initial vaultwardent files

.devcontainer/devcontainer.json

@@ -1,7 +1,7 @@
 // For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
 // https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/javascript-node
 {
-  "name": "ns8-paperless-ngx",
+  "name": "ns8-vaultwarden",
   "image": "mcr.microsoft.com/devcontainers/javascript-node:0-18-bullseye",
   // Configure tool-specific properties.
   "customizations": {

.github/workflows/clean-registry.yml

@@ -15,5 +15,5 @@ jobs:
     steps:
       - uses: NethServer/ns8-github-actions/.github/actions/delete-image@v1
         with:
-          images: "ns8-paperless-ngx"
+          images: "ns8-vaultwarden"
           delete_image_token: ${{ secrets.IMAGES_CLEANUP_TOKEN }}

README.md

@@ -1,68 +1,81 @@
-# ns8-paperless ngx
-Paperless-ngx is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
+# ns8-vaultwarden
+vaultwarden is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
 
 ## Install
 
 Instantiate the module with:
 
-    add-module ghcr.io/compgeniuses/paperlessngx:latest 1
+    add-module ghcr.io/compgeniuses/vaultwarden:latest 1
 
 The output of the command will return the instance name.
 Output example:
 
-    {"module_id": "paperlessngx", "image_name": "paperlessngx", "image_url": "ghcr.io/compgeniuses/paperlessngx:latest"}
+    {"module_id": "vaultwarden", "image_name": "vaultwarden", "image_url": "ghcr.io/compgeniuses/vaultwarden:latest"}
 
 ## Configure
 
-Let's assume that the paperless instance is named `paperlessngx1`.
+Let's assume that the vaultwarden instance is named `vaultwarden1`.
 
 Launch `configure-module`, by setting the following parameters:
 
-- `paperless_name`: the name given to the instance that wil also appear as the name on the dachboard
-- `PAPERLESS_TIME_ZONE`: the timezone for the project, a config that can be modified
-- `PAPERLESS_TIME_ZONE`: the default is America/Los_Angeles
-- `PAPERLESS_ADMIN_USER`: define the default username and password for superadmin: set to = paperlessadmin
-- `PAPERLESS_ADMIN_PASSWORD`: Define the Default password Set to = P@perle5$
+- `LOGIN_RATELIMIT_MAX_BURST`: 10
+- `LOGIN_RATELIMIT_SECONDS`: 60
+- `ADMIN_RATELIMIT_MAX_BURST`: 10
+- `ADMIN_RATELIMIT_SECONDS`: 60
+- `ADMIN_TOKEN`: YourReallyStrongAdminTokenHere
+- `SENDS_ALLOWED`: true
+- `EMERGENCY_ACCESS_ALLOWED`: true
+- `WEB_VAULT_ENABLED`: true
+- `SIGNUPS_ALLOWED`: false
+- `SIGNUPS_VERIFY`: true
+- `SIGNUPS_VERIFY_RESEND_TIME`: 3600
+- `SIGNUPS_VERIFY_RESEND_LIMIT`: 5
+- `SIGNUPS_DOMAINS_WHITELIST`: yourdomainhere.com,anotherdomain.com
+- `SMTP_HOST`: smtp.youremaildomain.com
+- `SMTP_FROM`: [email protected]
+- `SMTP_FROM_NAME`: Vaultwarden
+- `SMTP_SECURITY`: SECURITYMETHOD
+- `SMTP_PORT`: XXXX
+- `SMTP_USERNAME`: [email protected]
+- `SMTP_PASSWORD`: YourReallyStrongPasswordHere
+- `SMTP_AUTH_MECHANISM`: "Mechanism"
 - `lets_encrypt`: Set LEtsecnrypt to True or False, Default is FALSE
 - `http2https`: set redirect to True or False, Default is True
-- `host`: the traefik host url for the project
+- `host`: the traefik host url for the will be DOMAIN=https://vaultwarden.yourdomain.com
 
 - ...
 
