diff --git a/03-opensource/index.md b/03-opensource/index.md index da60713..1549781 100644 --- a/03-opensource/index.md +++ b/03-opensource/index.md @@ -14,4 +14,4 @@ A curated collection of my favorite open-source tools and privacy-respecting alt - *Coming soon* ## 🔐 Privacy & Security -- *Coming soon* +- [Vaultwarden: Self-Hosted Password Manager](privacy-security/vaultwarden.md) diff --git a/03-opensource/privacy-security/vaultwarden.md b/03-opensource/privacy-security/vaultwarden.md new file mode 100644 index 0000000..3c44427 --- /dev/null +++ b/03-opensource/privacy-security/vaultwarden.md @@ -0,0 +1,95 @@ +# Vaultwarden — Self-Hosted Password Manager + +## Problem + +Password managers are a necessity, but handing your credentials to a third-party cloud service is a trust problem. Bitwarden is open source and privacy-respecting, but if you're already running a homelab, there's no reason to depend on their servers. + +## Solution + +[Vaultwarden](https://github.com/dani-garcia/vaultwarden) is an unofficial, lightweight Bitwarden-compatible server written in Rust. It exposes the same API that all official Bitwarden clients speak — desktop apps, browser extensions, mobile apps — so you get the full Bitwarden UX pointed at your own hardware. + +Your passwords never leave your network. + +--- + +## Deployment (Docker + Caddy) + +### docker-compose.yml + +```yaml +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: unless-stopped + environment: + - DOMAIN=https://vault.yourdomain.com + - SIGNUPS_ALLOWED=false # disable after creating your account + volumes: + - ./vw-data:/data + ports: + - "8080:80" +``` + +Start it: + +```bash +sudo docker compose up -d +``` + +### Caddy reverse proxy + +``` +vault.yourdomain.com { + reverse_proxy localhost:8080 +} +``` + +Caddy handles TLS automatically. No extra cert config needed. + +--- + +## Initial Setup + +1. Browse to `https://vault.yourdomain.com` and create your account +2. Set `SIGNUPS_ALLOWED=false` in the compose file and restart the container +3. Install any official Bitwarden client (browser extension, desktop, mobile) +4. In the client, set the **Server URL** to `https://vault.yourdomain.com` before logging in + +That's it. The client has no idea it's not talking to Bitwarden's servers. + +--- + +## Access Model + +On MajorInfrastructure, Vaultwarden runs on **majorlab** and is accessible: + +- **Internally** — via Caddy on the local network +- **Remotely** — via Tailscale; vault is reachable from any device on the tailnet without exposing it to the public internet + +This means the Caddy vhost does not need to be publicly routable. You can choose to expose it publicly (Let's Encrypt works fine) or keep it Tailscale-only. + +--- + +## Backup + +Vaultwarden stores everything in a single SQLite database at `./vw-data/db.sqlite3`. Back it up like any file: + +```bash +# Simple copy (stop container first for consistency, or use sqlite backup mode) +sqlite3 /path/to/vw-data/db.sqlite3 ".backup '/path/to/backup/vw-backup-$(date +%F).sqlite3'" +``` + +Or include the `vw-data/` directory in your regular rsync backup run. + +--- + +## Why Not Bitwarden (Official)? + +The official Bitwarden server is also open source but requires significantly more resources (multiple services, SQL Server). Vaultwarden runs in a single container on minimal RAM and handles everything a personal or family vault needs. + +--- + +## Tags + +#vaultwarden #bitwarden #passwords #privacy #self-hosting #docker #linux diff --git a/MajorWiki-Deploy-Status.md b/MajorWiki-Deploy-Status.md index d37ac1d..f8d93cb 100644 --- a/MajorWiki-Deploy-Status.md +++ b/MajorWiki-Deploy-Status.md @@ -31,7 +31,7 @@ DNS record and Caddy entry have been removed. ## Content -- 31 articles across 5 domains +- 32 articles across 5 domains - Source of truth: `MajorVault/20-Projects/MajorTwin/08-Wiki/` - Deployed via Gitea webhook (push from MajorAir → auto-pull on majorlab) diff --git a/README.md b/README.md index 6d776bc..427fc79 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ > A growing reference of Linux, self-hosting, open source, streaming, and troubleshooting guides. Written by MajorLinux. Used by MajorTwin. > **Last updated:** 2026-03-13 -**Article count:** 31 +**Article count:** 32 ## Domains @@ -11,7 +11,7 @@ |---|---|---| | 🐧 Linux & Sysadmin | `01-linux/` | 9 | | 🏠 Self-Hosting & Homelab | `02-selfhosting/` | 8 | -| 🔓 Open Source Tools | `03-opensource/` | 4 | +| 🔓 Open Source Tools | `03-opensource/` | 5 | | 🎙️ Streaming & Podcasting | `04-streaming/` | 1 | | 🔧 General Troubleshooting | `05-troubleshooting/` | 9 | @@ -78,6 +78,9 @@ - [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) — lightweight