From 26f691527093f082da646190cd7d5ed6813fe49e Mon Sep 17 00:00:00 2001
From: Greizgh <greizgh@ephax.org>
Date: Tue, 26 Mar 2019 18:22:31 +0100
Subject: [PATCH] Initial packaging

---
 .gitignore                  |   2 +
 Dockerfile                  |  85 ++++++++++++++++++++++++
 build.sh                    |  16 +++++
 debian/bitwarden_rs.service |  13 ++++
 debian/conffiles            |   2 +
 debian/config.env           | 124 ++++++++++++++++++++++++++++++++++++
 debian/control              |   6 ++
 debian/postinst             |   2 +
 8 files changed, 250 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 Dockerfile
 create mode 100755 build.sh
 create mode 100644 debian/bitwarden_rs.service
 create mode 100644 debian/conffiles
 create mode 100644 debian/config.env
 create mode 100644 debian/control
 create mode 100755 debian/postinst

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a7210e0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+git
+build/
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..0fe7bdd
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,85 @@
+# Using multistage build: 
+# 	https://docs.docker.com/develop/develop-images/multistage-build/
+# 	https://whitfin.io/speeding-up-rust-docker-builds/
+####################### VAULT BUILD IMAGE  #######################
+FROM alpine as vault
+
+ENV VAULT_VERSION "v2.9.0"
+
+ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
+
+RUN apk add --update-cache --upgrade \
+    curl \
+    tar
+
+RUN mkdir /web-vault
+WORKDIR /web-vault
+
+RUN curl -L $URL | tar xz
+RUN ls
+
+
+########################## BUILD IMAGE  ##########################
+# We need to use the Rust build image, because
+# we need the Rust compiler and Cargo tooling
+FROM rust as build
+
+# Using bundled SQLite, no need to install it
+# RUN apt-get update && apt-get install -y\
+#    sqlite3\
+#    --no-install-recommends\
+# && rm -rf /var/lib/apt/lists/*
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
+WORKDIR /app
+
+# Copies over *only* your manifests and build files
+COPY git/Cargo.* ./
+COPY git/rust-toolchain ./rust-toolchain
+COPY git/build.rs ./build.rs
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --release
+RUN find . -not -path "./target*" -delete
+
+# Copies the complete project
+# To avoid copying unneeded files, use .dockerignore
+COPY git .
+
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
+RUN cargo build --release
+
+######################## PACKAGING IMAGE  ########################
+# Create a new stage with a minimal image
+# because we already have a binary built
+FROM debian:stretch-slim
+
+# Create package directory
+RUN mkdir -p /bitwarden_package/DEBIAN
+RUN mkdir -p /bitwarden_package/usr/local/bin
+RUN mkdir -p /bitwarden_package/usr/lib/systemd/system
+RUN mkdir -p /bitwarden_package/etc/bitwarden_rs
+RUN mkdir -p /bitwarden_package/usr/share/bitwarden_rs
+
+WORKDIR /bitwarden_package
+
+# Copies the files from the context (Rocket.toml file and web-vault)
+# and the binary from the "build" stage to the current stage
+COPY debian/control /bitwarden_package/DEBIAN/control
+COPY debian/postinst /bitwarden_package/DEBIAN/postinst
+COPY debian/conffiles /bitwarden_package/DEBIAN/conffiles
+COPY git/Rocket.toml /bitwarden_package/etc/bitwarden_rs
+COPY debian/config.env /bitwarden_package/etc/bitwarden_rs
+COPY debian/bitwarden_rs.service /bitwarden_package/usr/lib/systemd/system
+COPY --from=vault /web-vault /bitwarden_package/usr/share/bitwarden_rs/web-vault
+COPY --from=build app/target/release/bitwarden_rs /bitwarden_package/usr/local/bin
+
+# Create the package
+RUN dpkg-deb --build . bitwarden-rs.deb
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..f25a2ab
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ -d "$1/git" ]; then
+  cd "$1/git" || exit
+  git pull
+  cd - || exit
+else
+  git clone https://github.com/dani-garcia/bitwarden_rs.git "$1/git"
+fi
+docker build -t bitwarden-deb "$1"
+CID=$(docker run -d bitwarden-deb)
+mkdir -p "$1/build"
+docker cp "$CID":/bitwarden_package/bitwarden-rs.deb "$1/build"
+docker rm "$CID"
diff --git a/debian/bitwarden_rs.service b/debian/bitwarden_rs.service
new file mode 100644
index 0000000..43523f1
--- /dev/null
+++ b/debian/bitwarden_rs.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Bitwarden API server
+After=network.target
+
+[Service]
+Type=simple
+User=bitwarden
+ExecStart=/usr/local/bin/bitwarden_rs
+WorkingDirectory=/etc/bitwarden_rs
+EnvironmentFile=/etc/bitwarden_rs/config.env
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/conffiles b/debian/conffiles
new file mode 100644
index 0000000..32b7421
--- /dev/null
+++ b/debian/conffiles
@@ -0,0 +1,2 @@
+/etc/bitwarden_rs/Rocket.toml
+/etc/bitwarden_rs/config.env
diff --git a/debian/config.env b/debian/config.env
new file mode 100644
index 0000000..c2ebe47
--- /dev/null
+++ b/debian/config.env
@@ -0,0 +1,124 @@
+## Bitwarden_RS Configuration File
+## Uncomment any of the following lines to change the defaults
+
+## Main data folder
+DATA_FOLDER=/var/lib/bitwarden_rs
+
+## Individual folders, these override %DATA_FOLDER%
+# DATABASE_URL=data/db.sqlite3
