Initial commit

.config.sample.env

@@ -0,0 +1,88 @@
+#
+# E-mail settings
+#
+
+# Your domain name without protocol
+# If you don't have your own domain (highly recommended)
+# comment this out for first deployment, add your fly.dev domain here
+# then reset your secrets and redeploy your app (untested)
+DOMAIN_NAME=vw.example.com
+
+# An account name used in msmtp config
+# can be any single word that represents your smtp host
+SMTP_ACCOUNT=account
+
+# the e-mail address used to send e-mails from both vaultwarden and restic
+SMTP_FROM=vw@example.com
+
+# the e-mail address to notify on case of restic backup failure
+SMTP_TO=me@example.com
+
+# Your SMPT host settings
+# Check https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration
+# for some examples
+SMTP_HOST=smtp.example.com
+SMTP_PORT=123
+SMTP_USERNAME=user
+SMTP_PASSWORD=pass
+# SMTP_SECURITY=starttls
+# SMTP_AUTH_MECHANISM="Login"
+
+#
+# Restic settings
+#
+
+# Your restic repository location
+# You don't need to initialize this repo beforehand
+RESTIC_REPOSITORY=repo
+
+# Your restic repo password
+RESTIC_PASSWORD=pass
+
+# If using S3 (or B2, wasabi, Minio) you'll need those
+# Your S3 Access Key
+# AWS_ACCESS_KEY_ID=key
+
+# Your S3 Secret Key
+# AWS_SECRET_ACCESS_KEY=secret
+
+#
+# Vaultwarden settings
+#
+
+# You can read more about vaultwarden environment variables here
+# https://github.com/dani-garcia/vaultwarden/wiki/Configuration-overview#configuration-options
+
+# Check https://github.com/dani-garcia/vaultwarden/wiki/Configuration-overview#setting-the-domain-url
+# If you don't have your own domain (highly recommended)
+# comment this out for first deployment, add your fly.dev domain here
+# then reset your secrets and redeploy your app (untested)
+DOMAIN=https://vw.example.com
+
+# Check https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users
+# SIGNUPS_ALLOWED=false
+
+# Check https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users#restricting-registrations-to-certain-email-domains
+# SIGNUPS_DOMAINS_WHITELIST=example.com
+
+# Check https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users#restricting-registrations-to-certain-email-domains
+# SIGNUPS_VERIFY=true
+
+# Check https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations
+# INVITATIONS_ALLOWED=false
+
+# This is commented by default, because I strongly advise setting this only when needed
+# Make sure you read the link below to understand the consequences and to secure the token
+# https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page
+# ADMIN_TOKEN=secure-token
+
+# Check https://github.com/dani-garcia/vaultwarden/blob/e7f083dee9743bfe4937f5c8149fa9d8383edb96/.env.template#L261-L267
+# ORG_CREATION_USERS=admin@example.com
+
+# Check https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#disable-password-hint-display
+# SHOW_PASSWORD_HINT=false
+
+# Check https://github.com/dani-garcia/vaultwarden/wiki/Enabling-WebSocket-notifications
+# You don't need to do any additional configuration, as the template
+# already uses Caddy to configure the websocket proxy
+WEBSOCKET_ENABLED=true

.github/renovate.json5

@@ -0,0 +1,34 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base",
+    "docker:enableMajor",
+    ":disableRateLimiting",
+    ":dependencyDashboard",
+    ":semanticCommits",
+    ":enablePreCommit",
+    ":automergeDigest",
+    ":automergeBranch",
+    "github>arthurgeek/vaultwarden-fly-template//.github/renovate/autoMerge.json5",
+    "github>arthurgeek/vaultwarden-fly-template//.github/renovate/commitMessage.json5",
+    "github>arthurgeek/vaultwarden-fly-template//.github/renovate/labels.json5",
+    "github>arthurgeek/vaultwarden-fly-template//.github/renovate/semanticCommits.json5",
+    "helpers:pinGitHubActionDigests"
+  ],
+  "dependencyDashboard": true,
+  "dependencyDashboardTitle": "Renovate Dashboard 🤖",
+  "suppressNotifications": ["prIgnoreNotification"],
+  "rebaseWhen": "conflicted",
+  "schedule": ["every saturday"],
+  "pre-commit": {
+    "enabled": true
+  },
+  "regexManagers": [
+    {
+      "fileMatch": ["^Dockerfile$"],
+      "matchStrings": [
+        "datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\sARG .*?_VERSION=(?<currentValue>v.*)\\s"
+      ]
+    }
+  ]
+}

.github/renovate/autoMerge.json5

@@ -0,0 +1,21 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "description": "Auto merge GitHub Actions",
+      "matchManagers": ["github-actions"],
+      "automerge": true,
+      "automergeType": "branch",
+      "ignoreTests": true,
+      "matchUpdateTypes": ["minor", "patch", "digest"]
+    },
+    {
+      "description": "Auto merge container digests",
+      "matchDatasources": ["docker"],
+      "automerge": true,
+      "automergeType": "branch",
+      "ignoreTests": true,
+      "matchUpdateTypes": ["digest"]
+    }
+  ]
+}

