vpolaris
diff --git a/‎Dockerfile
+276 b/‎Dockerfile
+276
diff --git a/‎README.md
+12-13 b/‎README.md
+12-13
diff --git a/‎configurations/serveur-status.conf ‎configurations/server-status.conf
+2-2 b/‎configurations/serveur-status.conf ‎configurations/server-status.conf
+2-2
@@ -0,0 +1,276 @@
+FROM scratch
+LABEL maintainer="szfd9g <[email protected]>"                    
+ENV DISTTAG=f35container FGC=f35 FBR=f35 container=podman
+ENV DNFOPTION="--setopt=install_weak_deps=False --nodocs"
+ENV DB_BACKUP enabled
+ENV LANG C.UTF8
+ENV TERM=xterm
+ARG admpass
+ARG OS
+ARG HTTPS
+
+#Add Image container
+ADD layer.tar / 
+
+#Create Vaultwarden user and admin container manager
+RUN printf "Create Vaultwarden user \n" \
+    && adduser -u 10502 --shell /bin/bash --comment "Vaultwarden RS User Service" --user-group -m vaultwarden
+
+#System update
+RUN printf "System update \n" \
+    && dnf makecache \
+    && dnf -y upgrade \
+        dnf \
+        rpm \
+        yum \
+        libmodulemd $DNFOPTION \
+    && dnf -y upgrade $DNFOPTION
+
+
+#Install apache
+RUN printf "Install apache \n" \
+    && dnf -y install \
+        httpd \
+        mod_ssl \
+        openssl $DNFOPTION
+
+#Install Dev tools
+RUN printf "Install development tools \n" \
+    && dnf -y install \
+         git \
+         gcc \
+         openssl-devel \
+         python2 $DNFOPTION
+
+RUN clear \
+    && printf  "Selected OS is ${OS}\n" \
+    && if [ "${OS}" == "CentOS" ]; then \
+        dnf -y install gcc-c++ make $DNFOPTION; \
+    else \
+        dnf -y install g++ $DNFOPTION \
+    ;fi
+
+#Install Rust
+RUN clear \
+    && printf  "Rust Installation \n" \
+    &&curl  -Lo /tmp/sh.rustup.rs -sSf https://sh.rustup.rs \
+    && bash -E /tmp/sh.rustup.rs -y --default-host "$(uname -m)"-unknown-linux-gnu --default-toolchain nightly --profile minimal
+ENV PATH="~/.cargo/bin:${PATH}"
+
+#Install Node.JS and npm
+RUN clear \
+    && printf  "Install node.js and npm\n" \
+    # && curl -Lo /tmp/setup_14.x -sSf https://rpm.nodesource.com/setup_14.x \
+    # && bash -E /tmp/setup_14.x \
+    # && sed -i 's/failovermethod=priority/#failovermethod=priority/g' /etc/yum.repos.d/nodesource-fc34.repo \
+    && dnf -y module install nodejs:16/development $DNFOPTION \
+    && npm -g install npm@8
+
+# Compile the back-end
+RUN clear \
+    && printf  "Compile the back-end \n" \
+    && git clone https://github.com/dani-garcia/vaultwarden.git /tmp/vaultwarden \
+    && ~/.cargo/bin/cargo build --features sqlite --release --manifest-path=/tmp/vaultwarden/Cargo.toml
+
+#Compile the front-end
+
+RUN mkdir /tmp/vault
+
+RUN clear \
+    && printf "Clone Web vault\n" \
+    && git clone https://github.com/bitwarden/web.git /tmp/vault \
+    && chown -R vaultwarden:vaultwarden /tmp/vault
+
+USER vaultwarden
+WORKDIR /tmp/vault
+
+RUN clear \
+    && printf "Select Branch\n" \
+    && git pull origin master \
+    && printf "Select Version\n" \
+    && git checkout v2.28.0 \
+    && printf "Update Web vault\n" \
+    && git submodule update --recursive --init
+
+RUN printf "Apply patch\n" \
+    && curl -Lo v2.28.0.patch -sSf https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.28.0.patch \
+    && chown vaultwarden:vaultwarden v2.28.0.patch \
+    && git apply v2.28.0.patch --reject
+
+RUN printf "NPM Compile\n" \
+    && npm ci --legacy-peer-deps \
+    && npm run dist:oss:selfhost
+
+USER root
+WORKDIR /
+
+RUN clear \
+    && printf  "Create admin user\n" \
+    && if [[ -z "$admpass" ]] ; then \
+        user_password="$(tr -cd [:alnum:] < /dev/urandom | fold -w 16 | head -n 1)";export user_password; adduser --shell /bin/bash --comment "Admin RS server" --user-group -G wheel -m --password $(mkpasswd -H md5 ${user_password}) admin;echo "Admin RS Password is ${user_password}"; \
+    else \ 
