majorlinux/MajorWiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wiki: add Vaultwarden article to privacy-security section

Browse Source 
Add 03-opensource/privacy-security/vaultwarden.md covering deployment
with Docker Compose, Caddy reverse proxy, client setup, access model
via Tailscale, and SQLite backup. Remove KeePassXC from backlog.

Article count: 31 → 32. Open source section: 4 → 5.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
MajorLinux
2026-03-13 23:48:40 -04:00
parent afae561e7e
commit 29333fbe0a
6 changed files with 110 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
03-opensource/index.md
View File

@@ -14,4 +14,4 @@ A curated collection of my favorite open-source tools and privacy-respecting alt
- *Coming soon*
## 🔐 Privacy & Security
- *Coming soon*
- [Vaultwarden: Self-Hosted Password Manager](privacy-security/vaultwarden.md)

95
03-opensource/privacy-security/vaultwarden.md Normal file
View File

@@ -0,0 +1,95 @@
# Vaultwarden — Self-Hosted Password Manager
## Problem
Password managers are a necessity, but handing your credentials to a third-party cloud service is a trust problem. Bitwarden is open source and privacy-respecting, but if you're already running a homelab, there's no reason to depend on their servers.
## Solution
[Vaultwarden](https://github.com/dani-garcia/vaultwarden) is an unofficial, lightweight Bitwarden-compatible server written in Rust. It exposes the same API that all official Bitwarden clients speak — desktop apps, browser extensions, mobile apps — so you get the full Bitwarden UX pointed at your own hardware.
Your passwords never leave your network.
---
## Deployment (Docker + Caddy)
### docker-compose.yml
```yaml
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
- DOMAIN=https://vault.yourdomain.com
- SIGNUPS_ALLOWED=false # disable after creating your account
volumes:
- ./vw-data:/data
ports:
- "8080:80"
```
Start it:
```bash
sudo docker compose up -d
```
### Caddy reverse proxy
```
vault.yourdomain.com {
reverse_proxy localhost:8080
}
```
Caddy handles TLS automatically. No extra cert config needed.
---
## Initial Setup
1. Browse to `https://vault.yourdomain.com` and create your account
2. Set `SIGNUPS_ALLOWED=false` in the compose file and restart the container
3. Install any official Bitwarden client (browser extension, desktop, mobile)
4. In the client, set the **Server URL** to `https://vault.yourdomain.com` before logging in
That's it. The client has no idea it's not talking to Bitwarden's servers.
---
## Access Model
On MajorInfrastructure, Vaultwarden runs on **majorlab** and is accessible:
- **Internally** — via Caddy on the local network
- **Remotely** — via Tailscale; vault is reachable from any device on the tailnet without exposing it to the public internet
This means the Caddy vhost does not need to be publicly routable. You can choose to expose it publicly (Let's Encrypt works fine) or keep it Tailscale-only.
---
## Backup
Vaultwarden stores everything in a single SQLite database at `./vw-data/db.sqlite3`. Back it up like any file:
```bash
# Simple copy (stop container first for consistency, or use sqlite backup mode)
sqlite3 /path/to/vw-data/db.sqlite3 ".backup '/path/to/backup/vw-backup-$(date +%F).sqlite3'"
```
Or include the `vw-data/` directory in your regular rsync backup run.
---
## Why Not Bitwarden (Official)?
The official Bitwarden server is also open source but requires significantly more resources (multiple services, SQL Server). Vaultwarden runs in a single container on minimal RAM and handles everything a personal or family vault needs.
---
## Tags
#vaultwarden #bitwarden #passwords #privacy #self-hosting #docker #linux

2
MajorWiki-Deploy-Status.md
View File

@@ -31,7 +31,7 @@ DNS record and Caddy entry have been removed.
## Content
- 31 articles across 5 domains
- 32 articles across 5 domains
- Source of truth: `MajorVault/20-Projects/MajorTwin/08-Wiki/`
- Deployed via Gitea webhook (push from MajorAir → auto-pull on majorlab)