 Example:
 
-    api-cli run module/paperlessngx1/configure-module --data '{"host": "paperlessngx.domain.com"}'
+    api-cli run module/vaultwarden1/configure-module --data '{"host": "vaultwarden.domain.com"}'
 
     or if modifying another value: 
 
-    api-cli run module/paperlessngx5/configure-module --data '{"host": "paperlessngx.domain.com","paperless_name": "MyPaperless NGX"}'
+    api-cli run module/vaultwarden5/configure-module --data '{"host": "vaultwarden.domain.com","vaultwarden_name": "Myvaultwarden"}'
 
-    api-cli run module/paperlessngx1/configure-module --data '{
-        "host": "papperlessngx.rocky9-pve2.org",
+    api-cli run module/vaultwarden1/configure-module --data '{
+        "host": "papperles.rocky9-pve2.org",
         "lets_encrypt": false,
         "http2https": true,
-        "paperless_name": "paperless-ngx",
-        "PAPERLESS_ADMIN_PASSWORD": "P@perle5$",
-        "PAPERLESS_ADMIN_USER":"paperlessadmin",
-        "PAPERLESS_ADMIN_MAIL":"[email protected]",
-        "PAPERLESS_TIME_ZONE":"America/Los_Angeles",
-        "PAPERLESS_OCR_LANGUAGE":"eng",
-        "PAPERLESS_COOKIE_PREFIX":"paperlessngx"
+        "WEB_VAULT_ENABLED": true,
+        "SIGNUPS_ALLOWED": fales,
+        "SIGNUPS_DOMAINS_WHITELIST":"yourdomainhere.com,anotherdomain.com",
+        "ADMIN_TOKEN":"YourReallyStrongAdminTokenHere"
     }'
 
 
 The above command will:
-- start and configure the paperlessngx instance
+- start and configure the vaultwarden instance
 - (describe configuration process)
 - ...
 
 Additional Parameters are Described here:
-https://docs.paperless-ngx.com/configuration/#hosting-security
+https://github.com/dani-garcia/vaultwarden/wiki
 WHile they have not been Implemented, if you require more parameters to be defined, kindly free to raise an issue, and define why and how that parameter should be implemented for use
 
-Send a test HTTP request to the ns8-paperless-ngx backend service:
+Send a test HTTP request to the vaultwarden backend service:
 
-    curl http://127.0.0.1/paperlessngx/
+    curl http://127.0.0.1/vaultwarden/
 
 ## Smarthost setting discovery
 
@@ -74,11 +87,11 @@ setup](https://nethserver.github.io/ns8-core/core/smarthost/) every time
 kickstart starts, the command `bin/discover-smarthost` runs and refreshes
 the `state/smarthost.env` file with fresh values from Redis.
 
-Furthermore if smarthost setup is changed when ns8-paperless-ngx is already
+Furthermore if smarthost setup is changed when vaultwarden is already
 running, the event handler `events/smarthost-changed/10reload_services`
 restarts the main module service.
 
-See also the `systemd/user/paperless-server.service` file.
+See also the `systemd/user/vaultwarden-server.service` file.
 
 This setting discovery is just an example to understand how the module is
 expected to work: it can be rewritten or discarded completely.
@@ -87,14 +100,14 @@ expected to work: it can be rewritten or discarded completely.
 
 To uninstall the instance:
 
-    remove-module --no-preserve paperlessngx1
+    remove-module --no-preserve vaultwarden1
 
 ## Testing
 
 Test the module using the `test-module.sh` script:
 
 
-    ./test-module.sh <NODE_ADDR> ghcr.io/nethserver/ns8-paperless-ngx:latest
+    ./test-module.sh <NODE_ADDR> ghcr.io/nethserver/vaultwarden:latest
 
 The tests are made using [Robot Framework](https://robotframework.org/)
 
@@ -108,8 +121,19 @@ To setup the translation process:
 - add your repository to [hosted.weblate.org]((https://hosted.weblate.org) or ask a NethServer developer to add it to ns8 Weblate project
 
 ## To Do
-[Optional Services:](https://docs.paperless-ngx.com/configuration/#optional-services)
-- Understand and Implement [Apache Tika](https://tika.apache.org/) to your repository
-- Understand and Implement Docker  [gotenberg](https://gotenberg.dev/) to your repository
 
-Paperless can make use of Tika and Gotenberg for parsing and converting "Office" documents (such as ".doc", ".xlsx" and ".odt"). Tika and Gotenberg are also needed to allow parsing of E-Mails (.eml).
+Implement Ldap Sync using these modules
+https://hub.docker.com/r/vividboarder/vaultwarden_ldap
+
+it includes alot of parameters
+
+if not implemented we could use this
+
+https://github.com/bitwarden/directory-connector
+
+this docker image seems to pre-implement SSO https://github.com/Timshel/vaultwarden/pkgs/container/vaultwarden
+
+Also this pre-implemnts SSO: https://hub.docker.com/r/oidcwarden/vaultwarden-oidc/tags
+
+SSO PR seemed to be in the worsk here as well: https://github.com/dani-garcia/vaultwarden/pull/3899
+so would be rebased, once its ready

build-images.sh

@@ -13,23 +13,23 @@ images=()
 # The image will be pushed to GitHub container registry
 repobase="${REPOBASE:-ghcr.io/compgeniuses}"
 # Configure the image name
-reponame="paperlessngx"
-paperless_version="2.4.2"
+reponame="vaultwarden"
+vaultwarden_version="latest"
 
