forked from dinger1986/bitwardenrs_install_script
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupdate.sh
136 lines (107 loc) · 3.59 KB
/
update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#### Thanks to wh1te909 who I stole (or got inspiration) alot of this script from (first script I have ever written)
#### and https://pieterhollander.nl/post/bitwarden/ which I followed the steps and converted them to a script
#check if running on ubuntu 22.04
UBU22=$(grep 22.04 "/etc/"*"release")
if ! [[ $UBU22 ]]; then
echo -ne "\033[0;31mThis script will only work on Ubuntu 22.04\e[0m\n"
exit 1
fi
#Ensure not running as root
if [ $EUID -eq 0 ]; then
echo -ne "\033[0;31mDo NOT run this script as root. Exiting.\e[0m\n"
exit 1
fi
#Username
echo -ne "Enter your created username if you havent done this please do it now, use ctrl+c to cancel this script and do it${NC}: "
read username
#Check Sudo works
if [[ "$EUID" != 0 ]]; then
sudo -k # make sure to ask for password on next sudo
if sudo true; then
echo "Password ok"
else
echo "Aborting script"
exit 1
fi
fi
echo "Running Script"
#Clean up old folders
rm -rf ~/bitwarden_rs ~/web ~/vaultwarden ~/bw_web*.tar.gz
#Check if showing as bitwardenrs and rename to vaultwarden
if [ -d "/opt/vaultwarden/" ]; then
echo "Already running as vaultwarden nothing to do"
else
echo "Migrating to vaultwarden"
sudo systemctl stop bitwarden
sudo mv /opt/bitwardenrs /opt/vaultwarden
sudo mv /etc/bitwardenrs /etc/vaultwarden
sudo mv /etc/vaultwarden/bitwardenrs.conf /etc/vaultwarden/vaultwarden.conf
sudo rm /etc/systemd/system/bitwarden.service
sudo touch /etc/systemd/system/vaultwarden.service
sudo chown ${username}:${username} -R /etc/systemd/system/vaultwarden.service
#Set vaultwarden Service File
vaultwardenservice="$(cat << EOF
[Unit]
Description=Vaultwarden server
After=network.target auditd.service
[Service]
RestartSec=2s
Type=simple
User=${username}
Group=${username}
EnvironmentFile=/etc/vaultwarden/vaultwarden.conf
WorkingDirectory=/opt/vaultwarden/
ExecStart=/opt/vaultwarden/vaultwarden
Restart=always
# Isolate vaultwarden from the rest of the system
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
NoNewPrivileges=true
ProtectSystem=strict
# Only allow writes to the following directory
ReadWritePaths=/opt/vaultwarden/data/ /var/log/bitwardenrs/error.log
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
[Install]
WantedBy=multi-user.target
EOF
)"
echo "${vaultwardenservice}" > /etc/systemd/system/vaultwarden.service
sudo systemctl unmask vaultwarden.service
sudo systemctl daemon-reload
sudo systemctl enable vaultwarden
sudo systemctl start vaultwarden
fi
#Upgrade Rust
curl https://sh.rustup.rs -sSf | sh
source $HOME/.cargo/env
#Compile vaultwarden
git clone https://github.com/dani-garcia/vaultwarden.git
cd vaultwarden/
git checkout
cargo build --features sqlite --release
cd ..
#Download precompiled webvault
VWRELEASE=$(curl -s https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest \
| grep "tag_name" \
| awk '{print substr($2, 2, length($2)-3) }') \
wget https://github.com/dani-garcia/bw_web_builds/releases/download/$VWRELEASE/bw_web_$VWRELEASE.tar.gz
tar -xzf bw_web_$VWRELEASE.tar.gz
#Apply Updates and restart Bitwarden_RS
sudo systemctl stop vaultwarden.service
sudo cp -r ~/vaultwarden/target/release/vaultwarden /opt/vaultwarden
sudo rm -rf /opt/vaultwarden/web-vault
sudo mv ~/web-vault /opt/vaultwarden/web-vault
sudo chown -R ${username}:${username} /opt/vaultwarden
sudo systemctl start vaultwarden.service
#restart nginx
sudo service nginx restart
#Set CRON for maintenence reboots
vaultwardencron="$(cat << EOF
0 0 1 0 * root /usr/sbin/reboot
EOF
)"
echo "${vaultwardencron}" | sudo tee -a /etc/crontab
echo "Update complete!"