wiki: add Vaultwarden article to privacy-security section

Add 03-opensource/privacy-security/vaultwarden.md covering deployment
with Docker Compose, Caddy reverse proxy, client setup, access model
via Tailscale, and SQLite backup. Remove KeePassXC from backlog.

Article count: 31 → 32. Open source section: 4 → 5.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

03-opensource/index.md

@@ -14,4 +14,4 @@ A curated collection of my favorite open-source tools and privacy-respecting alt
 - *Coming soon*
 
 ## 🔐 Privacy & Security
-- *Coming soon*
+- [Vaultwarden: Self-Hosted Password Manager](privacy-security/vaultwarden.md)

03-opensource/privacy-security/vaultwarden.md

@@ -0,0 +1,95 @@
+# Vaultwarden — Self-Hosted Password Manager
+
+## Problem
+
+Password managers are a necessity, but handing your credentials to a third-party cloud service is a trust problem. Bitwarden is open source and privacy-respecting, but if you're already running a homelab, there's no reason to depend on their servers.
+
+## Solution
+
+[Vaultwarden](https://github.com/dani-garcia/vaultwarden) is an unofficial, lightweight Bitwarden-compatible server written in Rust. It exposes the same API that all official Bitwarden clients speak — desktop apps, browser extensions, mobile apps — so you get the full Bitwarden UX pointed at your own hardware.
+
+Your passwords never leave your network.
+
+---
+
+## Deployment (Docker + Caddy)
+
+### docker-compose.yml
+
+```yaml
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    environment:
+      - DOMAIN=https://vault.yourdomain.com
+      - SIGNUPS_ALLOWED=false   # disable after creating your account
+    volumes:
+      - ./vw-data:/data
+    ports:
+      - "8080:80"
+```
+
+Start it:
+
+```bash
+sudo docker compose up -d
+```
+
+### Caddy reverse proxy
+
+```
+vault.yourdomain.com {
+    reverse_proxy localhost:8080
+}
+```
+
+Caddy handles TLS automatically. No extra cert config needed.
+
+---
+
+## Initial Setup
+
+1. Browse to `https://vault.yourdomain.com` and create your account
+2. Set `SIGNUPS_ALLOWED=false` in the compose file and restart the container
+3. Install any official Bitwarden client (browser extension, desktop, mobile)
+4. In the client, set the **Server URL** to `https://vault.yourdomain.com` before logging in
+
+That's it. The client has no idea it's not talking to Bitwarden's servers.
+
+---
+
+## Access Model
+
+On MajorInfrastructure, Vaultwarden runs on **majorlab** and is accessible:
+
+- **Internally** — via Caddy on the local network
+- **Remotely** — via Tailscale; vault is reachable from any device on the tailnet without exposing it to the public internet
+
+This means the Caddy vhost does not need to be publicly routable. You can choose to expose it publicly (Let's Encrypt works fine) or keep it Tailscale-only.
+
+---
+
+## Backup
+
+Vaultwarden stores everything in a single SQLite database at `./vw-data/db.sqlite3`. Back it up like any file:
+
+```bash
+# Simple copy (stop container first for consistency, or use sqlite backup mode)
+sqlite3 /path/to/vw-data/db.sqlite3 ".backup '/path/to/backup/vw-backup-$(date +%F).sqlite3'"
+```
+
+Or include the `vw-data/` directory in your regular rsync backup run.
+
+---
+
+## Why Not Bitwarden (Official)?
+
+The official Bitwarden server is also open source but requires significantly more resources (multiple services, SQL Server). Vaultwarden runs in a single container on minimal RAM and handles everything a personal or family vault needs.
+
+---
+
+## Tags
+
+#vaultwarden #bitwarden #passwords #privacy #self-hosting #docker #linux

MajorWiki-Deploy-Status.md

@@ -31,7 +31,7 @@ DNS record and Caddy entry have been removed.
 
 ## Content
 
-- 31 articles across 5 domains
+- 32 articles across 5 domains
 - Source of truth: `MajorVault/20-Projects/MajorTwin/08-Wiki/`
 - Deployed via Gitea webhook (push from MajorAir → auto-pull on majorlab)
 

README.md

@@ -3,7 +3,7 @@
 > A growing reference of Linux, self-hosting, open source, streaming, and troubleshooting guides. Written by MajorLinux. Used by MajorTwin.
 >
 **Last updated:** 2026-03-13
-**Article count:** 31
+**Article count:** 32
 
 ## Domains
 
@@ -11,7 +11,7 @@
 |---|---|---|
 | 🐧 Linux & Sysadmin | `01-linux/` | 9 |
 | 🏠 Self-Hosting & Homelab | `02-selfhosting/` | 8 |
-| 🔓 Open Source Tools | `03-opensource/` | 4 |
+| 🔓 Open Source Tools | `03-opensource/` | 5 |
 | 🎙️ Streaming & Podcasting | `04-streaming/` | 1 |
 | 🔧 General Troubleshooting | `05-troubleshooting/` | 9 |
 
@@ -78,6 +78,9 @@
 - [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) — lightweight terminal multiplexer, universally available
 - [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) — incremental file sync locally and over SSH, survives interruptions
 