+        adduser --shell /bin/bash --comment "Admin RS server" --user-group -G wheel -m --password $(openssl passwd -1 ${admpass}) admin;echo "Admin RS Password is ${admpass}" \
+    ;fi
+
+RUN printf  "Create Directory Structure\n" \
+    && if ! [ -d  "var/lib/vaultwarden/data" ]; then \
+        mkdir -p /var/lib/vaultwarden/{data,certs,logs,backup} \
+        && mkdir -p /var/lib/vaultwarden/logs/{vaultwarden,httpd} \
+      ;fi
+
+RUN if ! [ -d  "var/lib/vaultwarden/logs/vaultwarden" ]; then \
+        mkdir -p /var/lib/vaultwarden/logs/{vaultwarden,httpd} \
+    ;fi
+
+RUN mkdir -p /etc/vaultwarden /home/admin/.ssl \
+    && chown -R vaultwarden:vaultwarden /var/lib/vaultwarden/ \
+    && chown -R admin:vaultwarden /home/admin/.ssl
+
+#Move files and set permissions
+
+#vaultwarden RS server
+RUN printf  "Move files and set permissions\n" \
+    && mv /tmp/vaultwarden/target/release/vaultwarden /usr/local/bin/vaultwarden
+COPY ./configurations/.env /etc/vaultwarden/.env
+RUN chmod -R 750 /usr/local/bin/vaultwarden /var/lib/vaultwarden/ \
+    && chmod -R 770 /etc/vaultwarden/ \
+    && chown -R root:vaultwarden /usr/local/bin/vaultwarden /etc/vaultwarden/
+
+#Apache
+RUN clear \
+    && printf  "Configure Appache\n" \
+COPY ./configurations/ssl.conf /etc/httpd/conf.d/ssl.conf
+COPY ./configurations/server-status.conf /etc/httpd/conf.d/server-status.conf
+COPY ./configurations/vhost.conf /etc/httpd/conf.d/vhost.conf
+RUN chmod 644 /etc/httpd/conf.d/{ssl.conf,vhost.conf,server-status.conf} \ 
+    && cp -a /tmp/vault/build/ /var/www/vault/ \
+    && chown -R apache:apache /var/www/vault/ /var/lib/vaultwarden/logs/httpd
+
+#Create certificates and keys for Vault if are not provided
+RUN clear \
+    && printf  "Configure Certificates\n" \
+    && if ! [ -f  "/var/lib/vaultwarden/certs/CA-Vaultwarden.pem" ]; then \
+            openssl req -new -x509 -nodes -days 7300 -outform PEM -newkey rsa:4096 -sha256 \
+            -keyout /home/admin/.ssl/CA-Vaultwarden.key \
+            -out /home/admin/.ssl/CA-Vaultwarden.pem \
+            -subj "/CN=CA Vaultwarden/[email protected]/C=FR/ST=IDF/L=Paris/O=Podman Inc/OU=Podman builder" \
+            && cp /home/admin/.ssl/CA-Vaultwarden.* /var/lib/vaultwarden/certs; \
+       else \
+            cp /var/lib/vaultwarden/certs/CA-Vaultwarden.pem /home/admin/.ssl/CA-Vaultwarden.pem \
+       ;fi
+
+RUN if [ -f  "/var/lib/valtwarden/certs/CA-Vaultwarden.key" ]; then \
+        cp /var/lib/vaultwarden/certs/CA-vaultwarden.key /home/admin/.ssl/CA-Vaultwarden.key \
+    ;fi
+
+RUN if ! [ -f  "/var/lib/vaultwarden/certs/vaultwarden.pem" ]; then \
+        openssl req -nodes -newkey rsa:2048 -sha256 \
+        -keyout /etc/pki/tls/private/vaultwarden.key \
+        -out /home/admin/.ssl/vaultwarden.csr \
+        -subj "/CN=vault.vaultwarden.lan/[email protected]/C=FR/ST=IDF/L=Paris/O=Podman Inc/OU=Podman builder" \
+        && cp /home/admin/.ssl/vaultwarden.csr /var/lib/vaultwarden/certs \
+        && cp /etc/pki/tls/private/vaultwarden.key /var/lib/vaultwarden/certs \
+    ;else \
+        cp /var/lib/vaultwarden/certs/vaultwarden.csr /home/admin/.ssl/vaultwarden.csr \
+        && cp /var/lib/vaultwarden/certs/vaultwarden.key /etc/pki/tls/private/vaultwarden.key \
+    ;fi
+
+RUN if ! [ -f  "/var/lib/vaultwarden/certs/vaultwarden.pem" ]; then \
+        openssl x509 -req -outform PEM -CAcreateserial \
+        -in /home/admin/.ssl/vaultwarden.csr \
+        -CA /home/admin/.ssl/CA-Vaultwarden.pem \
+        -CAkey /home/admin/.ssl/CA-Vaultwarden.key \
+        -out /etc/pki/tls/certs/vaultwarden.pem; \
+        cp /etc/pki/tls/certs/vaultwarden.pem /var/lib/vaultwarden/certs; \
+    else \
+        cp /var/lib/vaultwarden/certs/vaultwarden.pem /etc/pki/tls/certs/vaultwarden.pem \
+    ;fi
+
+#Set file permissions and add CA to SSL store
+RUN chmod 440 /etc/pki/tls/private/vaultwarden.key \
+    && chmod 644 /etc/pki/tls/certs/vaultwarden.pem \
