77 lines
2.4 KiB
Docker
77 lines
2.4 KiB
Docker
FROM rust:alpine AS build
|
|
|
|
ARG VAULTWARDEN_FEATURES=[[ join .vaultwarden.server.features "," ]] \
|
|
VAULTWARDEN_SERVER_VERSION=1.30.0 \
|
|
VAULTWARDEN_WEB_VERSION=2023.10.0
|
|
|
|
RUN set -euxo pipefail &&\
|
|
apk --no-cache upgrade &&\
|
|
apk --no-cache add \
|
|
curl \
|
|
ca-certificates \
|
|
tar \
|
|
musl-dev \
|
|
openssl-libs-static \
|
|
build-base \
|
|
[[- if has .vaultwarden.server.features "postgresql" ]]
|
|
postgresql15-dev \
|
|
libpq-dev \
|
|
[[- end ]]
|
|
[[- if has .vaultwarden.server.features "mysql" ]]
|
|
mariadb-dev \
|
|
[[- end ]]
|
|
[[- if has .vaultwarden.server.features "sqlite" ]]
|
|
sqlite-dev \
|
|
[[- end ]]
|
|
&&\
|
|
cd /tmp &&\
|
|
curl -sSLO https://github.com/dani-garcia/vaultwarden/archive/refs/tags/${VAULTWARDEN_SERVER_VERSION}.tar.gz &&\
|
|
tar xvzf ${VAULTWARDEN_SERVER_VERSION}.tar.gz &&\
|
|
cd vaultwarden-${VAULTWARDEN_SERVER_VERSION} &&\
|
|
rustup set profile minimal &&\
|
|
rustup target add x86_64-unknown-linux-musl &&\
|
|
cargo build --features=${VAULTWARDEN_FEATURES} --profile "release" --target "x86_64-unknown-linux-musl" &&\
|
|
find ./target -type f -name vaultwarden &&\
|
|
# Move vaultwarden bin to copy it easily in the runtime stage \
|
|
mv ./target/x86_64-unknown-linux-musl/release/vaultwarden / &&\
|
|
chown root:root /vaultwarden &&\
|
|
chmod 755 /vaultwarden &&\
|
|
cd ../ &&\
|
|
curl -sSLO https://github.com/dani-garcia/bw_web_builds/releases/download/v${VAULTWARDEN_WEB_VERSION}/bw_web_v${VAULTWARDEN_WEB_VERSION}.tar.gz &&\
|
|
tar xvzf bw_web_v${VAULTWARDEN_WEB_VERSION}.tar.gz &&\
|
|
mv web-vault / &&\
|
|
chown -R root:root /web-vault
|
|
|
|
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
|
|
MAINTAINER [[ .docker.maintainer ]]
|
|
|
|
ENV ROCKET_PROFILE=release \
|
|
ROCKET_ADDRESS=0.0.0.0 \
|
|
ROCKET_PORT=8234 \
|
|
DATA_FOLDER=/data \
|
|
DATABASE_URL=/data/db.sqlite3
|
|
|
|
COPY --from=build /vaultwarden /usr/local/bin/
|
|
COPY --from=build /web-vault /opt/vaultwarden/web-vault
|
|
|
|
RUN set -euxo pipefail &&\
|
|
apk --no-cache upgrade &&\
|
|
apk --no-cache add \
|
|
ca-certificates \
|
|
curl \
|
|
openssl \
|
|
tzdata \
|
|
&&\
|
|
addgroup -g 8234 vaultwarden &&\
|
|
adduser --system --ingroup vaultwarden --disabled-password --uid 8234 --home /opt/vaultwarden --shell /sbin/nologin vaultwarden &&\
|
|
mkdir /data &&\
|
|
chown vaultwarden:vaultwarden /data
|
|
|
|
WORKDIR /opt/vaultwarden
|
|
|
|
USER vaultwarden
|
|
|
|
EXPOSE 8234
|
|
|
|
CMD ["vaultwarden"]
|