You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
337 lines
9.3 KiB
337 lines
9.3 KiB
#!/usr/bin/env bash |
|
set -e |
|
|
|
# Setup |
|
|
|
CYAN='\033[0;36m' |
|
RED='\033[1;31m' |
|
NC='\033[0m' # No Color |
|
|
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" |
|
|
|
OUTPUT_DIR=".." |
|
if [ $# -gt 1 ] |
|
then |
|
OUTPUT_DIR=$2 |
|
fi |
|
|
|
COREVERSION="latest" |
|
if [ $# -gt 2 ] |
|
then |
|
COREVERSION=$3 |
|
fi |
|
|
|
WEBVERSION="latest" |
|
if [ $# -gt 3 ] |
|
then |
|
WEBVERSION=$4 |
|
fi |
|
|
|
KEYCONNECTORVERSION="latest" |
|
if [ $# -gt 4 ] |
|
then |
|
KEYCONNECTORVERSION=$5 |
|
fi |
|
|
|
OS="lin" |
|
[ "$(uname)" == "Darwin" ] && OS="mac" |
|
ENV_DIR="$OUTPUT_DIR/env" |
|
DOCKER_DIR="$OUTPUT_DIR/docker" |
|
|
|
# Initialize UID/GID which will be used to run services from within containers |
|
if ! grep -q "^LOCAL_UID=" $ENV_DIR/uid.env 2>/dev/null || ! grep -q "^LOCAL_GID=" $ENV_DIR/uid.env 2>/dev/null |
|
then |
|
LUID="LOCAL_UID=`id -u $USER`" |
|
[ "$LUID" == "LOCAL_UID=0" ] && LUID="LOCAL_UID=65534" |
|
LGID="LOCAL_GID=`id -g $USER`" |
|
[ "$LGID" == "LOCAL_GID=0" ] && LGID="LOCAL_GID=65534" |
|
mkdir -p $ENV_DIR |
|
echo $LUID >$ENV_DIR/uid.env |
|
echo $LGID >>$ENV_DIR/uid.env |
|
fi |
|
|
|
# Functions |
|
|
|
function install() { |
|
LETS_ENCRYPT="n" |
|
echo -e -n "${CYAN}(!)${NC} Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): " |
|
read DOMAIN |
|
echo "" |
|
|
|
if [ "$DOMAIN" == "" ] |
|
then |
|
DOMAIN="localhost" |
|
fi |
|
|
|
if [ "$DOMAIN" != "localhost" ] |
|
then |
|
echo -e -n "${CYAN}(!)${NC} Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): " |
|
read LETS_ENCRYPT |
|
echo "" |
|
|
|
if [ "$LETS_ENCRYPT" == "y" ] |
|
then |
|
echo -e -n "${CYAN}(!)${NC} Enter your email address (Let's Encrypt will send you certificate expiration reminders): " |
|
read EMAIL |
|
echo "" |
|
|
|
mkdir -p $OUTPUT_DIR/letsencrypt |
|
docker pull certbot/certbot |
|
docker run -it --rm --name certbot -p 80:80 -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \ |
|
certonly --standalone --noninteractive --agree-tos --preferred-challenges http \ |
|
--email $EMAIL -d $DOMAIN --logs-dir /etc/letsencrypt/logs |
|
fi |
|
fi |
|
|
|
echo -e -n "${CYAN}(!)${NC} Enter the database name for your Bitwarden instance (ex. vault): " |
|
read DATABASE |
|
echo "" |
|
|
|
if [ "$DATABASE" == "" ] |
|
then |
|
DATABASE="vault" |
|
fi |
|
|
|
pullSetup |
|
docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden \ |
|
--env-file $ENV_DIR/uid.env bitwarden/setup:$COREVERSION \ |
|
dotnet Setup.dll -install 1 -domain $DOMAIN -letsencrypt $LETS_ENCRYPT -os $OS \ |
|
-corev $COREVERSION -webv $WEBVERSION -dbname "$DATABASE" -keyconnectorv $KEYCONNECTORVERSION |
|
} |
|
|
|
function dockerComposeUp() { |
|
dockerComposeFiles |
|
dockerComposeVolumes |
|
docker-compose up -d |
|
} |
|
|
|
function dockerComposeDown() { |
|
dockerComposeFiles |
|
if [ $(docker-compose ps | wc -l) -gt 2 ]; then |
|
docker-compose down |
|
fi |
|
} |
|
|
|
function dockerComposePull() { |
|
dockerComposeFiles |
|
docker-compose pull |
|
} |
|
|
|
function dockerComposeFiles() { |
|
