[mod] vault

.vscode/extensions.json

@@ -1,11 +1,17 @@
 {
     "recommendations": [
-        "quodatum.ext1",
         "quodatum.vscode-basex",
         "ms-azuretools.vscode-docker",
         "dbaeumer.vscode-eslint",
         "eamodio.gitlens",
         "kelvin.vscode-sshfs",
-        "alefragnani.project-manager"
+        "alefragnani.project-manager",
+        "redhat.vscode-xml",
+        "deltaxml.xpath-notebook",
+        "maattdd.gitless",
+        "buenon.scratchpads",
+        "bierner.markdown-mermaid",
+        "mfederczuk.w3c-ebnf",
+        "quodatum.xquery-notebook"
     ]
 }

code-serverx/config/.vscode/extensions.json

@@ -1,11 +1,17 @@
 {
     "recommendations": [
+        "quodatum.vscode-basex",
         "ms-azuretools.vscode-docker",
         "dbaeumer.vscode-eslint",
         "eamodio.gitlens",
         "kelvin.vscode-sshfs",
         "alefragnani.project-manager",
-        "johnpapa.vscode-peacock",
+        "redhat.vscode-xml",
-        "nonoroazoro.syncing"
+        "deltaxml.xpath-notebook",
+        "maattdd.gitless",
+        "buenon.scratchpads",
+        "bierner.markdown-mermaid",
+        "mfederczuk.w3c-ebnf",
+        "quodatum.xquery-notebook"
     ]
 }

vaultwarden/Caddyfile

@@ -0,0 +1,56 @@
+{$DOMAIN}:443 {
+
+  log {
+    level INFO
+
+    output file {$LOG_FILE} {
+
+      roll_size 10MB
+
+      roll_keep 10
+    }
+
+  }
+
+  # Get a cert by using the ACME HTTP-01 challenge.
+
+  tls {$EMAIL}
+  encode gzip
+
+  # Headers to improve security.
+
+  header {
+
+  # Enable HSTS
+
+  Strict-Transport-Security "max-age=31536000;"
+
+  # Enable cross-site filter (XSS)
+
+  X-XSS-Protection "1; mode=block"
+
+  # Disallow the site to be rendered within a frame (clickjacking protection)
+
+  X-Frame-Options "DENY"
+
+  # Prevent search engines from indexing
+
+  X-Robots-Tag "none"
+
+  # Remove Caddy branding
+
+  -Server
+
+  }
+
+  # Redirect notifications to the WebSocket.
+
+  reverse_proxy /notifications/hub vaultwarden:3012
+
+  reverse_proxy vaultwarden:80 {
+
+       header_up X-Real-IP {remote_host}
+
+  }
+
+}

vaultwarden/docker-compose.yml

@@ -1,34 +1,29 @@
-version: '3'
+version: '3'
-
+
-services:
+services:
-  vaultwarden:
+
-    container_name: vaultwarden
+  vaultwarden:
-    image: vaultwarden/server:latest
+    image: vaultwarden/server:latest
-    restart: unless-stopped
+    container_name: vaultwarden
-    volumes:
+    restart: always
-      - ./vw-data/:/data/
+    environment:
-    ports:
+      - WEBSOCKET_ENABLED=true
-      - 8882:80
+    volumes:
-    environment:
+      - ./vw-data:/data
-      - DOMAIN=https://quodatum.duckns.org
+
-      - LOGIN_RATELIMIT_MAX_BURST=10
+  caddy:
-      - LOGIN_RATELIMIT_SECONDS=60
+    image: caddy:2
-      - ADMIN_RATELIMIT_MAX_BURST=10
+    container_name: caddy
-      - ADMIN_RATELIMIT_SECONDS=60
+    restart: always
-      - ADMIN_TOKEN=
+    ports:
-      - SENDS_ALLOWED=true
+      - 84:80
-      - EMERGENCY_ACCESS_ALLOWED=true
+      - 444:443
-      - WEB_VAULT_ENABLED=true
+    volumes:
-      - SIGNUPS_ALLOWED=false
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
-      - SIGNUPS_VERIFY=true
+      - ./caddy-config:/config
-      - SIGNUPS_VERIFY_RESEND_TIME=3600
+      - ./caddy-data:/data
-      - SIGNUPS_VERIFY_RESEND_LIMIT=5
+    environment:
-      - SIGNUPS_DOMAINS_WHITELIST=orlop.duckdns.org
+      - DOMAIN=https://vault.quodatum.duckdns.org
-      - SMTP_HOST=smtp.gmail.com
+      - EMAIL=bunce.andy@gmail.com
-      - SMTP_FROM=bunce.andy@gmail.com
+      - LOG_FILE=/data/access.log
-      - SMTP_FROM_NAME=Vaultwarden
+
-      - SMTP_SECURITY=starttls
-      - SMTP_PORT=465
-      - SMTP_USERNAME=bunce.andy@gmail.com
-      - SMTP_PASSWORD= etsyjkzdzkzhnztf
-      - SMTP_AUTH_MECHANISM=

vaultwarden/readme.md

@@ -1 +1,3 @@
+https://webdock.io/en/docs/how-guides/app-installation-and-setup/how-install-vaultwarden-your-webdock-server
+# was
 https://www.techaddressed.com/tutorials/vaultwarden-docker-compose/