+    && chmod 644 /home/admin/.ssl/CA-Vaultwarden.pem \
+    && cp /home/admin/.ssl/CA-Vaultwarden.pem /etc/pki/ca-trust/source/anchors/ \
+    && update-ca-trust
+
+RUN if [ -f  "/home/admin/.ssl/CA-Vaultwarden.key" ]; then \
+        chmod 440 /home/admin/.ssl/CA-Vaultwarden.key \
+    ;fi
+
+RUN clear \
+    && printf  "Install automatic update \n" \
+    && dnf -y install dnf-automatic \
+    && sed -i 's/apply_updates = no/apply_updates = yes/' /etc/dnf/automatic.conf \
+    && mkdir /etc/systemd/system/dnf-automatic-install.timer.d
+
+COPY ./services/timer.conf /etc/systemd/system/dnf-automatic-install.timer.d
+
+#install scripts
+RUN printf  "Install scripts\n" \
+    && mkdir -m 700 -p /opt/scripts
+COPY ./scripts/sql.backup.py /opt/scripts/sql.backup.py
+RUN printf "DB_BACKUP=enabled\n" > /opt/scripts/.env \
+    && chown -R vaultwarden: /opt/scripts \
+    && chmod u+x /opt/scripts/sql.backup.py
+
+#Systemd configuration
+RUN clear \
+    && printf  "Systemd configuration\n" \
+    && mkdir /etc/systemd/system/{httpd.service.d,system.slice.d}
+COPY ./services/vaultwarden.service /etc/systemd/system/vaultwarden.service
+COPY ./services/vaultwarden-httpd.slice /etc/systemd/system/vaultwarden-httpd.slice
+COPY ./services/healthcheck.timer /etc/systemd/system/healthcheck.timer
+COPY ./services/slice.conf /etc/systemd/system/httpd.service.d/slice.conf
+COPY ./services/db-backup.timer /etc/systemd/system/db-backup.timer
+COPY ./services/db-backup.service /etc/systemd/system/db-backup.service
+COPY ./services/memorymax.conf /etc/systemd/system/system.slice.d/memorymax.conf
+RUN chmod 644 /etc/systemd/system/{vaultwarden.service,healthcheck.timer,vaultwarden-httpd.slice,db-backup.timer,db-backup.service} \
+    /etc/systemd/system/httpd.service.d/slice.conf
+RUN systemctl enable vaultwarden.service httpd.service dnf-automatic-install.timer db-backup.timer
+CMD ["/usr/sbin/init"]
+RUN if ! [ -s /etc/pki/tls/certs/localhost.crt ]; then \
+        rm -f /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key \
+        && /usr/libexec/httpd-ssl-gencerts \
+    ;fi
+
+#Used only if Dockerfile is not set by setup
+RUN if [ -z 443 ]; then export HTTPS="443";fi
+EXPOSE 443
+
+#Clean up
+RUN clear \
+    && printf "Clean up\n" \
+    && if [ "${OS}" == "CentOS" ]; then \
+            dnf -y remove gcc-c++ make xz tar squashfs-tools snappy --setopt=clean_requirements_on_remove=1; \
+       else \ 
+            dnf -y remove g++ --setopt=clean_requirements_on_remove=1 \
+       ;fi
+
+
+RUN rm -f /tmp/sh.rustup.rs /tmp/setup_14.x \
+    && rm -rf /tmp/vaultwarden/ /tmp/vault \
+    && yes | ~/.cargo/bin/rustup self uninstall \
+    && rm -rf ~/.config/ ~/.node-gyp/ ~/.npm ~/anaconda-* ~/original-ks.cfg /home/vaultwarden/.npm \
+    && dnf -y remove nodejs git gcc openssl-devel python2 --setopt=clean_requirements_on_remove=1 \
+    && dnf -y autoremove \
+    && dnf clean all \
+    && rm -rf /usr/{share/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive} \
+    && rm -rf /usr/share/{man,doc,info,gnome/help,httpd} \
+    && rm -rf \
+        /tmp/* \
+        /sbin/sln \
+        /var/tmp/* \
+        /usr/share/fonts/* \
+        /usr/share/i18n/* \
+        /usr/share/cracklib/* \
+        /usr/include/* \
+        /usr/local/include/* \
+        /usr/share/sgml/docbook/xsl-stylesheets* \
+        /usr/share/adobe/resources/* \
+    && rm -rf /etc/ld.so.cache /var/cache/ldconfig \
+    && mkdir -p --mode=0755 /var/cache/ldconfig \
+    && rm -rf /var/cache/yum \
+    && mkdir -p --mode=0755 /var/cache/yum
+
+RUN touch /var/lib/vaultwarden/build.completed
+
@@ -6,27 +6,27 @@
 This project want to build a podman container to host a complete solution of [Vaultwarden API][vaultwarden-rs] and a [Web vault][Web-vault]: interface. Which is proxified by an Apache web server and initialized by Systemd in a rootless environment.
 