 # Create a new empty container image
 container=$(buildah from scratch)
 
 # Reuse existing nodebuilder-kickstart container, to speed up builds
-if ! buildah containers --format "{{.ContainerName}}" | grep -q nodebuilder-ns8-paperlessngx; then
+if ! buildah containers --format "{{.ContainerName}}" | grep -q nodebuilder-vaultwarden; then
     echo "Pulling NodeJS runtime..."
-    buildah from --name nodebuilder-ns8-paperlessngx -v "${PWD}:/usr/src:Z" docker.io/library/node:lts
+    buildah from --name nodebuilder-vaultwarden -v "${PWD}:/usr/src:Z" docker.io/library/node:lts
 fi
 
 echo "Build static UI files with node..."
 buildah run \
     --workingdir=/usr/src/ui \
     --env="NODE_OPTIONS=--openssl-legacy-provider" \
-    nodebuilder-ns8-paperlessngx \
+    nodebuilder-vaultwarden \
     sh -c "yarn install && yarn build"
 
 # Add imageroot directory to the container image
@@ -40,7 +40,7 @@ buildah config --entrypoint=/ \
     --label="org.nethserver.authorizations=traefik@node:routeadm" \
     --label="org.nethserver.tcp-ports-demand=1" \
     --label="org.nethserver.rootfull=0" \
-    --label="org.nethserver.images=docker.io/library/redis:7.2.3-bookworm docker.io/library/postgres:15.5-bookworm docker.io/paperlessngx/paperless-ngx:${paperless_version} ghcr.io/paperless-ngx/tika:2.9.0-full docker.io/gotenberg/gotenberg:7.10.2" \
+    --label="org.nethserver.images=docker.io/vaultwarden/server:${vaultwarden_version}" \
     --label="org.nethserver.tcp-ports-demand=1" \
     "${container}"
 # Commit the image

imageroot/actions/configure-module/20configure

@@ -12,62 +12,44 @@ import agent
 
 data = json.load(sys.stdin)
 
-# Setup default values
-paperless_name = data.get("paperless_name","paperless-ngx")
-PAPERLESS_ADMIN_USER = data.get("PAPERLESS_ADMIN_USER","paperlessadmin")
-PAPERLESS_ADMIN_PASSWORD = data.get("PAPERLESS_ADMIN_PASSWORD","P@perle5$")
-PAPERLESS_ADMIN_MAIL = data.get("PAPERLESS_ADMIN_MAIL","")
-PAPERLESS_TIME_ZONE = data.get("PAPERLESS_TIME_ZONE","America/Los_Angeles")
-PAPERLESS_OCR_LANGUAGE = data.get("PAPERLESS_OCR_LANGUAGE","eng")
-PAPERLESS_COOKIE_PREFIX = data.get("PAPERLESS_COOKIE_PREFIX","paperlessngx")
-PAPERLESS_FILENAME_FORMAT = data.get("PAPERLESS_FILENAME_FORMAT","{created_year}/{correspondent}/{doc_pk}-{title}")
 
-# PAperless CSRF settings
+# vaultwarden domain settings
 host = data.get("host", "")
-PAPERLESS_URL = "https://"+host
+DOMAIN = "https://"+host
 
