====== Bitwarden ======

//Passwort/Passwörter sicher speichern.//

  * [[https://bitwarden.com/|Bitwarden]] - Open Source Password Manager für alle gängigen Plattformen
    * [[https://github.com/bitwarden|Bitwarden]]
    * [[https://github.com/dani-garcia/vaultwarden|Vaultwarden (früher Bitwarden_RS) - alternative implementation of the bitwarden server (Rust)]]


===== FreeBSD =====


==== Server (Back-End) ====


=== Installation von vaultwarden ===

⚠️IMPORTANT⚠️: When using this server, please report any bugs or suggestions to us directly ([[https://github.com/dani-garcia/vaultwarden?tab=readme-ov-file#get-in-touch|Get in touch]]), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels.

  > pkg install security/vaultwarden

''oder''

<code>
# cd /usr/ports/security/vaultwarden/
# make clean
# make config

# make
...

warning: `vaultwarden` (bin "vaultwarden") generated 11 warnings
    Finished release [optimized] target(s) in 0.16s
  Installing /var/ports/usr/ports/security/vaultwarden/work/stage/usr/local/bin/vaultwarden
   Installed package `vaultwarden v1.0.0 (/var/ports/usr/ports/security/vaultwarden/work/vaultwarden-1.30.0)` (executable `vaultwarden`)
warning: be sure to add `/var/ports/usr/ports/security/vaultwarden/work/stage/usr/local/bin` to your PATH to be able to run the installed binaries
/bin/mkdir -p /var/ports/usr/ports/security/vaultwarden/work/stage//usr/local/www/vaultwarden/data
install -m0600 /usr/ports/security/vaultwarden/files/vaultwarden_conf.in /var/ports/usr/ports/security/vaultwarden/work/stage//usr/local/www/vaultwarden/data/config.json.sample
====> Compressing man pages (compress-man)
===> Staging rc.d startup script(s)

# make install
===>  Installing for vaultwarden-1.30.0_1
===>  Checking if vaultwarden is already installed
===>   Registering installation for vaultwarden-1.30.0_1
Installing vaultwarden-1.30.0_1...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
===> SECURITY REPORT: 
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/bin/vaultwarden

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage: 
https://github.com/dani-garcia/vaultwarden

# make clean
</code>


=== Konfiguration von vaultwarden ===

  > touch /var/log/vaultwarden.log
  > chown www:www /var/log/vaultwarden.log

<file bash /usr/local/etc/rc.conf.d/vaultwarden>
#------------------------------------------------------------------------------#
vaultwarden_enable="YES"

#Warning : Some of these settings may be overridden when changing settings on the admin page or in the config.json file
#located by default at: /usr/local/www/vaulwarden/data/config.json

LOG_FILE='/var/log/vaultwarden.log'
export LOG_FILE

ROCKET_ADDRESS=::1
export ROCKET_ADDRESS

ROCKET_PORT=4567 # your port here
export ROCKET_PORT

# ROCKET_TLS='{certs = "/ssl/fullchain.pem", key = "/ssl/key.pem"}'
# LOG_FILE='/data/bitwarden.log'

SIGNUPS_ALLOWED=false
export SIGNUPS_ALLOWED

SIGNUPS_VERIFY=true
export SIGNUPS_VERIFY

INVITATIONS_ALLOWED=false
export INVITATIONS_ALLOWED

DOMAIN='https://vaultwarden.domain.de'
export DOMAIN

# ADMIN_TOKEN= # generate one with ~$ openssl rand -base64 48
# export ADMIN_TOKEN

SMTP_HOST='mailout.domain.de'
export SMTP_HOST

SMTP_FROM='vaultwarden@domain.de'
export SMTP_FROM

SMTP_PORT=465
export SMTP_PORT

SMTP_SECURITY=force_tls
export SMTP_SECURITY

SMTP_USERNAME='mailbenutzer'
export SMTP_USERNAME

SMTP_PASSWORD='Motivate7-Sulphate7-Operate6-Contact3-Habitat9'
export SMTP_PASSWORD

# Beta feature
# ORG_GROUPS_ENABLED=false
# export ORG_GROUPS_ENABLED
</file>

<file c /home/etc/nginx/conf.d/vaultwarden.domain.de.conf>
# https://github.com/dani-garcia/vaultwarden/wiki

### vaultwarden
upstream vaultwarden {
	zone vaultwarden 64k;
	server [::1]:4567;
	keepalive 2;
}

# Needed to support websocket connections
# See: https://nginx.org/en/docs/http/websocket.html
# Instead of "close" as stated in the above link we send an empty value.
# Else all keepalive connections will not work.
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      "";
}

server {
    listen [::]:443 ssl http2;
    server_name vaultwarden.domain.de;

	include /home/etc/nginx/snippets/header.conf;

	client_max_body_size 525M;

    location / {
		include /home/etc/nginx/snippets/proxy.conf;
        proxy_pass http://vaultwarden;
    }
}
</file>