 - Podman don't need a daemon to run a container 
+- Podman don'need root privileges run a container 
 - Vaultwarden API don't need to be register
 - Web vault can be accessed by mobile client or browser
 
 Make sure you can do the difference between the official clients and the Web Vault powered by Bitwarden Inc and the unofficial Vaultwarden API a fork written in Rust by his author Dani Garcia.
 
-+ Note :
-Due to new denomination of Vaultwarden, I changed named object accordingly.
-
 ## Features
 
-- Support Fedora 34 and CentOS 8 as image containers
+- Support Fedora 35 and CentOS 8 as image containers
 - Vaultwarden and the Web vault are built from sources
 - You can import your own certificates or create a self-signed set
 - Token and password are automatically generated
 - Full automation process
+- Automatic backup of database
+- Settings are preserved between each build
 
 Podman can be used in almost all modern Linux distribution even in [WSL2]. Fedora like (CentOS, Red Hat) or Debian like (Ubuntu, Raspian) are well supported. Running Vaultwarden with its own web server make this solution highly portable and secure because you can run the container without root privileges. System administrators will appreciate the fact that the two services will be handled by systemd with all the capabilities associate to this init manager
 
 > the main goal is to build from scratch all the stuff under you eyes.
 > we pull image container directly from well known repositories
-> https://fr2.rpmfind.net/linux/fedora/linux/releases/34/Container for Fedora
+> https://fr2.rpmfind.net/linux/fedora/linux/releases/35/Container for Fedora
 > https://cloud.centos.org/centos/8/ for CentOS8
 > clone sources from there git repositories
 > All tools are fresh installed
@@ -45,7 +45,6 @@ We use a number of open-source projects to work properly:
 - [node.js] - Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine.
 - [Sass] - Sass is the most mature, stable, and powerful professional grade CSS extension language in the world. 
 - [npm] - npm is the world's largest software registry.
-- [Gulp] A toolkit to automate & enhance your workflow
 
 And of course, This project itself is open source and located on GitHub.
 
