update
This commit is contained in:
parent
f1fa4a8760
commit
92c3564933
|
@ -51,7 +51,7 @@ So if theres boot menu option choose non-uefi.
|
|||
* choose geographicly close mirror, ctrl+k deletes a line in nano</br>
|
||||
`nano /etc/pacman.d/mirrorlist`
|
||||
* install the base system </br>
|
||||
`pacstrap /mnt linux linux-firmware base base-devel linux linux-firmware grub dhcpcd`
|
||||
`pacstrap /mnt base linux linux-firmware base-devel grub dhcpcd nano`
|
||||
* gnerate fstab</br>
|
||||
`genfstab -U /mnt > /mnt/etc/fstab`
|
||||
* chroot in to the new system</br>
|
||||
|
@ -103,18 +103,33 @@ So if theres boot menu option choose non-uefi.
|
|||
* reboot</br>
|
||||
`reboot`
|
||||
|
||||
# Some packages to install
|
||||
# SSH, ZSH, Docker, and other goodies
|
||||
|
||||
* login as the non root user</br>
|
||||
* install some packages</br>
|
||||
`sudo pacman -S docker docker-compose openssh sshfs git cronie curl`</br>
|
||||
`sudo pacman -S borg zsh vim htop lm_sensors`
|
||||
* install yay for access to AUR packages</br>
|
||||
`git clone https://aur.archlinux.org/yay-bin.git`</br>
|
||||
`cd yay-bin && makepkg -si`</br>
|
||||
`cd .. && rm -rf yay-bin`</br>
|
||||
From now on its login as non-root user.
|
||||
|
||||
# Setup docker
|
||||
### Setup SSH access
|
||||
|
||||
* install openssh package</br>
|
||||
`sudo pacman -S openssh`
|
||||
* edit sshd_config</br>
|
||||
`sudo nano /etc/ssh/sshd_config`</br>
|
||||
*PermitRootLogin prohibit-password*</br>
|
||||
*PasswordAuthentication yes*
|
||||
* enable sshd service</br>
|
||||
`sudo systemctl enable --now sshd`
|
||||
|
||||
### ZSH shell
|
||||
|
||||
I like [Zim](https://github.com/zimfw/zimfw),
|
||||
it's the fastest zsh framework and out of the box setup nicely
|
||||
|
||||
* install zsh package</br>
|
||||
`sudo pacman -S zsh`
|
||||
* change users default shell to zsh</br>
|
||||
`chsh -s /bin/zsh`</br>
|
||||
`curl -fsSL https://raw.githubusercontent.com/zimfw/install/master/install.zsh | zsh`
|
||||
|
||||
### Setup docker
|
||||
|
||||
* have `docker` and `docker-compose` packages installed</br>
|
||||
`sudo pacman -S docker docker-compose`
|
||||
|
@ -124,141 +139,11 @@ So if theres boot menu option choose non-uefi.
|
|||
`sudo gpasswd -a bastard docker`
|
||||
|
||||
|
||||
### Setup SSH access
|
||||
### extra stuff
|
||||
|
||||
* have openssh packages installed
|
||||
`sudo pacman -S openssh`
|
||||
* edit sshd_config
|
||||
`sudo nano /etc/ssh/sshd_config`</br>
|
||||
*change whatever desires*
|
||||
|
||||
### ZSH shell
|
||||
|
||||
I like [Zim](https://github.com/zimfw/zimfw)
|
||||
|
||||
* have zsh package installed
|
||||
* change users default shell to zsh</br>
|
||||
`chsh -s /bin/zsh`
|
||||
`curl -fsSL https://raw.githubusercontent.com/zimfw/install/master/install.zsh | zsh`
|
||||
|
||||
### ZSH shell
|
||||
|
||||
|
||||
|
||||
`arch-chroot /mnt`
|
||||
* install grub</br>
|
||||
`grub-install /dev/sda`</br>
|
||||
`grub-mkconfig -o /boot/grub/grub.cfg`
|
||||
* remove the bootable media and restart the machine</br>
|
||||
`exit`</br>
|
||||
`reboot`
|
||||
|
||||
Caddy v2 is used, details
|
||||
[here](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/caddy_v2).</br>
|
||||
Bitwarden_rs documentation has a
|
||||
[section on reverse proxy.](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples)
|
||||
|
||||
`Caddyfile`
|
||||
```
|
||||
passwd.{$MY_DOMAIN} {
|
||||
header / {
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Frame-Options "DENY"
|
||||
X-Robots-Tag "none"
|
||||
-Server
|
||||
}
|
||||
encode gzip
|
||||
reverse_proxy /notifications/hub/negotiate bitwarden:80
|
||||
reverse_proxy /notifications/hub bitwarden:3012
|
||||
reverse_proxy bitwarden:80
|
||||
}
|
||||
```
|
||||
|
||||
# Forward port 3012 TCP on your router
|
||||
|
||||
[WebSocket](https://youtu.be/2Nt-ZrNP22A) protocol is used for notifications,
|
||||
so that all web based clients can immediatly sync when a change happens on the server.
