new release

vpolaris · Dec 31, 2021 · e8773da · e8773da
1 parent 9d1598f
commit e8773da
Show file tree

Hide file tree

Showing 5 changed files with 280 additions and 108 deletions.
diff --git a/scripts/sql.backup.py b/scripts/sql.backup.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+#Backup based on weekly pattern, suffixed by the day of the week  0 ==> Monday, to 6==> Sunday
+#You need to setup environnment variable DB_BACKUP with following values to set operation mode
+#disabled : the backup operation is deactivated
+#enabled : the backup operation is activated
+#maintener : szfd9g@live.fr
+
+import sqlite3
+import io
+import os, sys, shutil, gzip
+from datetime import datetime
+
+status = os.getenv('DB_BACKUP')
+if status=='disabled':
+    print('DB Backup is disabled ')
+    sys.exit(0)
+
+if status=='enabled':    
+    myday=(datetime.today().weekday())
+
+
+    filename='/var/lib/vaultwarden/backup/database_dump-'+str(myday)
+
+    if os.path.exists(filename+".gz"):
+        os.remove(filename+".gz")
+
+    #https://www.geeksforgeeks.org/how-to-create-a-backup-of-a-sqlite-database-using-python/
+    conn = sqlite3.connect('/var/lib/vaultwarden/data/db.sqlite3')
+    with io.open(filename+'.sql', 'w') as p:
+        for line in conn.iterdump():
+            p.write('%s\n' % line)
+    p.close
+    conn.close()
+
+    #https://towardsdatascience.com/all-the-ways-to-compress-and-archive-files-in-python-e8076ccedb4b
+
+    with open(filename+'.sql', "rb") as fin, gzip.open(f''+filename+'.gz', "wb") as fout:
+        # Reads the file by chunks to avoid exhausting memory
+        shutil.copyfileobj(fin, fout)
+
+    if os.path.exists(filename+".sql"):
+        os.remove(filename+".sql")
+
+    print('Backup performed successfully!')
+
+else:
+    print('unable to understand what you mean!')
+    print('valid options are: enabled or disabled')
+    sys.exit(1)
diff --git a/services/db-backup.service b/services/db-backup.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=DB Backup service
+Wants=db-backup.timer
+
+[Service]
+
+Type=simple                                          
+EnvironmentFile=/opt/scripts/.env
+ExecStart=/opt/scripts/sql.backup.py  
+User=vaultwarden       
+Nice=19
+IOSchedulingClass=2
+IOSchedulingPriority=7
+
+[Install]
+WantedBy=db-backup.timer
diff --git a/services/db-backup.timer b/services/db-backup.timer
@@ -0,0 +1,12 @@
+[Unit]
+Description=Run DB Backup script at 02:00 AM every day
+Requires=db-backup.service
+[Timer]
+Unit=db-backup.service
+OnCalendar=*-*-* 02:00:00
+#RandomizedDelaySec=5m
+AccuracySec=20s
+persistence=yes
+
+[Install]
+WantedBy=timers.target
diff --git a/setup.sh b/setup.sh
@@ -3,7 +3,7 @@ ADMTKN="$(tr -cd [:alnum:] < /dev/urandom | fold -w 48 | head -n 1)"
 ADMINPASS="$(tr -cd [:alnum:] < /dev/urandom | fold -w 16 | head -n 1)"
 DOMAIN="vault.vaultwarden.lan"
 HTTPS="443"
-
+DB_BACKUP="enabled"
 SSLSTORE="$HOME/.ssl"
 VERSION="1.00"
 
@@ -17,7 +17,7 @@ read -e -p "Enter ADMIN Password:" -i "${ADMINPASS}" ADMINPASS
 read -e -p "Enter Domain name for Vault Website:" -i "${DOMAIN}" DOMAIN
 read -e -p "Enter https port number:" -i "${HTTPS}" HTTPS
 read -e -p "Enter tag version:" -i "${VERSION}" VERSION
-
+read -e -p "DB Backup (enabled/disabled):" -i "${DB_BACKUP}" DB_BACKUP
 read -e -p "Do you have certificates to push ? (y|n) " -i "n" CERTS
 case "${CERTS}" in
 	"y")
@@ -122,7 +122,7 @@ if ! [ -f  "${DATADIR}/vaultwarden/certs/vaultwarden.pem" ]; then
 	if [ -f  "${SSLSTORE}/vaultwarden.pem" ]; then
 		cp "${SSLSTORE}/vaultwarden.pem" "${DATADIR}/vaultwarden/certs/vaultwarden.pem"
 	else
-		openssl x509 -req -outform PEM -CAcreateserial \
+		openssl x509 -req -days 730 -outform PEM -CAcreateserial \
 		-in ${DATADIR}/vaultwarden/certs/vaultwarden.csr \
 		-CA ${DATADIR}/vaultwarden/certs/CA-Vaultwarden.pem \
 		-CAkey ${DATADIR}/vaultwarden/certs/CA-Vaultwarden.key \
@@ -169,11 +169,11 @@ if [ "$(getenforce)" == "Enforcing" ]; then
 	fi
 fi
 
-export ADMTKN="${ADMTKN}" DOMAIN="${DOMAIN}" HTTPS="${HTTPS}"
+export ADMTKN="${ADMTKN}" DOMAIN="${DOMAIN}" HTTPS="${HTTPS}" DB_BACKUP="${DB_BACKUP}"
 envsubst '${ADMTKN} ${DOMAIN}'< ./templates/env.tpl > ./configurations/.env
 envsubst '${DOMAIN} ${HTTPS}' < ./templates/vhost.tpl > ./configurations/vhost.conf
 envsubst '${HTTPS}' < ./templates/ssl.tpl > ./configurations/ssl.conf
-envsubst '${DOMAIN} ${HTTPS}' < ./templates/Dockerfile.tpl > Dockerfile
+envsubst '${DB_BACKUP} ${DOMAIN} ${HTTPS}' < ./templates/Dockerfile.tpl > Dockerfile
 cp -rf . "${DATADIR}/project"
 
 cat /usr/share/containers/containers.conf | sed -e '/# dns_servers = \[\]/a dns_servers = \["1.1.1.1"\]' -e '/# tz = ""/a tz = "local"' -e '/# runtime = "crun"/a runtime = "crun"' -e '/# cgroup_manager = "systemd"/a cgroup_manager = "systemd"' -e'/# events_logger = "journald"/a events_logger = "journald"' -e '/# cgroups = "enabled"/a cgroups = "enabled"' -e'/# cgroupns = "private"/a cgroupns = "private"' -e 's/log_driver = "k8s-file"/#log_driver = "k8s-file"/' -e '/#log_driver = "k8s-file/a log_driver = "journald"' -e'/# log_tag = ""/a log_tag = "vaultwarden"' > /home/vaultwarden/.config/containers/containers.conf