topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add a persistent volume check. 

This will add a persistent volume check to make sure when running
containers someone is using a volume for persistent storage.

This check can be bypassed if someone configures
`I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable.

This should prevent issues like #2493 .
pull/2501/head
BlackDex 3 years ago
parent
bf0b8d9968
commit
40ed505581
No known key found for this signature in database GPG Key ID: 58C80A2AA6C765E1
18 changed files with 116 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      docker/Dockerfile.j2
  2. 6
      docker/amd64/Dockerfile
  3. 6
      docker/amd64/Dockerfile.alpine
  4. 6
      docker/amd64/Dockerfile.buildx
  5. 6
      docker/amd64/Dockerfile.buildx.alpine
  6. 6
      docker/arm64/Dockerfile
  7. 6
      docker/arm64/Dockerfile.alpine
  8. 6
      docker/arm64/Dockerfile.buildx
  9. 6
      docker/arm64/Dockerfile.buildx.alpine
  10. 6
      docker/armv6/Dockerfile
  11. 6
      docker/armv6/Dockerfile.alpine
  12. 6
      docker/armv6/Dockerfile.buildx
  13. 6
      docker/armv6/Dockerfile.buildx.alpine
  14. 6
      docker/armv7/Dockerfile
  15. 6
      docker/armv7/Dockerfile.alpine
  16. 6
      docker/armv7/Dockerfile.buildx
  17. 6
      docker/armv7/Dockerfile.buildx.alpine
  18. 14
      src/main.rs

6
docker/Dockerfile.j2
View File

@ -238,6 +238,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/amd64/Dockerfile
View File

@ -112,6 +112,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/amd64/Dockerfile.alpine
View File

@ -104,6 +104,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/amd64/Dockerfile.buildx
View File

@ -112,6 +112,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/amd64/Dockerfile.buildx.alpine
View File

@ -104,6 +104,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/arm64/Dockerfile
View File

@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/arm64/Dockerfile.alpine
View File

@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/arm64/Dockerfile.buildx
View File

@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/arm64/Dockerfile.buildx.alpine
View File

@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/armv6/Dockerfile
View File

@ -141,6 +141,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/armv6/Dockerfile.alpine
View File

@ -110,6 +110,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/armv6/Dockerfile.buildx
View File

@ -141,6 +141,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/armv6/Dockerfile.buildx.alpine
View File

@ -110,6 +110,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/armv7/Dockerfile
View File

@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/armv7/Dockerfile.alpine
View File

@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/armv7/Dockerfile.buildx
View File

@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

6
docker/armv7/Dockerfile.buildx.alpine
View File

@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012
# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /

14
src/main.rs
View File

@ -276,6 +276,20 @@ fn check_data_folder() {
}
exit(1);
}
let persistent_volume_check_file = format!("{data_folder}/vaultwarden_docker_persistent_volume_check");
let check_file = Path::new(&persistent_volume_check_file);
if check_file.exists() && std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err() {
error!(
"No persistent volume!\n\
########################################################################################\n\
# It looks like you did not configure a persistent volume! #\n\
# This will result in permanent data loss when the container is removed or updated! #\n\
# If you really want to use volatile storage set `I_REALLY_WANT_VOLATILE_STORAGE=true` #\n\
########################################################################################\n"
);
exit(1);
}
}
fn check_rsa_keys() -> Result<(), crate::error::Error> {

Write Preview
Loading…
Cancel
Save