baldnerd/password-manager-server-appliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working, but incomplete

Browse Source
This commit is contained in:
Robbie Ferguson
2025-07-11 13:51:53 -04:00
parent d95bb1b94b
commit a7e6715082
3 changed files with 52 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -11,8 +11,8 @@ A hardened, self-hosted password manager appliance based on Vaultwarden. Designe
- 🛡️ Fully self-hosted on Debian 12
- 🔐 Vaultwarden (Bitwarden-compatible)
- 💾 MariaDB backend
- 🧠 Supports .env override system via web-based setup
- 🌐 NGINX reverse proxy + PHP-based first-time setup wizard
- 🧠 Supports .env override system via web-based administration
- 🌐 NGINX reverse proxy + PHP-based first-time activation wizard
- 🔑 Multi-user access, browser extensions, mobile app compatibility
---
@ -22,14 +22,14 @@ A hardened, self-hosted password manager appliance based on Vaultwarden. Designe
| Path | Purpose |
|------|---------|
| `/opt/vaultwarden/.env` | Core Vaultwarden environment settings |
| `/var/lib/vaultwarden/.env.user` | User-defined config written via the setup wizard |
| `/var/lib/vaultwarden/.setup-complete` | Flag file that disables the setup wizard after first-time config |
| `/var/lib/vaultwarden/.env.user` | User-defined config written via the activation tool |
| `/var/lib/vaultwarden/.setup-complete` | Flag file that disables the activation wizard after first-time config |
| `/opt/vaultwarden/.env.merged` | Combined environment used by the wrapper |
| `/usr/local/bin/vaultwarden` | Vaultwarden binary |
| `/usr/local/bin/vaultwarden-wrapper` | Wrapper that merges .env and .env.user |
| `/etc/systemd/system/vaultwarden.service` | Systemd unit to manage Vaultwarden as a service |
| `/var/www/html/setup/` | First-time setup wizard served via PHP |
| `/var/www/html/vaultinfo/index.html` | Installer-complete welcome page served on `/` |
| `/var/www/html/activate/` | First-time activation tool, served via PHP |
| `/var/www/html/vaultinfo/index.html` | Installer-complete welcome page (not currently used) |
---
@ -43,7 +43,7 @@ On a fresh Debian 12 system, clone the password-manager repository and then run:
After installation:
- Access the appliance at `http://<your-appliance-ip>/`
- Go to `/setup` to complete first-time configuration
- Go to `/activate` to complete first-time configuration
- After submitting the form, Vaultwarden will use your custom settings
---
@ -51,21 +51,21 @@ After installation:
## 🧠 Configuration Flow
1. Installer creates `/opt/vaultwarden/.env` (default config)
2. User config is stored via `/setup` in `/var/lib/vaultwarden/.env.user`
2. Admin Token is created by visiting `/activation` and is stored in `/var/lib/vaultwarden/.env.user`
3. `vaultwarden-wrapper` merges both files into `.env.merged`
4. Systemd launches Vaultwarden using the wrapper
---
## 🔁 To Re-run Setup
## 🔁 To Re-run Activation
To prevent a bad actor from modifying your configuration by re-running the /setup tool, a file `.setup-complete` is created to tell the system to no longer allow the configuration to be saved. You can, if needed, delete the `.setup-complete` file to re-run the configuration:
To prevent a bad actor from modifying your configuration by re-running the /activate tool, a file `.setup-complete` is created to tell the system to no longer allow the configuration to be saved. You can, if needed, delete the `.setup-complete` file to re-run the configuration:
```bash
rm /var/lib/vaultwarden/.setup-complete
```
Then visit `/setup` in your browser again.
Then visit `/activate` in your browser again.
---
@ -105,7 +105,7 @@ If you need to reset your environment to retry installing after a failed install
This will:
* Remove Vaultwarden and its related system user
* Delete configuration files and setup data
* Delete configuration files and activation data
* Uninstall MariaDB and clear its databases
* Remove any sudo rules added by the installer