[arch-commits] Commit in vaultwarden/repos (6 files)
George Rawlinson
grawlinson at archlinux.org
Mon Jun 28 23:10:01 UTC 2021
Date: Monday, June 28, 2021 @ 23:10:01
Author: grawlinson
Revision: 967808
archrelease: copy trunk to community-testing-x86_64
Added:
vaultwarden/repos/community-testing-x86_64/
vaultwarden/repos/community-testing-x86_64/PKGBUILD
(from rev 967807, vaultwarden/trunk/PKGBUILD)
vaultwarden/repos/community-testing-x86_64/vaultwarden.install
(from rev 967807, vaultwarden/trunk/vaultwarden.install)
vaultwarden/repos/community-testing-x86_64/vaultwarden.service
(from rev 967807, vaultwarden/trunk/vaultwarden.service)
vaultwarden/repos/community-testing-x86_64/vaultwarden.sysusers.conf
(from rev 967807, vaultwarden/trunk/vaultwarden.sysusers.conf)
vaultwarden/repos/community-testing-x86_64/vaultwarden.tmpfiles
(from rev 967807, vaultwarden/trunk/vaultwarden.tmpfiles)
---------------------------+
PKGBUILD | 58 ++++++++++++++++++++++++++++++++++++++++++++
vaultwarden.install | 32 ++++++++++++++++++++++++
vaultwarden.service | 55 +++++++++++++++++++++++++++++++++++++++++
vaultwarden.sysusers.conf | 1
vaultwarden.tmpfiles | 3 ++
5 files changed, 149 insertions(+)
Copied: vaultwarden/repos/community-testing-x86_64/PKGBUILD (from rev 967807, vaultwarden/trunk/PKGBUILD)
===================================================================
--- community-testing-x86_64/PKGBUILD (rev 0)
+++ community-testing-x86_64/PKGBUILD 2021-06-28 23:10:01 UTC (rev 967808)
@@ -0,0 +1,58 @@
+# Maintainer: Daniel M. Capella <polyzen at archlinux.org>
+# Maintainer: George Rawlinson <grawlinson at archlinux.org>
+# Contributor: Markus Richter <mqus at disroot dot org>
+# Contributor: Timothée Ravier <tim at siosm.fr
+
+pkgname=vaultwarden
+pkgver=1.22.0
+pkgrel=1
+pkgdesc='Unofficial Bitwarden compatible server written in Rust'
+arch=('x86_64')
+url=https://github.com/dani-garcia/vaultwarden
+license=('GPL3')
+depends=('mariadb-libs' 'openssl' 'postgresql-libs' 'sqlite')
+makedepends=('rustup')
+optdepends=('vaultwarden-web: for the web app')
+provides=('bitwarden_rs')
+replaces=('bitwarden_rs')
+backup=('etc/vaultwarden.env')
+install=$pkgname.install
+source=("$url/archive/$pkgver/$pkgname-$pkgver.tar.gz"
+ "$pkgname.service"
+ "$pkgname.sysusers.conf"
+ "$pkgname.tmpfiles")
+b2sums=('2e59648373373a55667d73507a83ab75b382ce3ad016cdd6612f0f2f775eb0371acfc62c4d60e6f017dde6b63d62f1d76ea1f953978154fa60b84dc5e9853b0f'
+ '9d9c8b1cb1773a23e23dc0c6c99c8311a85793502d4055a80a77934a2149a6da3af0b221456641f34bee8265197267908812e800c9655d6b484fd045264e458a'
+ '6580cf4031f262638abf11e529e8dfc489197afd6cd616c6a7810741e03c004706a5f9358f825aac6644c0ab6b251627ff988ed68f8264120b3575a655972390'
+ '9cdcd6c997c884eb3c1ad0c9b8cd91e68ec6762a27f9b80a7eb6c0cb1ffa4e500a654da6f17e9f985cc67add154efe737761f74e4e5f72892fc0e9d457314973')
+
+prepare() {
+ cd $pkgname-$pkgver
+ sed -i "s,# DATA_FOLDER=data,DATA_FOLDER=/var/lib/$pkgname,
+ s,web-vault/,/usr/share/webapps/$pkgname-web,
+ s,# WEB_VAULT_ENABLED=true,WEB_VAULT_ENABLED=false,
+ s,/path/to/log,/var/log/$pkgname.log,
+ /^# ROCKET_TLS/a ROCKET_LIMITS={json=10485760}" .env.template
+}
+
+build() {
+ cd $pkgname-$pkgver
+ rustup set profile minimal
+ BWRS_VERSION="$pkgver" cargo build --release --locked --features sqlite,mysql,postgresql
+}
+
+check() {
+ cd $pkgname-$pkgver
+ cargo test --release --locked --features sqlite,mysql,postgresql
+}
+
+package() {
+ cd $pkgname-$pkgver
+ install -Dm644 .env.template "$pkgdir"/etc/$pkgname.env
+ install -Dt "$pkgdir"/usr/bin target/release/$pkgname
+ install -Dm644 -t "$pkgdir"/usr/lib/systemd/system ../$pkgname.service
+ install -Dm644 ../$pkgname.sysusers.conf "$pkgdir"/usr/lib/sysusers.d/$pkgname.conf
+ install -Dm644 ../$pkgname.tmpfiles "$pkgdir"/usr/lib/tmpfiles.d/$pkgname.conf
+}
+
+# vim:set ts=2 sw=2 et:
Copied: vaultwarden/repos/community-testing-x86_64/vaultwarden.install (from rev 967807, vaultwarden/trunk/vaultwarden.install)
===================================================================
--- community-testing-x86_64/vaultwarden.install (rev 0)
+++ community-testing-x86_64/vaultwarden.install 2021-06-28 23:10:01 UTC (rev 967808)
@@ -0,0 +1,32 @@
+post_install() {
+ cat << EOF
+!NOTE!