terminal multiplexer, universally available - [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) — incremental file sync locally and over SSH, survives interruptions +### Privacy & Security +- [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) — Bitwarden-compatible server in a single Docker container, passwords stay on your hardware + --- ## 🎙️ Streaming & Podcasting @@ -104,6 +107,7 @@ | Date | Article | Domain | |---|---|---| +| 2026-03-13 | [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) | Open Source | | 2026-03-13 | [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md) | Open Source | | 2026-03-13 | [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) | Open Source | | 2026-03-13 | [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) | Open Source | @@ -112,7 +116,6 @@ | 2026-03-13 | [SnapRAID & MergerFS Storage Setup](01-linux/storage/snapraid-mergerfs-setup.md) | Linux | | 2026-03-13 | [Qwen2.5-14B OOM on RTX 3080 Ti (12GB)](05-troubleshooting/gpu-display/qwen-14b-oom-3080ti.md) | Troubleshooting | | 2026-03-13 | [Apache Outage: Fail2ban Self-Ban + Missing iptables Rules](05-troubleshooting/networking/fail2ban-self-ban-apache-outage.md) | Troubleshooting | -| 2026-03-12 | [Docker & Caddy Recovery After Reboot](05-troubleshooting/docker-caddy-selinux-post-reboot-recovery.md) | Troubleshooting | --- @@ -120,7 +123,6 @@ | Topic | Domain | Priority | From Gap? | |---|---|---|---| -| KeePassXC self-hosted password management | Open Source | High | No | | Docker Compose networking deep dive | Self-Hosting | High | No | | Troubleshooting NVIDIA on Linux | Troubleshooting | Medium | No | | Pi-hole setup and local DNS | Self-Hosting | Medium | No | diff --git a/SUMMARY.md b/SUMMARY.md index 0081f0d..726bd0a 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -8,6 +8,7 @@ * [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md) * [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) * [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) + * [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) * [Streaming](04-streaming/index.md) * [Introduction](04-streaming/index.md) * [Troubleshooting](05-troubleshooting/index.md) diff --git a/index.md b/index.md index 0b56f9a..d3b49b0 100644 --- a/index.md +++ b/index.md @@ -3,7 +3,7 @@ > A growing reference of Linux, self-hosting, open source, streaming, and troubleshooting guides. Written by MajorLinux. Used by MajorTwin. > > **Last updated:** 2026-03-13 -> **Article count:** 31 +> **Article count:** 32 ## Domains @@ -11,7 +11,7 @@ |---|---|---| | 🐧 Linux & Sysadmin | `01-linux/` | 9 | | 🏠 Self-Hosting & Homelab | `02-selfhosting/` | 8 | -| 🔓 Open Source Tools | `03-opensource/` | 4 | +| 🔓 Open Source Tools | `03-opensource/` | 5 | | 🎙️ Streaming & Podcasting | `04-streaming/` | 1 | | 🔧 General Troubleshooting | `05-troubleshooting/` | 9 | @@ -78,6 +78,9 @@ - [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) — lightweight terminal multiplexer, universally available - [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) — incremental file sync locally and over SSH, survives interruptions +### Privacy & Security +- [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) — Bitwarden-compatible server in a single Docker container, passwords stay on your hardware + --- ## 🎙️ Streaming & Podcasting @@ -104,6 +107,7 @@ | Date | Article | Domain | |---|---|---| +| 2026-03-13 | [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) | Open Source | | 2026-03-13 | [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md) | Open Source | | 2026-03-13 | [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) | Open Source | | 2026-03-13 | [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) | Open Source | @@ -112,7 +116,6 @@ | 2026-03-13 | [SnapRAID & MergerFS Storage Setup](01-linux/storage/snapraid-mergerfs-setup.md) | Linux | | 2026-03-13 | [Qwen2.5-14B OOM on RTX 3080 Ti (12GB)](05-troubleshooting/gpu-display/qwen-14b-oom-3080ti.md) | Troubleshooting | | 2026-03-13 | [Apache Outage: Fail2ban Self-Ban + Missing iptables Rules](05-troubleshooting/networking/fail2ban-self-ban-apache-outage.md) | Troubleshooting | -| 2026-03-12 | [Docker & Caddy Recovery After Reboot](05-troubleshooting/docker-caddy-selinux-post-reboot-recovery.md) | Troubleshooting | --- @@ -120,7 +123,6 @@ | Topic | Domain | Priority | From Gap? | |---|---|---|---| -| KeePassXC self-hosted password management | Open Source | High | No | | Docker Compose networking deep dive | Self-Hosting | High | No | | Troubleshooting NVIDIA on Linux | Troubleshooting | Medium | No | | Pi-hole setup and local DNS | Self-Hosting | Medium | No |