 
-# Db Config
-
-POSTGRES_DB = data.get("POSTGRES_DB","paperless")
-POSTGRES_USER = data.get("POSTGRES_USER","paperless")
-POSTGRES_PASSWORD = data.get("POSTGRES_PASSWORD","p@perle$$")
-
-db_config = {
-
-    "POSTGRES_ROOT_HOST": "localhost",
-    "POSTGRES_DATABASE": POSTGRES_DB,
-    "POSTGRES_USER": POSTGRES_USER,
-    "POSTGRES_PASSWORD": POSTGRES_PASSWORD,
-
-}
-agent.write_envfile('database.env', db_config)
-
-# Talk with agent using file descriptor.
+# load configs values
+DOMAIN = data.get("DOMAIN","")
+SENDS_ALLOWED = data.get("SENDS_ALLOWED","true")
+EMERGENCY_ACCESS_ALLOWED = data.get("EMERGENCY_ACCESS_ALLOWED","true")
+WEB_VAULT_ENABLED = data.get("WEB_VAULT_ENABLED","true")
+SIGNUPS_ALLOWED = data.get("SIGNUPS_ALLOWED","false")
+SIGNUPS_VERIFY = data.get(" SIGNUPS_VERIFY","true")
+SIGNUPS_VERIFY_RESEND_TIME = data.get("SIGNUPS_VERIFY_RESEND_TIME","3600")
+SIGNUPS_VERIFY_RESEND_LIMIT = data.get("SIGNUPS_VERIFY_RESEND_LIMIT","5")
+SIGNUPS_DOMAINS_WHITELIST = data.get("SIGNUPS_DOMAINS_WHITELIST","vualtdomain.org,vaultdomain2.org")
 
 # Setup configuration from user input.
-agent.set_env("PAPERLESS_NGX_NAME", paperless_name)
-agent.set_env("PAPERLESS_TIME_ZONE", PAPERLESS_TIME_ZONE)
-agent.set_env("PAPERLESS_OCR_LANGUAGE", PAPERLESS_OCR_LANGUAGE)
-agent.set_env("PAPERLESS_COOKIE_PREFIX", PAPERLESS_COOKIE_PREFIX)
-agent.set_env("PAPERLESS_ADMIN_USER", PAPERLESS_ADMIN_USER)
-agent.set_env("PAPERLESS_ADMIN_PASSWORD", PAPERLESS_ADMIN_PASSWORD)
-agent.set_env("PAPERLESS_ADMIN_MAIL", PAPERLESS_ADMIN_MAIL)
-agent.set_env("PAPERLESS_FILENAME_FORMAT", PAPERLESS_FILENAME_FORMAT)
-
-#paperless CSRF settings
-agent.set_env("PAPERLESS_URL", PAPERLESS_URL)
+agent.set_env("DOMAIN", DOMAIN)
+agent.set_env("SENDS_ALLOWED", SENDS_ALLOWED)
+agent.set_env("EMERGENCY_ACCESS_ALLOWED", EMERGENCY_ACCESS_ALLOWED)
+agent.set_env("WEB_VAULT_ENABLED", WEB_VAULT_ENABLED)
+agent.set_env("SIGNUPS_ALLOWED", SIGNUPS_ALLOWED)
+agent.set_env("SIGNUPS_VERIFY", SIGNUPS_VERIFY)
+agent.set_env("SIGNUPS_VERIFY_RESEND_TIME", SIGNUPS_VERIFY_RESEND_TIME)
+agent.set_env("SIGNUPS_VERIFY_RESEND_LIMIT", SIGNUPS_VERIFY_RESEND_LIMIT)
+agent.set_env("SIGNUPS_DOMAINS_WHITELIST", SIGNUPS_DOMAINS_WHITELIST)
 
-# Setup tika and gotenberg configuration from user input.
-agent.set_env("PAPERLESS_TIKA_ENABLED", "1")
-agent.set_env("PAPERLESS_TIKA_GOTENBERG_ENDPOINT", "http://127.0.0.1:3000")
-agent.set_env("PAPERLESS_TIKA_ENDPOINT", "http://127.0.0.1:9998")
 
 # Setup PHP with safe defaults
 agent.set_env("PHP_ENABLE_OPCACHE", "1")
 agent.set_env("PHP_MEMORY_LIMIT", "512M")
-# Configure Traefik to route "/paperlessngx" path requests to the paperlessngx service
 
+# other defaults
+agent.set_env("LOGIN_RATELIMIT_MAX_BURST", "10")
+agent.set_env("LOGIN_RATELIMIT_SECONDS", "60")
+agent.set_env("ADMIN_RATELIMIT_MAX_BURST", "10")
+agent.set_env("ADMIN_RATELIMIT_SECONDS", "60")
 
 # Make sure everything is saved inside the environment file
 # just before starting systemd unit

imageroot/actions/configure-module/80start_services

@@ -9,5 +9,5 @@
 
 touch smarthost.env
 
-systemctl --user enable paperless.service
-systemctl --user restart paperless.service
+systemctl --user enable vaultwarden.service
+systemctl --user restart vaultwarden.service

imageroot/actions/create-module/20configure

@@ -15,11 +15,12 @@ data = json.load(sys.stdin)
 
