services:vaultwarden
This is an old revision of the document!
Table of Contents
Vaultwarden
Self-hosted Bitwarden-compatible password manager.
Access
| Item | Value |
|---|---|
| URL | https://vault.home.miskam.xyz |
| Internal | https://vault.srv.internal |
| Admin | https://vault.home.miskam.xyz/admin |
| Container | CT 112 |
| IP | 10.100.161.112:8080 |
Installation
Vaultwarden hat keine offiziellen Binaries mehr — wir extrahieren aus dem Alpine Docker Image.
# Container erstellen pct create 112 local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst \ --hostname vaultwarden \ --memory 512 --swap 256 \ --cores 1 \ --net0 name=eth0,bridge=vmbr0,tag=160,ip=10.100.161.112/23,gw=10.100.161.254 \ --features nesting=1 \ --unprivileged 1 \ --start 1 # Dependencies pct exec 112 -- apt update pct exec 112 -- apt install -y wget ca-certificates libpq5 # Binary aus Alpine Docker Image extrahieren (auf Host mit Docker) docker create --name vw-temp vaultwarden/server:alpine docker cp vw-temp:/vaultwarden /tmp/vaultwarden docker cp vw-temp:/web-vault /tmp/web-vault docker rm vw-temp # Auf Container kopieren pct push 112 /tmp/vaultwarden /usr/local/bin/vaultwarden pct push 112 /tmp/web-vault /var/lib/vaultwarden/web-vault --recursive pct exec 112 -- chmod +x /usr/local/bin/vaultwarden # PostgreSQL-Datenbank anlegen (auf CT 110) pct exec 110 -- su - postgres -c "psql" << SQL CREATE USER vaultwarden WITH PASSWORD 'DB_PASSWORD'; CREATE DATABASE vaultwarden OWNER vaultwarden; SQL # Systemd Service pct exec 112 -- tee /etc/systemd/system/vaultwarden.service << SERVICE [Unit] Description=Vaultwarden After=network.target [Service] Type=simple User=root Environment=ROCKET_ADDRESS=0.0.0.0 Environment=ROCKET_PORT=8080 Environment=DATABASE_URL=postgresql://vaultwarden:[email protected]/vaultwarden Environment=ADMIN_TOKEN=ADMIN_TOKEN_HASH Environment=DOMAIN=https://vault.home.miskam.xyz Environment=WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault Environment=DATA_FOLDER=/var/lib/vaultwarden/data WorkingDirectory=/var/lib/vaultwarden ExecStart=/usr/local/bin/vaultwarden Restart=always [Install] WantedBy=multi-user.target SERVICE pct exec 112 -- mkdir -p /var/lib/vaultwarden/data pct exec 112 -- systemctl daemon-reload pct exec 112 -- systemctl enable --now vaultwarden
Admin Token generieren
# Argon2 Hash für Admin Token echo -n 'DEIN_ADMIN_PASSWORD' | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4
Organizations
| Org | Collection | Zweck |
|---|---|---|
| mxmlabs | Network Automation | Bot-Zugriff auf Credentials |
Bot-Account: [email protected]
Management
# Status pct exec 112 -- systemctl status vaultwarden # Logs pct exec 112 -- journalctl -u vaultwarden -f # Admin Panel öffnen # https://vault.home.miskam.xyz/admin
Backup
- Datenbank: PostgreSQL — siehe PostgreSQL Backup
- Attachments: /var/lib/vaultwarden/data/
Related
- PostgreSQL - Database
- Containers - CT 112 details
services/vaultwarden.1770421602.txt.gz · Last modified: by 127.0.0.1