vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 5845ed2c920563d990b32b7cf54084b4b8608eb0
parent bf0b8d996868a242c4b3a3e5d75367227e0137cd
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Fri, 27 May 2022 19:41:42 +0200

Merge pull request #2501 from BlackDex/add-persistent-volume-check-docker

Add a persistent volume check.
Diffstat:
Mdocker/Dockerfile.j2 | 6++++++
Mdocker/amd64/Dockerfile | 6++++++
Mdocker/amd64/Dockerfile.alpine | 6++++++
Mdocker/amd64/Dockerfile.buildx | 6++++++
Mdocker/amd64/Dockerfile.buildx.alpine | 6++++++
Mdocker/arm64/Dockerfile | 6++++++
Mdocker/arm64/Dockerfile.alpine | 6++++++
Mdocker/arm64/Dockerfile.buildx | 6++++++
Mdocker/arm64/Dockerfile.buildx.alpine | 6++++++
Mdocker/armv6/Dockerfile | 6++++++
Mdocker/armv6/Dockerfile.alpine | 6++++++
Mdocker/armv6/Dockerfile.buildx | 6++++++
Mdocker/armv6/Dockerfile.buildx.alpine | 6++++++
Mdocker/armv7/Dockerfile | 6++++++
Mdocker/armv7/Dockerfile.alpine | 6++++++
Mdocker/armv7/Dockerfile.buildx | 6++++++
Mdocker/armv7/Dockerfile.buildx.alpine | 6++++++
Msrc/main.rs | 14++++++++++++++
18 files changed, 116 insertions(+), 0 deletions(-)

diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 @@ -238,6 +238,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile @@ -112,6 +112,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine @@ -104,6 +104,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/amd64/Dockerfile.buildx b/docker/amd64/Dockerfile.buildx @@ -112,6 +112,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/amd64/Dockerfile.buildx.alpine b/docker/amd64/Dockerfile.buildx.alpine @@ -104,6 +104,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile @@ -136,6 +136,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine @@ -108,6 +108,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/arm64/Dockerfile.buildx b/docker/arm64/Dockerfile.buildx @@ -136,6 +136,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/arm64/Dockerfile.buildx.alpine b/docker/arm64/Dockerfile.buildx.alpine @@ -108,6 +108,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile @@ -141,6 +141,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine @@ -110,6 +110,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/armv6/Dockerfile.buildx b/docker/armv6/Dockerfile.buildx @@ -141,6 +141,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/armv6/Dockerfile.buildx.alpine b/docker/armv6/Dockerfile.buildx.alpine @@ -110,6 +110,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile @@ -136,6 +136,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine @@ -108,6 +108,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/armv7/Dockerfile.buildx b/docker/armv7/Dockerfile.buildx @@ -136,6 +136,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/docker/armv7/Dockerfile.buildx.alpine b/docker/armv7/Dockerfile.buildx.alpine @@ -108,6 +108,12 @@ VOLUME /data EXPOSE 80 EXPOSE 3012 +# Create a special empty file which we check within the application. +# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. +# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` +# This file should disappear if a volume is mounted on-top of this using a docker volume. +RUN touch /data/vaultwarden_docker_persistent_volume_check + # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / diff --git a/src/main.rs b/src/main.rs @@ -276,6 +276,20 @@ fn check_data_folder() { } exit(1); } + + let persistent_volume_check_file = format!("{data_folder}/vaultwarden_docker_persistent_volume_check"); + let check_file = Path::new(&persistent_volume_check_file); + if check_file.exists() && std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err() { + error!( + "No persistent volume!\n\ + ########################################################################################\n\ + # It looks like you did not configure a persistent volume! #\n\ + # This will result in permanent data loss when the container is removed or updated! #\n\ + # If you really want to use volatile storage set `I_REALLY_WANT_VOLATILE_STORAGE=true` #\n\ + ########################################################################################\n" + ); + exit(1); + } } fn check_rsa_keys() -> Result<(), crate::error::Error> {