diff options
author | Dennis Eriksen <d@ennis.no> | 2019-11-15 22:39:07 +0100 |
---|---|---|
committer | Dennis Eriksen <d@ennis.no> | 2019-11-15 22:39:07 +0100 |
commit | 76c8907a4cac4ef1eb04acd343bf156356aa2aa3 (patch) | |
tree | 8fbf5167024d1abbba81c8b1a2ecba37ef2d73e3 /mkosi.extra/etc | |
parent | removing a couple of unused files, and adding gitignore (diff) | |
download | mkosi-vaultwarden-76c8907a4cac4ef1eb04acd343bf156356aa2aa3.tar.gz |
bitwarden_rs now builds. Hopefully just need to configure it now.
Diffstat (limited to 'mkosi.extra/etc')
-rw-r--r-- | mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades | 9 | ||||
-rw-r--r-- | mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades | 34 | ||||
-rw-r--r-- | mkosi.extra/etc/systemd/system/bitwarden_rs.service | 29 |
3 files changed, 72 insertions, 0 deletions
diff --git a/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades b/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades new file mode 100644 index 0000000..4c725ab --- /dev/null +++ b/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades @@ -0,0 +1,9 @@ +APT::Periodic::Unattended-Upgrade "1"; + +APT::Periodic::Update-Package-Lists "1"; + + +APT::Periodic::AutocleanInterval "7"; + + + diff --git a/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades b/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades new file mode 100644 index 0000000..768347b --- /dev/null +++ b/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades @@ -0,0 +1,34 @@ +// Unattended-Upgrade::Origins-Pattern controls which packages are +// upgraded. +Unattended-Upgrade::Origins-Pattern { + "origin=Ubuntu,archive=${distro_codename}-security"; + "o=Ubuntu,a=${distro_codename}"; + "o=Ubuntu,a=${distro_codename}-updates"; + "o=Ubuntu,a=${distro_codename}-proposed-updates"; + "o=Ubuntu,n=${distro_codename}-backports"; + }; + +// List of packages to not update (regexp are supported) +Unattended-Upgrade::Package-Blacklist { +}; + + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +Unattended-Upgrade::MinimalSteps "true"; + + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +Unattended-Upgrade::Remove-Unused-Dependencies "true"; + + +// Do upgrade application even if it requires restart after upgrade +// I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file +Unattended-Upgrade::IgnoreAppsRequireRestart "true"; + +// Automatically run "dpkg --force-confold --configure -a". +Unattended-Upgrade::AutoFixInterruptedDpkg "true"; + diff --git a/mkosi.extra/etc/systemd/system/bitwarden_rs.service b/mkosi.extra/etc/systemd/system/bitwarden_rs.service new file mode 100644 index 0000000..54327c2 --- /dev/null +++ b/mkosi.extra/etc/systemd/system/bitwarden_rs.service @@ -0,0 +1,29 @@ +[Unit] +Description=Bitwarden Server (Rust Edition) +Documentation=https://github.com/dani-garcia/bitwarden_rs +After=network.target + +[Service] +# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group +User=bitwarden_rs +Group=bitwarden_rs +# The location of the .env file for configuration +EnvironmentFile=/etc/bitwarden_rs.env +# The location of the compiled binary +ExecStart=/usr/local/bin/bitwarden_rs +# Set reasonable connection and process limits +LimitNOFILE=1048576 +LimitNPROC=64 +# Isolate bitwarden_rs from the rest of the system +PrivateTmp=true +PrivateDevices=true +ProtectHome=true +ProtectSystem=strict +# Only allow writes to the following directory and set it to the working directory (user and password data are stored here) +WorkingDirectory=/var/lib/bitwarden_rs +ReadWriteDirectories=/var/lib/bitwarden_rs +# Allow bitwarden_rs to bind ports in the range of 0-1024 +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target |