Merge pull request #3455 from nextcloud/enh/noid/add-vaultwarden

nextcloud · Sep 29, 2023 · 3697045 · 3697045
2 parents 9d640fa + 1fda79c
commit 3697045
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 1 deletion.
diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
@@ -19,6 +19,11 @@
                     "source": "nextcloud_aio_nextcloud",
                     "destination": "/nextcloud",
                     "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_vaultwarden_logs",
+                    "destination": "/vaultwarden",
+                    "writeable": false
                 }
             ]
         }

diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
@@ -1,5 +1,5 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, if installed.
 
 ### Notes
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.

diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
@@ -6,6 +6,7 @@ This container bundles Plex and auto-configures it for you.
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
 - After adding and starting the container, you need to visit http://ip.address.of.server:32400 in order to claim your server with a plex account
+- The data of Plex will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
 
 ### Repository

diff --git a/community-containers/vaultwarden/readme.md b/community-containers/vaultwarden/readme.md
@@ -0,0 +1,16 @@
+## Vaultwarden
+This container bundles vaultwarden and auto-configures it for you.
+
+### Notes
+- You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples
+- Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
+- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
+- The data of Vaultwarden will be automatically included in AIOs backup solution!
+- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-vaultwarden | grep ADMIN_TOKEN`. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/dani-garcia/vaultwarden
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/vaultwarden/vaultwarden.json b/community-containers/vaultwarden/vaultwarden.json
@@ -0,0 +1,47 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-vaultwarden",
+            "display_name": "Vaultwarden",
+            "image": "vaultwarden/server",
+            "image_tag": "alpine",
+            "internal_port": "8812",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "%APACHE_IP_BINDING%",
+                  "port_number": "8812",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "ROCKET_PORT=8812",
+                "ADMIN_TOKEN=%VAULTWARDEN_ADMIN_TOKEN%",
+                "DOMAIN=https://bw.%NC_DOMAIN%",
+                "LOG_FILE=/logs/vaultwarden.log",
+                "LOG_LEVEL=warn",
+                "SIGNUPS_VERIFY=true",
+                "SIGNUPS_ALLOWED=false"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_vaultwarden",
+                    "destination": "/data",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_vaultwarden_logs",
+                    "destination": "/logs",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_vaultwarden"
+            ],
+            "secrets": [
+                "VAULTWARDEN_ADMIN_TOKEN"
+            ]
+        }
+    ]
+}