.miskam.xyz/admin
-| mxmlabs | Network Automation | Bot-Zugriff auf Credentials |
+  * Token: In Vaultwarden selbst gespeichert
-Bot-Account: [email protected]
+===== Backup =====
-===== Management =====
 <code bash>
-# Status
+# Alles sichern
-pct exec 112 -- systemctl status vaultwarden
+rsync -av /opt/vaultwarden/data/ backup/
+</code>
-# Logs
+===== Ansible =====
-pct exec 112 -- journalctl -u vaultwarden -f
-# Admin Panel öffnen
+<code bash>
-# https://vault.home.miskam.xyz/admin
+ansible-playbook site.yml --limit vaultwarden
 </code>
-===== Backup =====
+===== Secrets Management =====
+Alle Infrastruktur-Credentials sind hier gespeichert:
+  * **Organisation:** mxmlabs
+  * **Collection:** Network Automation
-  * **Datenbank:** PostgreSQL — siehe [[services:postgresql|PostgreSQL Backup]]
+Das Ansible Bitwarden Lookup Plugin holt Secrets zur Laufzeit.
-  * **Attachments:** /var/lib/vaultwarden/data/
-===== Related =====
+===== Links =====
-  * [[services:postgresql|PostgreSQL]] - Database
+  * [[https://github.com/dani-garcia/vaultwarden|Vaultwarden GitHub]]
-  * [[infrastructure:containers|Containers]] - CT 112 details
+  * [[https://github.com/jjlin/docker-image-extract|docker-image-extract]]
+  * [[https://bitwarden.com/help/|Bitwarden Help]]