|
||||
|
||||
* Enviromental variable `WEBSOCKET_ENABLED=true` needs to be set.</br>
|
||||
* Reverse proxy needs to route `/notifications/hub` to port 3012.</br>
|
||||
* Router needs to **forward port 3012** to docker host,
|
||||
same as port 80 and 443 are forwarded.
|
||||
|
||||
To test if websocket works, have the desktop app open
|
||||
and make changes through browser extension, or through the website.
|
||||
Changes should immediatly appear in the desktop app. If it is not working,
|
||||
you need to manually sync for changes to appear.
|
||||
|
||||
# Extra info
|
||||
|
||||
**bitwarden can be managed** at `<url>/admin` and entering `ADMIN_TOKEN`
|
||||
set in the `.env` file. Especially if signups are disabled it is the only way
|
||||
to invite users.
|
||||
|
||||
**push notifications**
|
||||
|
||||
---
|
||||
|
||||
![interface-pic](https://i.imgur.com/5LxEUsA.png)
|
||||
|
||||
# Update
|
||||
|
||||
* [watchtower](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/watchtower) updates the image automaticly
|
||||
|
||||
* manual image update</br>
|
||||
`docker-compose pull`</br>
|
||||
`docker-compose up -d`</br>
|
||||
`docker image prune`
|
||||
|
||||
# Backup and restore
|
||||
|
||||
* **backup** using [BorgBackup setup](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
|
||||
that makes daily snapshot of the entire directory
|
||||
|
||||
* **restore**</br>
|
||||
down the bitwarden container `docker-compose down`</br>
|
||||
delete the entire bitwarden directory</br>
|
||||
from the backup copy back the bitwarden directortory</br>
|
||||
start the container `docker-compose up -d`
|
||||
|
||||
# Backup of just user data
|
||||
|
||||
User-data daily export using the [official procedure.](https://github.com/dani-garcia/bitwarden_rs/wiki/Backing-up-your-vault)</br>
|
||||
For bitwarden_rs it means sqlite database dump and backing up `attachments` directory.</br>
|
||||
|
||||
Daily run of [BorgBackup](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
|
||||
takes care of backing up the directory.
|
||||
So only database dump is needed.
|
||||
The created backup sqlite3 file is overwriten on every run of the script,
|
||||
but that's ok since BorgBackup is making daily snapshots.
|
||||
|
||||
* **create a backup script**</br>
|
||||
placed inside `bitwarden` directory on the host
|
||||
|
||||
`bitwarden-backup-script.sh`
|
||||
```
|
||||
#!/bin/bash
|
||||
|
||||
# CREATE SQLITE BACKUP
|
||||
docker container exec bitwarden sqlite3 /data/db.sqlite3 ".backup '/data/BACKUP.bitwarden.db.sqlite3'"
|
||||
```
|
||||
|
||||
the script must be **executabe** - `chmod +x bitwarden-backup-script.sh`
|
||||
|
||||
* **cronjob** on the host</br>
|
||||
`crontab -e` - add new cron job</br>
|
||||
`0 2 * * * /home/bastard/docker/bitwarden/bitwarden-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
|
||||
`crontab -l` - list cronjobs
|
||||
|
||||
# Restore the user data
|
||||
|
||||
Assuming clean start.
|
||||
|
||||
* start the bitwarden container: `docker-compose up -d`
|
||||
* let it run so it creates its file structure
|
||||
* down the container `docker-compose down`
|
||||
* in `bitwarden/bitwarden-data/`</br>
|
||||
replace `db.sqlite3` with the backup one `BACKUP.bitwarden.db.sqlite3`</br>
|
||||
replace `attachments` directory with the one from the BorgBackup repository
|
||||
* start the container `docker-compose up -d`
|
||||
* `sudo pacman -S git cronie curl borg htop lm_sensors nnn`
|
||||
* install yay for access to AUR packages</br>
|
||||
`git clone https://aur.archlinux.org/yay-bin.git`</br>
|
||||
`cd yay-bin && makepkg -si`</br>
|
||||
`cd .. && rm -rf yay-bin`</br>
|
||||
|
||||
|
|
Loading…
Reference in New Issue