use config.json for settings

master
Girish Ramakrishnan 11 months ago
parent f19e54e90b
commit 7de942dcc2
  1. 2
      Dockerfile
  2. 27
      config.json.template
  3. 73
      start.sh

@ -36,7 +36,7 @@ RUN echo "Listen 8000" > /etc/apache2/ports.conf
COPY supervisor/ /etc/supervisor/conf.d/
RUN sed -e 's,^logfile=.*$,logfile=/run/supervisord.log,' -i /etc/supervisor/supervisord.conf
COPY start.sh /app/pkg/
COPY config.json.template start.sh /app/pkg/
CMD [ "/app/pkg/start.sh" ]

@ -0,0 +1,27 @@
{
"domain": "",
"ip_header": "X-Forwarded-For",
"_enable_smtp": true,
"smtp_host": "mail",
"smtp_ssl": false,
"smtp_explicit_tls": false,
"smtp_port": 2525,
"smtp_from": "",
"smtp_from_name": "Vaultwarden",
"smtp_username": "",
"smtp_password": "",
"smtp_auth_mechanism": "Plain",
"smtp_timeout": 15,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"admin_token": "",
"disable_admin_token": false,
"signups_domains_whitelist": "",
"signups_allowed": true,
"invitations_allowed": true,
"invitation_org_name": "Vaultwarden"
}

@ -4,15 +4,14 @@ set -eu
mkdir -p /run/vaultwarden
# Vaultwarden sources from environment. The admin page, when visited, also generates config.json which overrides
# the env vars - https://github.com/dani-garcia/vaultwarden/wiki/Configuration-overview . Some values are however
# readonly and can only be set as env var. We use config.json whenever possible to keep things in sync
if [[ ! -f /app/data/config.env ]]; then
cat <<EOT > /app/data/config.env
# Export vaultwarden environment variables here to ovveride the defaults
#export SIGNUPS_ALLOWED=false
#export INVITATIONS_ALLOWED=true
# To only allow users with the same email domain as where the app is installed:
#export SIGNUPS_DOMAINS_WHITELIST=${CLOUDRON_MAIL_DOMAIN}
cat <<EOT > /app/data/config.env
# Export "readonly" vaultwarden environment variables here to ovveride the defaults.
# Vaultwarden has a admin UI to edit most config variables (config.json)
# Only edit this file, if the value is "read only" the admin interface
export LOG_LEVEL=info
EOT
@ -20,37 +19,47 @@ fi
source /app/data/config.env
echo "=> Exporting env vars expected by Bitwarden"
export SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-true}
export DOMAIN=$CLOUDRON_APP_ORIGIN
export SMTP_HOST=$CLOUDRON_MAIL_SMTP_SERVER
export SMTP_FROM=$CLOUDRON_MAIL_FROM
export SMTP_FROM_NAME=${CLOUDRON_MAIL_FROM}
export SMTP_PORT=$CLOUDRON_MAIL_SMTP_PORT
export SMTP_SSL=false
export SMTP_EXPLICIT_TLS=false
export SMTP_USERNAME=$CLOUDRON_MAIL_SMTP_USERNAME
export SMTP_PASSWORD=$CLOUDRON_MAIL_SMTP_PASSWORD
export SMTP_AUTH_MECHANISM="Plain"
export SMTP_TIMEOUT=15
echo "=> Exporting env vars expected by Vaultwarden"
export DATABASE_URL=$CLOUDRON_MYSQL_URL
export ENABLE_DB_WAL=false
export LOG_FILE=/run/vaultwarden/vaultwarden.log
export WEBSOCKET_ENABLED=true
export DATA_FOLDER=/app/data
export CONFIG_FILE=/app/data/config.json # defaults to DATA_FOLDER/config.json but being explicit
# these are used by the Rocket web framework. apache proxies to this
export ROCKET_ENV=staging
export ROCKET_PORT=3000
export ROCKET_WORKERS=10
export DATA_FOLDER=/app/data
export CONFIG_FILE=/app/data/config.json
export RUST_BACKTRACE=1
export WEBSOCKET_ENABLED=true
export LOG_FILE=/run/vaultwarden/vaultwarden.log
export IP_HEADER=X-Forwarded-For
# Generate admin token if it doesn't exist
if [[ ! -f /app/data/admin_token ]]; then
pwgen -1 48 -s > /app/data/admin_token
export RUST_BACKTRACE=1 # used by rust
[[ ! -f /app/data/config.json ]] && cp /app/pkg/config.json.template /app/data/config.json
cat $CONFIG_FILE |
jq ".domain = \"${CLOUDRON_APP_ORIGIN}\"" | \
jq ".ip_header = \"X-Forwarded-For\"" |
sponge $CONFIG_FILE
# email
cat $CONFIG_FILE |
jq ".smtp_host = \"${CLOUDRON_MAIL_SMTP_SERVER}\"" | \
jq ".smtp_from = \"${CLOUDRON_MAIL_FROM}\"" | \
jq ".smtp_port = ${CLOUDRON_MAIL_SMTP_PORT}" | \
jq ".smtp_username = \"${CLOUDRON_MAIL_SMTP_USERNAME}\"" | \
jq ".smtp_password = \"${CLOUDRON_MAIL_SMTP_PASSWORD}\"" | \
jq ".smtp_auth_mechanism = \"Plain\"" | \
jq ".smtp_ssl = false" | \
jq ".smtp_explicit_tls = false" | \
sponge $CONFIG_FILE
# admin key
if [[ "$(jq -r .admin_token ${CONFIG_FILE})" == "" ]]; then
echo "=> Generating new admin token"
admin_token=$(pwgen -1 48 -s)
jq ".admin_token = \"$admin_token\"" ${CONFIG_FILE} | sponge ${CONFIG_FILE}
fi
export ADMIN_TOKEN=$(cat /app/data/admin_token)
echo "=> Admin token: ${ADMIN_TOKEN}"
rm -f /app/data/admin_token # remove old token
chown -R cloudron:cloudron /run/vaultwarden /app/data

Loading…
Cancel
Save