if [ -f "${DOCKER_DIR}/docker-compose.override.yml" ] |
|
then |
|
export COMPOSE_FILE="$DOCKER_DIR/docker-compose.yml:$DOCKER_DIR/docker-compose.override.yml" |
|
else |
|
export COMPOSE_FILE="$DOCKER_DIR/docker-compose.yml" |
|
fi |
|
export COMPOSE_HTTP_TIMEOUT="300" |
|
} |
|
|
|
function dockerComposeVolumes() { |
|
createDir "core" |
|
createDir "core/attachments" |
|
createDir "logs" |
|
createDir "logs/admin" |
|
createDir "logs/api" |
|
createDir "logs/events" |
|
createDir "logs/icons" |
|
createDir "logs/identity" |
|
createDir "logs/mssql" |
|
createDir "logs/nginx" |
|
createDir "logs/notifications" |
|
createDir "logs/sso" |
|
createDir "logs/portal" |
|
createDir "mssql/backups" |
|
createDir "mssql/data" |
|
} |
|
|
|
function createDir() { |
|
if [ ! -d "${OUTPUT_DIR}/$1" ] |
|
then |
|
echo "Creating directory $OUTPUT_DIR/$1" |
|
mkdir -p $OUTPUT_DIR/$1 |
|
fi |
|
} |
|
|
|
function dockerPrune() { |
|
docker image prune --all --force --filter="label=com.bitwarden.product=bitwarden" \ |
|
--filter="label!=com.bitwarden.project=setup" |
|
} |
|
|
|
function updateLetsEncrypt() { |
|
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ] |
|
then |
|
docker pull certbot/certbot |
|
docker run -i --rm --name certbot -p 443:443 -p 80:80 \ |
|
-v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \ |
|
renew --logs-dir /etc/letsencrypt/logs |
|
fi |
|
} |
|
|
|
function forceUpdateLetsEncrypt() { |
|
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ] |
|
then |
|
docker pull certbot/certbot |
|
docker run -i --rm --name certbot -p 443:443 -p 80:80 \ |
|
-v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \ |
|
renew --logs-dir /etc/letsencrypt/logs --force-renew |
|
fi |
|
} |
|
|
|
function updateDatabase() { |
|
pullSetup |
|
dockerComposeFiles |
|
MSSQL_ID=$(docker-compose ps -q mssql) |
|
docker run -i --rm --name setup --network container:$MSSQL_ID \ |
|
-v $OUTPUT_DIR:/bitwarden --env-file $ENV_DIR/uid.env bitwarden/setup:$COREVERSION \ |
|
dotnet Setup.dll -update 1 -db 1 -os $OS -corev $COREVERSION -webv $WEBVERSION -keyconnectorv $KEYCONNECTORVERSION |
|
echo "Database update complete" |
|
} |
|
|
|
function updatebw() { |
|
KEY_CONNECTOR_ENABLED=$(grep -A3 'enable_key_connector:' $OUTPUT_DIR/config.yml | tail -n1 | awk '{ print $2}') |
|
CORE_ID=$(docker-compose ps -q admin) |
|
WEB_ID=$(docker-compose ps -q web) |
|
if [ "$KEY_CONNECTOR_ENABLED" = true ]; |
|
then |
|
KEYCONNECTOR_ID=$(docker-compose ps -q key-connector) |
|
fi |
|
|
|
if [ $KEYCONNECTOR_ID ] && |
|
docker inspect --format='{{.Config.Image}}:' $CORE_ID | grep -F ":$COREVERSION:" | grep -q ":[0-9.]*:$" && |
|
docker inspect --format='{{.Config.Image}}:' $WEB_ID | grep -F ":$WEBVERSION:" | grep -q ":[0-9.]*:$" && |
|
docker inspect --format='{{.Config.Image}}:' $KEYCONNECTOR_ID | grep -F ":$KEYCONNECTORVERSION:" | grep -q ":[0-9.]*:$" |
|
then |
|
echo "Update not needed" |
|
exit |
|
elif |
|
docker inspect --format='{{.Config.Image}}:' $CORE_ID | grep -F ":$COREVERSION:" | grep -q ":[0-9.]*:$" && |
|
docker inspect --format='{{.Config.Image}}:' $WEB_ID | grep -F ":$WEBVERSION:" | grep -q ":[0-9.]*:$" |
|
then |
|