10
README.md
View File

@@ -3,7 +3,7 @@
> A growing reference of Linux, self-hosting, open source, streaming, and troubleshooting guides. Written by MajorLinux. Used by MajorTwin.
>
**Last updated:** 2026-03-13
**Article count:** 31
**Article count:** 32
## Domains
@@ -11,7 +11,7 @@
|---|---|---|
| 🐧 Linux & Sysadmin | `01-linux/` | 9 |
| 🏠 Self-Hosting & Homelab | `02-selfhosting/` | 8 |
| 🔓 Open Source Tools | `03-opensource/` | 4 |
| 🔓 Open Source Tools | `03-opensource/` | 5 |
| 🎙️ Streaming & Podcasting | `04-streaming/` | 1 |
| 🔧 General Troubleshooting | `05-troubleshooting/` | 9 |
@@ -78,6 +78,9 @@
- [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) — lightweight terminal multiplexer, universally available
- [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) — incremental file sync locally and over SSH, survives interruptions
### Privacy & Security
- [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) — Bitwarden-compatible server in a single Docker container, passwords stay on your hardware
---
## 🎙️ Streaming & Podcasting
@@ -104,6 +107,7 @@
| Date | Article | Domain |
|---|---|---|
| 2026-03-13 | [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) | Open Source |
| 2026-03-13 | [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md) | Open Source |
| 2026-03-13 | [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) | Open Source |
| 2026-03-13 | [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) | Open Source |
@@ -112,7 +116,6 @@
| 2026-03-13 | [SnapRAID & MergerFS Storage Setup](01-linux/storage/snapraid-mergerfs-setup.md) | Linux |
| 2026-03-13 | [Qwen2.5-14B OOM on RTX 3080 Ti (12GB)](05-troubleshooting/gpu-display/qwen-14b-oom-3080ti.md) | Troubleshooting |
| 2026-03-13 | [Apache Outage: Fail2ban Self-Ban + Missing iptables Rules](05-troubleshooting/networking/fail2ban-self-ban-apache-outage.md) | Troubleshooting |
| 2026-03-12 | [Docker & Caddy Recovery After Reboot](05-troubleshooting/docker-caddy-selinux-post-reboot-recovery.md) | Troubleshooting |
---
@@ -120,7 +123,6 @@
| Topic | Domain | Priority | From Gap? |
|---|---|---|---|
| KeePassXC self-hosted password management | Open Source | High | No |
| Docker Compose networking deep dive | Self-Hosting | High | No |
| Troubleshooting NVIDIA on Linux | Troubleshooting | Medium | No |
| Pi-hole setup and local DNS | Self-Hosting | Medium | No |

1
SUMMARY.md
View File

@@ -8,6 +8,7 @@
* [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md)
* [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md)
* [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md)
* [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md)
* [Streaming](04-streaming/index.md)
* [Introduction](04-streaming/index.md)
* [Troubleshooting](05-troubleshooting/index.md)

10
index.md
View File

@@ -3,7 +3,7 @@
> A growing reference of Linux, self-hosting, open source, streaming, and troubleshooting guides. Written by MajorLinux. Used by MajorTwin.
>
> **Last updated:** 2026-03-13
> **Article count:** 31
> **Article count:** 32
## Domains
@@ -11,7 +11,7 @@
|---|---|---|
| 🐧 Linux & Sysadmin | `01-linux/` | 9 |
| 🏠 Self-Hosting & Homelab | `02-selfhosting/` | 8 |
| 🔓 Open Source Tools | `03-opensource/` | 4 |
| 🔓 Open Source Tools | `03-opensource/` | 5 |
| 🎙️ Streaming & Podcasting | `04-streaming/` | 1 |
| 🔧 General Troubleshooting | `05-troubleshooting/` | 9 |
@@ -78,6 +78,9 @@
- [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) — lightweight terminal multiplexer, universally available
- [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) — incremental file sync locally and over SSH, survives interruptions
### Privacy & Security
- [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) — Bitwarden-compatible server in a single Docker container, passwords stay on your hardware
---
## 🎙️ Streaming & Podcasting
@@ -104,6 +107,7 @@
| Date | Article | Domain |
|---|---|---|
| 2026-03-13 | [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) | Open Source |
| 2026-03-13 | [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md) | Open Source |
| 2026-03-13 | [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) | Open Source |
| 2026-03-13 | [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) | Open Source |
@@ -112,7 +116,6 @@
| 2026-03-13 | [SnapRAID & MergerFS Storage Setup](01-linux/storage/snapraid-mergerfs-setup.md) | Linux |
| 2026-03-13 | [Qwen2.5-14B OOM on RTX 3080 Ti (12GB)](05-troubleshooting/gpu-display/qwen-14b-oom-3080ti.md) | Troubleshooting |
| 2026-03-13 | [Apache Outage: Fail2ban Self-Ban + Missing iptables Rules](05-troubleshooting/networking/fail2ban-self-ban-apache-outage.md) | Troubleshooting |
| 2026-03-12 | [Docker & Caddy Recovery After Reboot](05-troubleshooting/docker-caddy-selinux-post-reboot-recovery.md) | Troubleshooting |
---
@@ -120,7 +123,6 @@
| Topic | Domain | Priority | From Gap? |
|---|---|---|---|
| KeePassXC self-hosted password management | Open Source | High | No |
| Docker Compose networking deep dive | Self-Hosting | High | No |
| Troubleshooting NVIDIA on Linux | Troubleshooting | Medium | No |
| Pi-hole setup and local DNS | Self-Hosting | Medium | No |