This repository has been archived by the owner on Aug 29, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathupdate.sh
127 lines (100 loc) · 3.41 KB
/
update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#### Thanks to wh1te909 who I stole (or got inspiration) alot of this script from (first script I have ever written)
#### and https://pieterhollander.nl/post/bitwarden/ which I followed the steps and converted them to a script
#check if running on ubuntu 20.04
UBU22=$(grep 22.04 "/etc/"*"release")
if ! [[ $UBU22 ]]; then
echo -ne "\033[0;31mThis script will only work on Ubuntu 20.04\e[0m\n"
exit 1
fi
#Ensure not running as root
if [ $EUID -eq 0 ]; then
echo -ne "\033[0;31mDo NOT run this script as root. Exiting.\e[0m\n"
exit 1
fi
#Username
echo -ne "Enter your created username if you havent done this please do it now, use ctrl+c to cancel this script and do it${NC}: "
read username
#Check Sudo works
if [[ "$EUID" != 0 ]]; then
sudo -k # make sure to ask for password on next sudo
if sudo true; then
echo "Password ok"
else
echo "Aborting script"
exit 1
fi
fi
echo "Running Script"
#Clean up old folders
rm -rf ~/bitwarden_rs ~/web ~/vaultwarden ~/bw_web*.tar.gz
#Check if showing as bitwardenrs and rename to vaultwarden
if [ -d "/opt/vaultwarden/" ]; then
echo "Already running as vaultwarden nothing to do"
else
echo "Migrating to vaultwarden"
sudo systemctl stop bitwarden
sudo mv /opt/bitwardenrs /opt/vaultwarden
sudo mv /etc/bitwardenrs /etc/vaultwarden
sudo mv /etc/vaultwarden/bitwardenrs.conf /etc/vaultwarden/vaultwarden.conf
sudo rm /etc/systemd/system/bitwarden.service
sudo touch /etc/systemd/system/vaultwarden.service
sudo chown ${username}:${username} -R /etc/systemd/system/vaultwarden.service
#Set vaultwarden Service File
vaultwardenservice="$(cat << EOF
[Unit]
Description=Vaultwarden server
After=network.target auditd.service
[Service]
RestartSec=2s
Type=simple
User=${username}
Group=${username}
EnvironmentFile=/etc/vaultwarden/vaultwarden.conf
WorkingDirectory=/opt/vaultwarden/
ExecStart=/opt/vaultwarden/vaultwarden
Restart=always
# Isolate vaultwarden from the rest of the system
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
NoNewPrivileges=true
ProtectSystem=strict
# Only allow writes to the following directory
ReadWritePaths=/opt/vaultwarden/data/ /var/log/bitwardenrs/error.log
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
[Install]
WantedBy=multi-user.target
EOF
)"
echo "${vaultwardenservice}" > /etc/systemd/system/vaultwarden.service
sudo systemctl unmask vaultwarden.service
sudo systemctl daemon-reload
sudo systemctl enable vaultwarden
sudo systemctl start vaultwarden
fi
#Upgrade Rust
curl https://sh.rustup.rs -sSf | sh
source $HOME/.cargo/env
#Compile vaultwarden
git clone https://github.com/dani-garcia/vaultwarden.git
cd vaultwarden/
git checkout
cargo build --features sqlite --release
cd ..
#Download precompiled webvault
VWRELEASE=$(curl -s https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest \
| grep "tag_name" \
| awk '{print substr($2, 2, length($2)-3) }') \
wget https://github.com/dani-garcia/bw_web_builds/releases/download/$VWRELEASE/bw_web_$VWRELEASE.tar.gz
tar -xzf bw_web_$VWRELEASE.tar.gz
#Apply Updates and restart Bitwarden_RS
sudo systemctl stop vaultwarden.service
sudo cp -r ~/vaultwarden/target/release/vaultwarden /opt/vaultwarden
sudo rm -rf /opt/vaultwarden/web-vault
sudo mv ~/web-vault /opt/vaultwarden/web-vault
sudo chown -R ${username}:${username} /opt/vaultwarden
sudo systemctl start vaultwarden.service
#restart nginx
sudo service nginx restart