.github/renovate/commitMessage.json5

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "commitMessageTopic": "{{depName}}",
+  "commitMessageExtra": "to {{newVersion}}",
+  "commitMessageSuffix": "",
+  "packageRules": [
+    {
+      "matchDatasources": ["docker"],
+      "commitMessageTopic": "image {{depName}}"
+    }
+  ]
+}

.github/renovate/labels.json5

@@ -0,0 +1,29 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "matchUpdateTypes": ["major"],
+      "labels": ["type/major"]
+    },
+    {
+      "matchUpdateTypes": ["minor"],
+      "labels": ["type/minor"]
+    },
+    {
+      "matchUpdateTypes": ["patch"],
+      "labels": ["type/patch"]
+    },
+    {
+      "matchDatasources": ["docker"],
+      "addLabels": ["renovate/container"]
+    },
+    {
+      "matchDatasources": ["github-releases", "github-tags"],
+      "addLabels": ["renovate/github-release"]
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "addLabels": ["renovate/github-action"]
+    }
+  ]
+}

.github/renovate/semanticCommits.json5

@@ -0,0 +1,62 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["major"],
+      "commitMessagePrefix": "feat(container)!: "
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["minor"],
+      "semanticCommitType": "feat",
+      "semanticCommitScope": "container"
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["patch"],
+      "semanticCommitType": "fix",
+      "semanticCommitScope": "container"
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["digest"],
+      "semanticCommitType": "chore",
+      "semanticCommitScope": "container"
+    },
+    {
+      "matchDatasources": ["github-releases", "github-tags"],
+      "matchUpdateTypes": ["major"],
+      "commitMessagePrefix": "feat(github-release)!: "
+    },
+    {
+      "matchDatasources": ["github-releases", "github-tags"],
+      "matchUpdateTypes": ["minor"],
+      "semanticCommitType": "feat",
+      "semanticCommitScope": "github-release"
+    },
+    {
+      "matchDatasources": ["github-releases", "github-tags"],
+      "matchUpdateTypes": ["patch"],
+      "semanticCommitType": "fix",
+      "semanticCommitScope": "github-release"
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["major"],
+      "commitMessagePrefix": "feat(github-action)!: "
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor"],
+      "semanticCommitType": "feat",
+      "semanticCommitScope": "github-action"
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["patch"],
+      "semanticCommitType": "fix",
+      "semanticCommitScope": "github-action"
+    }
+  ]
+}

.github/workflows/publish.yaml

@@ -0,0 +1,49 @@
+---
+name: Publish container
+
+on:
+  workflow_dispatch: {}
+  push:
+    tags:
+      - "*"
+    branches:
+      - main
+    paths:
+      - DOCKERFILE
+      - config/**
+      - scripts/**
+
+jobs:
+  build-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Login to ghcr
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Container meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw, value=latest, enable={{is_default_branch}}
+            type=semver, pattern={{version}}
+            type=ref, event=branch
+            type=ref, event=tag
+            type=ref, event=pr
+
+      - name: Build and push to ghcr
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -0,0 +1 @@
+.config.env

.taskfiles/Fly.yaml

@@ -0,0 +1,7 @@
+---
+version: "3"
+
+includes:
+  app: FlyApp.yaml
+  volume: FlyVolume.yaml
+  secrets: FlySecrets.yaml

.taskfiles/FlyApp.yaml

@@ -0,0 +1,22 @@
+---
+version: "3"
+
+includes:
+  logs: FlyLogs.yaml
+
+tasks:
+  create:
+    cmds:
+      - |
+        fly_app=$(fly apps create --generate-name 2>&1 | tee /dev/tty)
+        echo $fly_app | awk -F 'New app created:\ ' '{print "\n# Fly app name\nFLY_APP="$2}' >> .config.env
+    silent: true
+  destroy:
+    cmds:
+      - fly apps destroy {{.FLY_APP}}
+  deploy:
+    cmds:
+      - fly deploy -a {{.FLY_APP}}
+  ssh:
+    cmds:
+      - fly ssh console -a {{.FLY_APP}}

.taskfiles/FlyLogs.yaml

@@ -0,0 +1,10 @@
+---
+version: "3"
+
+tasks:
+  default:
+    cmds:
+      - fly logs -a {{.FLY_APP}}
+  web:
+    cmds:
+      - open https://fly.io/apps/{{.FLY_APP}}/monitoring

.taskfiles/FlySecrets.yaml

@@ -0,0 +1,7 @@
+---
+version: "3"
+
+tasks:
+  set:
+    cmds:
+      - cat .config.env | fly secrets import -a {{.FLY_APP}}

.taskfiles/FlyVolume.yaml

@@ -0,0 +1,7 @@
+---
+version: "3"
+
+tasks:
+  create:
+    cmds:
+      - fly volumes create vw_data --size 1 -a {{.FLY_APP}}