+# RSA_KEY_FILENAME=data/rsa_key
+# ICON_CACHE_FOLDER=data/icon_cache
+# ATTACHMENTS_FOLDER=data/attachments
+
+## Templates data folder, by default uses embedded templates
+## Check source code to see the format
+# TEMPLATES_FOLDER=/path/to/templates
+## Automatically reload the templates for every request, slow, use only for development
+# RELOAD_TEMPLATES=false
+
+## Cache time-to-live for successfully obtained icons, in seconds (0 is "forever")
+# ICON_CACHE_TTL=2592000
+## Cache time-to-live for icons which weren't available, in seconds (0 is "forever")
+# ICON_CACHE_NEGTTL=259200
+
+## Web vault settings
+WEB_VAULT_FOLDER=/usr/share/bitwarden_rs/web-vault/
+# WEB_VAULT_ENABLED=true
+
+## Enables websocket notifications
+# WEBSOCKET_ENABLED=false
+
+## Controls the WebSocket server address and port
+# WEBSOCKET_ADDRESS=0.0.0.0
+# WEBSOCKET_PORT=3012
+
+## Enable extended logging
+## This shows timestamps and allows logging to file and to syslog
+### To enable logging to file, use the LOG_FILE env variable
+### To enable syslog, you need to compile with `cargo build --features=enable_syslog'
+# EXTENDED_LOGGING=true
+
+## Logging to file
+## This requires extended logging
+## It's recommended to also set 'ROCKET_CLI_COLORS=off'
+# LOG_FILE=/path/to/log
+
+## Enable WAL for the DB
+## Set to false to avoid enabling WAL during startup.
+## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
+## this setting only prevents bitwarden_rs from automatically enabling it on start.
+## Please read project wiki page about this setting first before changing the value as it can
+## cause performance degradation or might render  the service unable to start.
+# ENABLE_DB_WAL=true
+
+## Disable icon downloading
+## Set to true to disable icon downloading, this would still serve icons from $ICON_CACHE_FOLDER,
+## but it won't produce any external network request. Needs to set $ICON_CACHE_TTL to 0,
+## otherwise it will delete them and they won't be downloaded again.
+# DISABLE_ICON_DOWNLOAD=false
+
+## Icon download timeout
+## Configure the timeout value when downloading the favicons.
+## The default is 10 seconds, but this could be to low on slower network connections
+# ICON_DOWNLOAD_TIMEOUT=10
+
+## Icon blacklist Regex
+## Any domains or IPs that match this regex won't be fetched by the icon service.
+## Useful to hide other servers in the local network. Check the WIKI for more details
+# ICON_BLACKLIST_REGEX=192\.168\.1\.[0-9].*^
+
+## Disable 2FA remember
+## Enabling this would force the users to use a second factor to login every time.
+## Note that the checkbox would still be present, but ignored.
+# DISABLE_2FA_REMEMBER=false
+
+## Controls if new users can register
+SIGNUPS_ALLOWED=false
+
+## Token for the admin interface, preferably use a long random string
+## One option is to use 'openssl rand -base64 48'
+## If not set, the admin panel is disabled
+# ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
+# DISABLE_ADMIN_TOKEN=false
+
+## Invitations org admins to invite users, even when signups are disabled
+# INVITATIONS_ALLOWED=true
+
+## Controls the PBBKDF password iterations to apply on the server
+## The change only applies when the password is changed
+# PASSWORD_ITERATIONS=100000
+
+## Whether password hint should be sent into the error response when the client request it
+# SHOW_PASSWORD_HINT=true
+
+## Domain settings
+## The domain must match the address from where you access the server
+## It's recommended to configure this value, otherwise certain functionality might not work,
+## like attachment downloads, email links and U2F.
+## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
+# DOMAIN=https://bw.domain.tld:8443
+
+## Yubico (Yubikey) Settings
+## Set your Client ID and Secret Key for Yubikey OTP
+## You can generate it here: https://upgrade.yubico.com/getapikey/
+## You can optionally specify a custom OTP server
+# YUBICO_CLIENT_ID=11111
+# YUBICO_SECRET_KEY=AAAAAAAAAAAAAAAAAAAAAAAA
+# YUBICO_SERVER=http://yourdomain.com/wsapi/2.0/verify
+
+## Rocket specific settings, check Rocket documentation to learn more
+# ROCKET_ENV=staging
+# ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app
+# ROCKET_PORT=8000
+# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
+
+## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
+## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
+## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
+# SMTP_HOST=smtp.domain.tld
+# SMTP_FROM=bitwarden-rs@domain.tld
+# SMTP_FROM_NAME=Bitwarden_RS
+# SMTP_PORT=587
+# SMTP_SSL=true
+# SMTP_USERNAME=username
+# SMTP_PASSWORD=password
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..dbc0acf
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,6 @@
+Package: bitwarden-rs
+Architecture: amd64
+Maintainer: Greizgh <greizgh+bitwardenrs@ephax.org>
+Priority: optional
+Version: 1.7.0
+Description: Unofficial Bitwarden compatible server written in Rust
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000..3bfecc5
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,2 @@
+#!/bin/sh
+adduser --system --home /var/lib/bitwarden_rs bitwarden