 # Setup default values
 random_key = secrets.token_hex(16)
-PAPERLESS_SECRET_KEY = data.get("PAPERLESS_SECRET_KEY",random_key)
+ADMIN_TOKEN = data.get("ADMIN_TOKEN",random_key)
 
 # Talk with agent using file descriptor.
 
-agent.set_env("PAPERLESS_SECRET_KEY", PAPERLESS_SECRET_KEY)
+agent.set_env("ADMIN_TOKEN", ADMIN_TOKEN)
+
 
 # Make sure everything is saved inside the environment file
 # just before starting systemd unit

imageroot/actions/get-configuration/20read

@@ -16,13 +16,26 @@ config = {}
 config["host"] = os.getenv("TRAEFIK_HOST","")
 config["http2https"] = os.getenv("TRAEFIK_HTTP2HTTPS") == "True"
 config["lets_encrypt"] = os.getenv("TRAEFIK_LETS_ENCRYPT") == "True"
-config["paperless_name"] = os.getenv("PAPERLESS_NGX_NAME","")
-config["PAPERLESS_TIME_ZONE"] = os.getenv("PAPERLESS_TIME_ZONE","")
-config["PAPERLESS_OCR_LANGUAGE"] = os.getenv("PAPERLESS_OCR_LANGUAGE","")
-config["PAPERLESS_ADMIN_USER"] = os.getenv("PAPERLESS_ADMIN_USER","")
-config["PAPERLESS_ADMIN_PASSWORD"] = os.getenv("PAPERLESS_ADMIN_PASSWORD","")
-config["PAPERLESS_ADMIN_MAIL"] = os.getenv("PAPERLESS_ADMIN_MAIL","")
-config["PAPERLESS_COOKIE_PREFIX"] = os.getenv("PAPERLESS_COOKIE_PREFIX","")
-config["PAPERLESS_FILENAME_FORMAT"] = os.getenv("PAPERLESS_FILENAME_FORMAT","")
+config["LOGIN_RATELIMIT_MAX_BURST"] = os.getenv("LOGIN_RATELIMIT_MAX_BURS","10")
+config["LOGIN_RATELIMIT_SECONDS"] = os.getenv("LOGIN_RATELIMIT_SECONDS","")
+config["ADMIN_RATELIMIT_MAX_BURST"] = os.getenv("ADMIN_RATELIMIT_MAX_BURST","")
+config["ADMIN_RATELIMIT_SECONDS"] = os.getenv("ADMIN_RATELIMIT_SECONDS","")
+config["SENDS_ALLOWED"] = os.getenv("SENDS_ALLOWED","")
+config["EMERGENCY_ACCESS_ALLOWED"] = os.getenv("EMERGENCY_ACCESS_ALLOWED","")
+config["WEB_VAULT_ENABLED"] = os.getenv("WEB_VAULT_ENABLED") == "true"
+config["SIGNUPS_ALLOWED"] = os.getenv("SIGNUPS_ALLOWED") == "false"
+config["SIGNUPS_VERIFY"] = os.getenv("SIGNUPS_VERIFY") == "false"
+config["SIGNUPS_VERIFY_RESEND_TIME"] = os.getenv("SIGNUPS_VERIFY_RESEND_TIME","")
+config["SIGNUPS_VERIFY_RESEND_LIMIT"] = os.getenv("SIGNUPS_VERIFY_RESEND_LIMIT","")
+config["SIGNUPS_DOMAINS_WHITELIST"] = os.getenv("SIGNUPS_DOMAINS_WHITELIST","")
+config["SMTP_HOST"] = os.getenv("SMTP_HOST","")
+config["SMTP_FROM"] = os.getenv("SMTP_FROM","")
+config["SMTP_FROM_NAME"] = os.getenv("SMTP_FROM_NAME","")
+config["SMTP_SECURITY"] = os.getenv("SMTP_SECURITY","")
+config["SMTP_PORT"] = os.getenv("SMTP_PORT","")
+config["SMTP_USERNAME"] = os.getenv("SMTP_USERNAM","")
+config["SMTP_PASSWORD"] = os.getenv("SMTP_PASSWORD","")
+config["SMTP_AUTH_MECHANISM"] = os.getenv("SMTP_AUTH_MECHANISM","")
+
 
 json.dump(config, fp=sys.stdout)