echo "Update not needed" |
|
exit |
|
fi |
|
dockerComposeDown |
|
update withpull |
|
restart |
|
dockerPrune |
|
echo "Pausing 60 seconds for database to come online. Please wait..." |
|
sleep 60 |
|
} |
|
|
|
function update() { |
|
if [ "$1" == "withpull" ] |
|
then |
|
pullSetup |
|
fi |
|
docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden \ |
|
--env-file $ENV_DIR/uid.env bitwarden/setup:$COREVERSION \ |
|
dotnet Setup.dll -update 1 -os $OS -corev $COREVERSION -webv $WEBVERSION -keyconnectorv $KEYCONNECTORVERSION |
|
} |
|
|
|
function uninstall() { |
|
echo -e -n "${RED}(WARNING: UNINSTALL STARTED) Would you like to save the database files? (y/n): ${NC}" |
|
read KEEP_DATABASE |
|
|
|
if [ "$KEEP_DATABASE" == "y" ] |
|
then |
|
echo "Saving database files." |
|
tar -cvzf "./bitwarden_database.tar.gz" "$OUTPUT_DIR/mssql" |
|
echo -e -n "${RED}(SAVED DATABASE FILES: YES): WARNING: ALL DATA WILL BE REMOVED, INCLUDING THE FOLDER $OUTPUT_DIR): Are you sure you want to uninstall Bitwarden? (y/n): ${NC}" |
|
read UNINSTALL_ACTION |
|
else |
|
echo -e -n "${RED}WARNING: ALL DATA WILL BE REMOVED, INCLUDING THE FOLDER $OUTPUT_DIR): Are you sure you want to uninstall Bitwarden? (y/n): ${NC}" |
|
read UNINSTALL_ACTION |
|
fi |
|
|
|
|
|
if [ "$UNINSTALL_ACTION" == "y" ] |
|
then |
|
echo "Uninstalling Bitwarden..." |
|
dockerComposeDown |
|
echo "Removing $OUTPUT_DIR" |
|
rm -R $OUTPUT_DIR |
|
echo "Removing MSSQL docker volume." |
|
docker volume prune --force --filter="label=com.bitwarden.product=bitwarden" |
|
echo "Bitwarden uninstall complete!" |
|
else |
|
echo -e -n "${CYAN}(!) Bitwarden uninstall canceled. ${NC}" |
|
exit 1 |
|
fi |
|
|
|
echo -e -n "${RED}(!) Would you like to purge all local Bitwarden container images? (y/n): ${NC}" |
|
read PURGE_ACTION |
|
if [ "$PURGE_ACTION" == "y" ] |
|
then |
|
dockerPrune |
|
echo -e -n "${CYAN}Bitwarden uninstall complete! ${NC}" |
|
fi |
|
|
|
} |
|
|
|
function printEnvironment() { |
|
pullSetup |
|
docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden \ |
|
--env-file $ENV_DIR/uid.env bitwarden/setup:$COREVERSION \ |
|
dotnet Setup.dll -printenv 1 -os $OS -corev $COREVERSION -webv $WEBVERSION -keyconnectorv $KEYCONNECTORVERSION |
|
} |
|
|
|
function restart() { |
|
dockerComposeDown |
|
dockerComposePull |
|
updateLetsEncrypt |
|
dockerComposeUp |
|
printEnvironment |
|
} |
|
|
|
function certRestart() { |
|
dockerComposeDown |
|
dockerComposePull |
|
forceUpdateLetsEncrypt |
|
dockerComposeUp |
|
printEnvironment |
|
} |
|
|
|
function pullSetup() { |
|
docker pull bitwarden/setup:$COREVERSION |
|
} |
|
|
|
# Commands |
|
|
|
case $1 in |
|
"install") |
|
install |
|
;; |
|
"start" | "restart") |
|
restart |
|
;; |
|
"pull") |
|
dockerComposePull |
|
;; |
|
"stop") |
|
dockerComposeDown |
|
;; |
|
"renewcert") |
|
certRestart |
|
;; |
|
"updateconf") |
|
dockerComposeDown |
|
update withpull |
|
;; |
|
"updatedb") |
|
updateDatabase |
|
;; |
|
"update") |
|
dockerComposeFiles |
|
updatebw |
|
updateDatabase |
|
;; |
|
"uninstall") |
|
dockerComposeFiles |
|
uninstall |
|
;; |
|
"rebuild") |
|
dockerComposeDown |
|
update nopull |
|
;; |
|
esac
|
|
|