jeff/portioner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Vaultwarden config and set PUID to 1044

Browse Source
This commit is contained in:
Jeff Cheng
2026-02-22 15:38:13 -05:00
parent f379885c9c
commit 880cc24bde
5 changed files with 235 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
vaultwarden/SETUP.md Normal file
View File

@@ -0,0 +1,44 @@
# Service Setup Guide: Vaultwarden
Vaultwarden is a lightweight, community-driven server implementation of the Bitwarden API, written in Rust. It provides full compatibility with official Bitwarden clients (Web, iOS, Android, Desktop, Extensions).
## 1. Pre-Setup (Manual)
### Create Service User
- [ ] **Manual**: Create a local user named `svc-vaultwarden` in Synology DSM (Control Panel > User & Group).
- [ ] **Manual**: Give this user read/write access to the `docker` shared folder.
### Get User IDs
- [ ] **Manual**: SSH into your NAS and run `sudo synouser --get svc-vaultwarden`.
- [ ] **Confirmed IDs**: Locate the `User ID` (PUID) and `Group ID` (PGID).
- [ ] **Action**: Open `create_vaultwarden_folders.sh` and update the `USER_ID="[PUID]:[PGID]"` line.
- [ ] **Action**: Use these values in your Portainer stack environment variables (`stack.env`).
## 2. Infrastructure Setup
### Run Setup Script
- [ ] **Action**: Run the setup script in Dry-Run mode to verify changes:
```bash
sudo bash create_vaultwarden_folders.sh
```
- [ ] **Action**: Apply the folder creation and ownership settings:
```bash
sudo bash create_vaultwarden_folders.sh --run
```
- **What it does**:
- Creates `/volume1/docker/vaultwarden/data` for the SQLite database and attachments.
- Sets ownership securely to the `svc-vaultwarden` user, ensuring the container writes files non-root.
## 3. Portainer Deployment
### Environment Variables
- [ ] **Action**: In the Portainer Stack configuration, upload or define the variables from `stack.env`.
- Important: Ensure `DOMAIN` is set correctly for WebAuthn/FIDO2 to function.
- Temporary: Keep `SIGNUPS_ALLOWED=true` initially.
### Deploy Stack
- [ ] **Action**: Create a new stack named `vaultwarden-stack`.
- [ ] **Action**: Paste the content of `docker-compose.portainer.yml` and deploy.
- [ ] **Verification**: Access the Vaultwarden Web UI at `http://[NAS_IP]:8080`.
## 4. Post-Setup Security (Crucial)
1. **Create your account**: Navigate to the Web UI, click "Create Account", and register your master email and password.
2. **Disable Signups**: Once your account is created, go back to Portainer, update the stack environment variable `SIGNUPS_ALLOWED=false`, and **Redeploy** the stack. This prevents unauthorized users from registering on your personal instance.
3. **Reverse Proxy / HTTPS**: Vaultwarden **requires** active HTTPS (SSL) for many features like Bitwarden browser extensions or the admin page to load correctly. Point your Traefik/Cloudflared tunnel to this container.