+ bitwarden_rs is now vaultwarden:
+ https://github.com/dani-garcia/vaultwarden/discussions/1642
+
+ If upgrading from bitwarden_rs, do not to leave around files/directories
+ owned by the old bitwarden_rs user/group before removing the old bitwarden_rs
+ user/group.
+
+Configure the server via its environment variables in /etc/vaultwarden.env.
+
+If vaultwarden is run at ports >1024, you should apply these systemd unit
+options via a drop-in file:
+[Service]
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateUsers=yes
+
+If the service produces too much noise in your journal, you can redirect stdout
+to /dev/null (vaultwarden will still also write to /var/log/vaultwarden.log if
+configured to do so):
+[Service]
+StandardOutput=null
+
+Create or edit drop-in file:
+# systemctl edit vaultwarden
+
+Start vaultwarden and enable its systemd service:
+# systemctl enable --now vaultwarden
+EOF
+}
Copied: vaultwarden/repos/community-testing-x86_64/vaultwarden.service (from rev 967807, vaultwarden/trunk/vaultwarden.service)
===================================================================
--- community-testing-x86_64/vaultwarden.service (rev 0)
+++ community-testing-x86_64/vaultwarden.service 2021-06-28 23:10:01 UTC (rev 967808)
@@ -0,0 +1,55 @@
+[Unit]
+Description=Bitwarden Server (Rust Edition)
+Documentation=https://github.com/dani-garcia/vaultwarden
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/vaultwarden
+WorkingDirectory=/var/lib/vaultwarden
+User=vaultwarden
+Group=vaultwarden
+
+# Allow vaultwarden to bind ports in the range of 0-1024 and restrict it to
+# that capability
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+# If vaultwarden is run at ports >1024, you should apply these options via a
+# drop-in file
+#CapabilityBoundingSet=
+#AmbientCapabilities=
+#PrivateUsers=yes
+
+NoNewPrivileges=yes
+
+LimitNOFILE=1048576
+LimitNPROC=64
+UMask=0077
+
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/var/lib/vaultwarden /var/log/vaultwarden.log
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHostname=yes
+ProtectClock=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+RemoveIPC=yes
+
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+SystemCallArchitectures=native
+
+EnvironmentFile=/etc/vaultwarden.env
+
+[Install]
+WantedBy=multi-user.target
Copied: vaultwarden/repos/community-testing-x86_64/vaultwarden.sysusers.conf (from rev 967807, vaultwarden/trunk/vaultwarden.sysusers.conf)
===================================================================
--- community-testing-x86_64/vaultwarden.sysusers.conf (rev 0)
+++ community-testing-x86_64/vaultwarden.sysusers.conf 2021-06-28 23:10:01 UTC (rev 967808)
@@ -0,0 +1 @@
+u vaultwarden - "vaultwarden user"
Copied: vaultwarden/repos/community-testing-x86_64/vaultwarden.tmpfiles (from rev 967807, vaultwarden/trunk/vaultwarden.tmpfiles)
===================================================================
--- community-testing-x86_64/vaultwarden.tmpfiles (rev 0)
+++ community-testing-x86_64/vaultwarden.tmpfiles 2021-06-28 23:10:01 UTC (rev 967808)
@@ -0,0 +1,3 @@
+d /var/lib/vaultwarden 0750 vaultwarden vaultwarden
+h /var/lib/vaultwarden - - - - +C
+f /var/log/vaultwarden.log 0640 vaultwarden vaultwarden
More information about the arch-commits
mailing list