@@ -62,7 +61,7 @@ If SELinux is active you need to check if **policycoreutils-python** package is
 #### Built Process:
 ```sh
 git clone https://github.com/vpolaris/Podman-Bitwarden.git
-cd Podman-Bitwarden
+cd Podman-Vaultwarden
 chmod u+x setup.sh; sudo ./setup.sh
 ```
 
@@ -78,6 +77,7 @@ Answer the questions
 + Port number, 443 by default (https)
 + The tag version, this number will be append to the image name
 + Certificate, if you have a set of PEM certificates (CA and web server) and you want to use it to setup the apache server, answer yes and indicate their locations. Only useful to the first run as these certificates will be conserved between each build
++ Enable or disable database backup
 
 At the end of questions, you can start the process immediately or copy the information for a later usage
 
@@ -86,7 +86,7 @@ you can access by default to the vault via
 https://vault.vaultwarden.lan
 or the domain name you provided
 
-[![N|Solid](https://github.com/vpolaris/Podman-Bitwarden/blob/main/docs/vaultwarden_logon_screen.PNG)
+[![N|Solid](https://github.com/vpolaris/Podman-Vaultwarden/blob/main/docs/vaultwarden_logon_screen.PNG)
 
 ## Manage the container
 
@@ -244,7 +244,7 @@ On Linux Platform
 A valid response should be
 ```
 Ncat: Version 7.80 ( https://nmap.org/ncat )
-Ncat: Connected to 192.168.124.219:2443.
+Ncat: Connected to 192.168.xxx.xxx:2443.
 Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
 ```
 In case of  failure
@@ -309,8 +309,8 @@ If something continue to goes wrong check also routing table and third party dev
 I found my inspiration from these web sites
 
 **For Vaultwarden and the vault combined**
-+ https://fiat-tux.fr/2019/01/14/installer-un-serveur-vaultwarden_rs/ 
-+ https://illuad.fr/2020/06/11/install-a-vaultwarden-rs-server.html
++ https://fiat-tux.fr/2019/01/14/installer-un-serveur-bitwarden_rs/ 
++ https://illuad.fr/2020/06/11/install-a-bitwarden-rs-server.html
 
 **Ressource Control Group and Timer**
 + https://medium.com/horrible-hacks/using-systemd-as-a-better-cron-a4023eea996d
@@ -323,7 +323,7 @@ AGPL-3.0 License
 
 [//]: # (These are reference links used in the body of this note and get stripped out when the markdown processor does its job. There is no need to format nicely because it shouldn't be seen. Thanks SO - http://stackoverflow.com/questions/4823468/store-comments-in-markdown-syntax)
 
-   [Web-vault]: https://vaultwarden.com/
+   [Web-vault]: https://bitwarden.com/
    [vaultwarden-rs]: <https://github.com/dani-garcia/vaultwarden/wiki>
    [gcc]: <https://gcc.gnu.org/>
    [npm]: <https://docs.npmjs.com/about-npm>
@@ -337,5 +337,4 @@ AGPL-3.0 License
    [@tjholowaychuk]: <http://twitter.com/tjholowaychuk>
    [express]: <http://expressjs.com>
    [AngularJS]: <http://angularjs.org>
-   [Gulp]: <http://gulpjs.com>
 
@@ -1,6 +1,6 @@
 Listen 8800
 <VirtualHost 127.0.0.1:8800>
-        ServerName  web-monitor:8800
+        ServerName web-monitor:8800
         ServerAlias webmon
         ServerAdmin admin@localhost
         DocumentRoot /var/www/html
@@ -12,4 +12,4 @@ Listen 8800
         Require local localhost
      </Location>
   </IfModule>
-</VirtualHost>
+</VirtualHost>