8 files changed, 108 insertions, 42 deletions

diff --git a/.env.template b/bitwarden_rs.env
index 79b93f4..79b93f4 100644
--- a/.env.template
+++ b/bitwarden_rs.env
diff --git a/mkosi.build b/mkosi.build
index fce9cb7..347966e 100755
--- a/mkosi.build
+++ b/mkosi.build
@@ -1,46 +1,43 @@
 #!/bin/sh
 
-export RUSTUP_HOME=/usr/local/rustup \
-       CARGO_HOME=/usr/local/cargo \
-       PATH=/usr/local/cargo/bin:$PATH \
-       RUST_VERSION=1.39.0
-       DB=sqlite
+export RUSTUP_HOME=/root/.rustup \
+       CARGO_HOME=/root/.cargo \
+       PATH=/root/.cargo/bin:$PATH \
+       RUST_VERSION=1.39.0 \
+       DB=postgresql \
        VAULT_VERSION=v2.12.0
+
+mkdir /root/src && cd /root/src
 git clone https://github.com/dani-garcia/bitwarden_rs.git
-## build vault ##       
+
+
+## get vault ## 
 mkdir /root/src/bitwarden_rs/web-vault
 cd /root/src/bitwarden_rs/web-vault
 
 curl -L https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz | tar xz
-ls
 
 cd /root/src/bitwarden_rs
+
+
 ## Setting up rust for build ##
-url="https://static.rust-lang.org/rustup/archive/1.20.2/x86_64-unknown-linux-gnu/rustup-init"; \
-wget "$url"; \
-echo "e68f193542c68ce83c449809d2cad262cc2bbb99640eb47c58fc1dc58cc30add *rustup-init" | sha256sum -c -; \
-chmod +x rustup-init; \
-./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION; \
-rm rustup-init; \
-chmod -R a+w $RUSTUP_HOME $CARGO_HOME; \
-rustup --version; \
-cargo --version; \
-rustc --version; \
 
-## building bitwarden_rs ##
+wget "https://static.rust-lang.org/rustup/archive/1.20.2/x86_64-unknown-linux-gnu/rustup-init"
+echo "e68f193542c68ce83c449809d2cad262cc2bbb99640eb47c58fc1dc58cc30add *rustup-init" | sha256sum -c -
+chmod +x rustup-init
+./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION
+rm rustup-init
+chmod -R a+w $RUSTUP_HOME $CARGO_HOME
+rustup --version
+cargo --version
+rustc --version
 
-cargo new --bin app
-cd app
 
-cp -r /root/src/bitwarden_rs/Cargo.* /root/src/bitwarden_rs/rust-toolchain /root/src/bitwarden_rs/build.rs .
-cargo build --features $DB --release
-#find . -not -path "./target*" -delete
-touch src/main.rs
-#cargo build --features $DB --release
+## building bitwarden_rs ##
+
+cargo build --features postgresql --release
 
-mkdir /root/src/bitwarden_built
-cp /root/src/bitwarden_rs/Rocket.toml /root/src/bitwarden_built/.
-cp -r /root/src/bitwarden_rs/web-vault /root/src/bitwarden_built/.
-cp -r /root/src/bitwarden_rs/app /root/src/bitwarden_built/.
 
-rm -rf /root/src/bitwarden_rs
+## move stuff ##
+mv web-vault ${DESTDIR}/
+mv target/release ${DESTDIR}/bitwarden_rs
diff --git a/mkosi.default b/mkosi.default
index 1c3d422..52c3dfd 100644
--- a/mkosi.default
+++ b/mkosi.default
@@ -14,8 +14,7 @@ Packages=
     unattended-upgrades
     curl
     locales
-    openssl
-    sqlite3
+    libpq-dev
 
