initial

.drone.yml

@@ -0,0 +1,38 @@
+---
+kind: pipeline
+name: deploy to swarm-test.autonomic.zone
+steps:
+  - name: deployment
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    settings:
+      host: swarm-test.autonomic.zone
+      stack: {{ .Name }}
+      generate_secrets: true
+      purge: true
+      deploy_key:
+        from_secret: drone_ssh_swarm_test
+      networks:
+        - proxy
+    environment:
+      DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
+      STACK_NAME: {{ .Name }}
+      LETS_ENCRYPT_ENV: production
+trigger:
+  branch:
+    - main
+---
+kind: pipeline
+name: generate recipe catalogue
+steps:
+  - name: release a new version
+    image: plugins/downstream
+    settings:
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env

@@ -0,0 +1,74 @@
+TYPE=bitwarden
+
+DOMAIN=bitwarden.mirnet.org
+
+LETS_ENCRYPT_ENV=production
+
+BW_DOMAIN=bitwarden.yourdomain.com
+
+# Database
+# Available providers are sqlserver, postgresql, mysql/mariadb, or sqlite
+MARIADB_USER=bitwarden
+MARIADB_PASSWORD=super_strong_password
+MARIADB_DATABASE=bitwarden_vault
+MARIADB_RANDOM_ROOT_PASSWORD=true
+
+BW_DB_PROVIDER=mysql
+BW_DB_SERVER=db
+BW_DB_DATABASE=${MARIADB_DATABASE}
+BW_DB_USERNAME=${MARIADB_USER}
+BW_DB_PASSWORD=${MARIADB_PASSWORD}
+
+# Installation information
+# Get your ID and key from https://bitwarden.com/host/
+BW_INSTALLATION_ID=3945ab79-a16a-4731-bb5c-b1fd01537a20
+BW_INSTALLATION_KEY=oaqly2vwVoSrK7VM7CbW
+
+###################################################################
+# Optional Settings (none have been validated to work with recipe #
+###################################################################
+
+# Container user ID/group ID
+#PUID=1000
+#PGID=1000
+
+# Webserver ports
+#BW_PORT_HTTP=8080
+#BW_PORT_HTTPS=8443
+
+# SSL
+#BW_ENABLE_SSL=true
+#BW_ENABLE_SSL_CA=true
+#BW_SSL_CERT=ssl.crt
+#BW_SSL_KEY=ssl.key
+#BW_SSL_CA_CERT=ca.crt
+
+# Services
+# Some services, namely for enterprise use cases, are disabled by default. Defaults shown below.
+#BW_ENABLE_ADMIN=true
+#BW_ENABLE_API=true
+#BW_ENABLE_EVENTS=false
+#BW_ENABLE_ICONS=true
+#BW_ENABLE_IDENTITY=true
+#BW_ENABLE_NOTIFICATIONS=true
+#BW_ENABLE_SCIM=false
+#BW_ENABLE_SSO=false
+
+#BW_ICONS_PROXY_TO_CLOUD=false
+
+# Mail
+#globalSettings__mail__replyToEmail=noreply@$BW_DOMAIN
+#globalSettings__mail__smtp__host=smtphost.example.com
+#globalSettings__mail__smtp__port=587
+#globalSettings__mail__smtp__ssl=false
+#globalSettings__mail__smtp__username=smtpusername
+#globalSettings__mail__smtp__password=smtppassword
+
+# Yubikey
+#globalSettings__yubico__clientId=REPLACE
+#globalSettings__yubico__key=REPLACE
+
+# Other
+#globalSettings__disableUserRegistration=false
+#globalSettings__hibpApiKey=REPLACE
+#adminSettings__admins=admin1@email.com,admin2@email.com

.env.sample

@@ -0,0 +1,8 @@
+TYPE=bitwarden
+
+DOMAIN=bitwarden.example.com
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.bitwarden.example.com`'
+
+LETS_ENCRYPT_ENV=production

.gitignore

@@ -0,0 +1 @@
+.envrc

README.md

@@ -0,0 +1,24 @@
+# bitwarden
+
+> One line description of the recipe
+
+<!-- metadata -->
+
+* **Category**: Apps
+* **Status**: 0
+* **Image**: [`bitwarden`](https://hub.docker.com/r/bitwarden), 4, upstream
+* **Healthcheck**: No
+* **Backups**: No
+* **Email**: No
+* **Tests**: No
+* **SSO**: No
+
+<!-- endmetadata -->
+
+## Quick start
+
+* `abra app new bitwarden --secrets`
+* `abra app config <app-name>`
+* `abra app deploy <app-name>`
+
+For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).

compose.yml

@@ -0,0 +1,52 @@
+---
+version: "3.8"
+
+services:
+  bitwarden:
+    image: bitwarden/self-host:beta
+    container_name: bw-unified
+    depends_on:
+      - bw-unified-db
+    env_file:
+      - .env
+    networks:
+      - proxy
+    volumes:
+      - bw:/etc/bitwarden
+    deploy:
+      restart_policy:
+        condition: always
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        ## Redirect from EXTRA_DOMAINS to DOMAIN
+        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.version="
+#    healthcheck:
+#      test: ["CMD", "curl", "-f", "http://localhost"]
+#      interval: 30s
+#      timeout: 10s
+#      retries: 10
+#      start_period: 1m
+
+  bitwarden-db:
+    image: mariadb:10
+    container_name: bw-unified-db
+    env_file:
+      - .env
+    volumes:
+      - bw-db:/var/lib/mysql
+    restart: always
+
+volumes:
+  bw-db:
+  bw:
+
+networks:
+  proxy:
+    external: true