From 27f7c7a7166cdb4326e68d8176b66ecc60806f14 Mon Sep 17 00:00:00 2001
From: Marc Cataford <mcat@riseup.net>
Date: Wed, 21 Dec 2022 14:21:10 -0500
Subject: [PATCH] feat: add bitwarden instance (#16)

---
 services/bitwarden/.env               |  1 +
 services/bitwarden/docker-compose.yml | 29 +++++++++++++++++++++++++++
 services/traefik/traefik_dynamic.toml | 14 +++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 services/bitwarden/.env
 create mode 100644 services/bitwarden/docker-compose.yml

diff --git a/services/bitwarden/.env b/services/bitwarden/.env
new file mode 100644
index 0000000..b5832cb
--- /dev/null
+++ b/services/bitwarden/.env
@@ -0,0 +1 @@
+CONFIG_ROOT=${APP_STORAGE_ROOT:-.}/bitwarden
diff --git a/services/bitwarden/docker-compose.yml b/services/bitwarden/docker-compose.yml
new file mode 100644
index 0000000..6463377
--- /dev/null
+++ b/services/bitwarden/docker-compose.yml
@@ -0,0 +1,29 @@
+version: '3.7'
+
+services:
+  bitwarden:
+    image: bitwarden/self-host:beta
+    env_file:
+      - ${CONFIG_ROOT}/web.env
+    depends_on:
+      - db
+    restart: always
+    ports:
+      - 7000:8080
+      - 7001:8443
+    volumes:
+      - ${CONFIG_ROOT}/config:/etc/bitwarden
+      - ${CONFIG_ROOT}/logs:/var/log/bitwarden
+  db:
+    image: mariadb:10
+    env_file:
+      - ${CONFIG_ROOT}/db.env
+    restart: always
+    volumes:
+      - ${CONFIG_ROOT}/db:/var/lib/mysql
+    ports:
+      - 3306:3306
+networks:
+  default:
+    name: web
+    external: true
diff --git a/services/traefik/traefik_dynamic.toml b/services/traefik/traefik_dynamic.toml
index d50122b..d4398fd 100644
--- a/services/traefik/traefik_dynamic.toml
+++ b/services/traefik/traefik_dynamic.toml
@@ -19,6 +19,13 @@
     service = "monolith"
     [http.routers.monolith.tls]
       certResolver = "lets-encrypt"
+  
+  [http.routers.bitwarden]
+    rule = "Host(`spadinaistan.karnov.club`) && (PathPrefix(`/bitwarden/`) || HeadersRegexp(`Bitwarden-Client-Name`, `.*`))"
+    service = "bitwarden"
+    middlewares = ["bitwarden-stripprefix", "bitwarden-headers"]
+    [http.routers.bitwarden.tls]
+      certResolver = "lets-encrypt"
 
 [http.middlewares]
   [http.middlewares.monolith-auth.forwardauth]
@@ -30,6 +37,9 @@
   [http.middlewares.deluge-stripprefix.stripprefix]
     prefixes = ["/deluge"]
 
+  [http.middlewares.bitwarden-stripprefix.stripprefix]
+    prefixes = ["/bitwarden"]
+
 [http.services]
   [http.services.deluge.loadBalancer]
     [[http.services.deluge.loadBalancer.servers]]
@@ -38,3 +48,7 @@
   [http.services.monolith.loadBalancer]
     [[http.services.monolith.loadBalancer.servers]]
         url = "http://monolith:8000/"
+
+  [http.services.bitwarden.loadBalancer]
+    [[http.services.bitwarden.loadBalancer.servers]]
+        url = "http://bitwarden:8080/"