 BuildPackages=
     git
@@ -25,4 +24,5 @@ BuildPackages=
     wget
     libssl-dev
     pkg-config
-
+    libpq-dev
+    curl
diff --git a/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades b/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades
new file mode 100644
index 0000000..4c725ab
--- /dev/null
+++ b/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades
@@ -0,0 +1,9 @@
+APT::Periodic::Unattended-Upgrade "1";
+
+APT::Periodic::Update-Package-Lists "1";
+
+
+APT::Periodic::AutocleanInterval "7";
+
+
+
diff --git a/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades b/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades
new file mode 100644
index 0000000..768347b
--- /dev/null
+++ b/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades
@@ -0,0 +1,34 @@
+// Unattended-Upgrade::Origins-Pattern controls which packages are
+// upgraded.
+Unattended-Upgrade::Origins-Pattern {
+      "origin=Ubuntu,archive=${distro_codename}-security";
+      "o=Ubuntu,a=${distro_codename}";
+      "o=Ubuntu,a=${distro_codename}-updates";
+      "o=Ubuntu,a=${distro_codename}-proposed-updates";
+      "o=Ubuntu,n=${distro_codename}-backports";
+  };
+
+// List of packages to not update (regexp are supported)
+Unattended-Upgrade::Package-Blacklist {
+};
+
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+Unattended-Upgrade::MinimalSteps "true";
+
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+
+
+// Do upgrade application even if it requires restart after upgrade
+// I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file
+Unattended-Upgrade::IgnoreAppsRequireRestart "true";
+
+// Automatically run "dpkg --force-confold --configure -a".
+Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+ 
diff --git a/mkosi.extra/etc/systemd/system/bitwarden_rs.service b/mkosi.extra/etc/systemd/system/bitwarden_rs.service
new file mode 100644
index 0000000..54327c2
--- /dev/null
+++ b/mkosi.extra/etc/systemd/system/bitwarden_rs.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Bitwarden Server (Rust Edition)
+Documentation=https://github.com/dani-garcia/bitwarden_rs
+After=network.target
+
+[Service]
+# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
+User=bitwarden_rs
+Group=bitwarden_rs
+# The location of the .env file for configuration
+EnvironmentFile=/etc/bitwarden_rs.env
+# The location of the compiled binary
+ExecStart=/usr/local/bin/bitwarden_rs
+# Set reasonable connection and process limits
+LimitNOFILE=1048576
+LimitNPROC=64
+# Isolate bitwarden_rs from the rest of the system
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=strict
+# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
+WorkingDirectory=/var/lib/bitwarden_rs
+ReadWriteDirectories=/var/lib/bitwarden_rs
+# Allow bitwarden_rs to bind ports in the range of 0-1024
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
diff --git a/mkosi.nspawn b/mkosi.nspawn
index 6c9cfa1..d5d3a36 100644
--- a/mkosi.nspawn
+++ b/mkosi.nspawn
@@ -7,9 +7,6 @@ PrivateUsers=pick
 
 [Files]
 PrivateUsersChown=true
-Bind=/root/src/bitwarden_built:/root
-Bind=/var/lib/bitwarden:/data
-
 
 [Network]
 VirtualEthernet=no
diff --git a/mkosi.postinst b/mkosi.postinst
index 4fcdfc3..6cd5334 100755
--- a/mkosi.postinst
+++ b/mkosi.postinst
@@ -1,9 +1,9 @@
 #!/bin/sh
+mv /bitwarden_rs/bitwarden_rs /usr/local/bin/
 
-export ROCKET_ENV=staging \
-       ROCKET_PORT=8080 \
-       ROCKET_WORKERS=10
+mkdir /var/lib/bitwarden_rs
+useradd -d /var/lib/bitwarden_rs --system bitwarden_rs
+chown -R bitwarden_rs: /var/lib/bitwarden_rs
+
+systemctl enable bitwarden_rs
 
-mkdir /web-vault
-cp -r /root/web-vault/* /web-vault/. || echo "build"
-/root/app/target/release/bitwarden_rs || echo "build"