commit 40ed505581fdb00fb047637aa3172d52442d5f73
parent bf0b8d996868a242c4b3a3e5d75367227e0137cd
Author: BlackDex <black.dex@gmail.com>
Date: Wed, 25 May 2022 15:30:23 +0200
Add a persistent volume check.
This will add a persistent volume check to make sure when running
containers someone is using a volume for persistent storage.
This check can be bypassed if someone configures
`I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable.
This should prevent issues like #2493 .
Diffstat:
18 files changed, 116 insertions(+), 0 deletions(-)
diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2
@@ -238,6 +238,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile
@@ -112,6 +112,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine
@@ -104,6 +104,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/amd64/Dockerfile.buildx b/docker/amd64/Dockerfile.buildx
@@ -112,6 +112,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/amd64/Dockerfile.buildx.alpine b/docker/amd64/Dockerfile.buildx.alpine
@@ -104,6 +104,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile
@@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine
@@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/arm64/Dockerfile.buildx b/docker/arm64/Dockerfile.buildx
@@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/arm64/Dockerfile.buildx.alpine b/docker/arm64/Dockerfile.buildx.alpine
@@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile
@@ -141,6 +141,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine
@@ -110,6 +110,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/armv6/Dockerfile.buildx b/docker/armv6/Dockerfile.buildx
@@ -141,6 +141,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/armv6/Dockerfile.buildx.alpine b/docker/armv6/Dockerfile.buildx.alpine
@@ -110,6 +110,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile
@@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine
@@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/armv7/Dockerfile.buildx b/docker/armv7/Dockerfile.buildx
@@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/docker/armv7/Dockerfile.buildx.alpine b/docker/armv7/Dockerfile.buildx.alpine
@@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
diff --git a/src/main.rs b/src/main.rs
@@ -276,6 +276,20 @@ fn check_data_folder() {
}
exit(1);
}
+
+ let persistent_volume_check_file = format!("{data_folder}/vaultwarden_docker_persistent_volume_check");
+ let check_file = Path::new(&persistent_volume_check_file);
+ if check_file.exists() && std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err() {
+ error!(
+ "No persistent volume!\n\
+ ########################################################################################\n\
+ # It looks like you did not configure a persistent volume! #\n\
+ # This will result in permanent data loss when the container is removed or updated! #\n\
+ # If you really want to use volatile storage set `I_REALLY_WANT_VOLATILE_STORAGE=true` #\n\
+ ########################################################################################\n"
+ );
+ exit(1);
+ }
}
fn check_rsa_keys() -> Result<(), crate::error::Error> {