+### Privacy & Security
+- [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) — Bitwarden-compatible server in a single Docker container, passwords stay on your hardware
+
 ---
 
 ## 🎙️ Streaming & Podcasting
@@ -104,6 +107,7 @@
 
 | Date | Article | Domain |
 |---|---|---|
+| 2026-03-13 | [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) | Open Source |
 | 2026-03-13 | [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md) | Open Source |
 | 2026-03-13 | [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) | Open Source |
 | 2026-03-13 | [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) | Open Source |
@@ -112,7 +116,6 @@
 | 2026-03-13 | [SnapRAID & MergerFS Storage Setup](01-linux/storage/snapraid-mergerfs-setup.md) | Linux |
 | 2026-03-13 | [Qwen2.5-14B OOM on RTX 3080 Ti (12GB)](05-troubleshooting/gpu-display/qwen-14b-oom-3080ti.md) | Troubleshooting |
 | 2026-03-13 | [Apache Outage: Fail2ban Self-Ban + Missing iptables Rules](05-troubleshooting/networking/fail2ban-self-ban-apache-outage.md) | Troubleshooting |
-| 2026-03-12 | [Docker & Caddy Recovery After Reboot](05-troubleshooting/docker-caddy-selinux-post-reboot-recovery.md) | Troubleshooting |
 
 ---
 
@@ -120,7 +123,6 @@
 
 | Topic | Domain | Priority | From Gap? |
 |---|---|---|---|
-| KeePassXC self-hosted password management | Open Source | High | No |
 | Docker Compose networking deep dive | Self-Hosting | High | No |
 | Troubleshooting NVIDIA on Linux | Troubleshooting | Medium | No |
 | Pi-hole setup and local DNS | Self-Hosting | Medium | No |

SUMMARY.md

@@ -8,6 +8,7 @@
     * [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md)
     * [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md)
     * [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md)
+    * [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md)
 * [Streaming](04-streaming/index.md)
     * [Introduction](04-streaming/index.md)
 * [Troubleshooting](05-troubleshooting/index.md)

index.md

@@ -3,7 +3,7 @@
 > A growing reference of Linux, self-hosting, open source, streaming, and troubleshooting guides. Written by MajorLinux. Used by MajorTwin.
 >
 > **Last updated:** 2026-03-13
-> **Article count:** 31
+> **Article count:** 32
 
 ## Domains
 
@@ -11,7 +11,7 @@
 |---|---|---|
 | 🐧 Linux & Sysadmin | `01-linux/` | 9 |
 | 🏠 Self-Hosting & Homelab | `02-selfhosting/` | 8 |
-| 🔓 Open Source Tools | `03-opensource/` | 4 |
+| 🔓 Open Source Tools | `03-opensource/` | 5 |
 | 🎙️ Streaming & Podcasting | `04-streaming/` | 1 |
 | 🔧 General Troubleshooting | `05-troubleshooting/` | 9 |
 
@@ -78,6 +78,9 @@
 - [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) — lightweight terminal multiplexer, universally available
 - [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) — incremental file sync locally and over SSH, survives interruptions
 
+### Privacy & Security
+- [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) — Bitwarden-compatible server in a single Docker container, passwords stay on your hardware
+
 ---
 
 ## 🎙️ Streaming & Podcasting
@@ -104,6 +107,7 @@
 
 | Date | Article | Domain |
 |---|---|---|
+| 2026-03-13 | [Vaultwarden: Self-Hosted Password Manager](03-opensource/privacy-security/vaultwarden.md) | Open Source |
 | 2026-03-13 | [tmux: Persistent Terminal Sessions](03-opensource/dev-tools/tmux.md) | Open Source |
 | 2026-03-13 | [screen: Simple Persistent Sessions](03-opensource/dev-tools/screen.md) | Open Source |
 | 2026-03-13 | [rsync: Fast, Resumable File Transfers](03-opensource/dev-tools/rsync.md) | Open Source |
@@ -112,7 +116,6 @@
 | 2026-03-13 | [SnapRAID & MergerFS Storage Setup](01-linux/storage/snapraid-mergerfs-setup.md) | Linux |
 | 2026-03-13 | [Qwen2.5-14B OOM on RTX 3080 Ti (12GB)](05-troubleshooting/gpu-display/qwen-14b-oom-3080ti.md) | Troubleshooting |
 | 2026-03-13 | [Apache Outage: Fail2ban Self-Ban + Missing iptables Rules](05-troubleshooting/networking/fail2ban-self-ban-apache-outage.md) | Troubleshooting |
-| 2026-03-12 | [Docker & Caddy Recovery After Reboot](05-troubleshooting/docker-caddy-selinux-post-reboot-recovery.md) | Troubleshooting |
 
 ---
 
@@ -120,7 +123,6 @@
 
 | Topic | Domain | Priority | From Gap? |
 |---|---|---|---|
-| KeePassXC self-hosted password management | Open Source | High | No |
 | Docker Compose networking deep dive | Self-Hosting | High | No |
 | Troubleshooting NVIDIA on Linux | Troubleshooting | Medium | No |
 | Pi-hole setup and local DNS | Self-Hosting | Medium | No |