Merge pull request #7 from dlen/feature/passbolt

Add passbolt pw manager
This commit is contained in:
LRVT 2023-02-27 14:18:36 +01:00 committed by GitHub
commit 7c8e2edaa3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 61 additions and 5 deletions

View File

@ -47,11 +47,12 @@ docker compose up
### Password Management ### Password Management
- [Vaultwarden](examples/vaultwarden) - Lightweight Bitwarden server API implementation written in Rust. Unlocks paid Bitwarden features such as 2FA. - [Vaultwarden](examples/vaultwarden) - Lightweight Bitwarden server API implementation written in Rust. Unlocks paid Bitwarden features such as 2FA.
- [Bitwarden Unified](examples/bitwarden-unified) - Official Bitwarden deployment option (beta) targeting selfhosters by providing a resource-efficient, single Docker image with multiple database support. - [Bitwarden Unified](examples/bitwarden-unified) - Official Bitwarden deployment option (beta) targeting selfhosters by providing a resource-efficient, single Docker image with multiple database support.
- [Passbolt CE](examples/passbolt) - Passbolt CE open source password manager for teams based on GPG.
### Reverse Proxies ### Reverse Proxies
- [Traefik](examples/traefik) - Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Marathon, …) to manage its configuration automatically and dynamically. - [Traefik](examples/traefik) - Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Marathon, …) to manage its configuration automatically and dynamically.
- [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination. - [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination.
- [Caddy](examples/caddy) - The Caddy web server is an extensible, cross-platform, open-source web server written in Go. Caddy obtains and renews TLS certificates for your sites automatically. - [Caddy](examples/caddy) - The Caddy web server is an extensible, cross-platform, open-source web server written in Go. Caddy obtains and renews TLS certificates for your sites automatically.
### Virtual Private Network (VPN) ### Virtual Private Network (VPN)
@ -62,7 +63,7 @@ docker compose up
- ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO. - ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
### Domain Name Service (DNS) ### Domain Name Service (DNS)
- [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking. - [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking.
- [AdGuard Home Sync](examples/adguard-home-sync) - Synchronize AdGuardHome config to replica instances. - [AdGuard Home Sync](examples/adguard-home-sync) - Synchronize AdGuardHome config to replica instances.
- [Technitium DNS](examples/technitium-dns) - An open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. - [Technitium DNS](examples/technitium-dns) - An open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security.
- [Pihole](examples/pihole) - Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network. - [Pihole](examples/pihole) - Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.
@ -72,7 +73,7 @@ docker compose up
- [Gitea](examples/gitea) - Community managed fork of Gogs, lightweight code hosting solution. - [Gitea](examples/gitea) - Community managed fork of Gogs, lightweight code hosting solution.
- [Drone](examples/drone) - Drone is a continuous delivery system built on container technology. Drone uses a simple YAML build file, to define and execute build pipelines inside Docker containers. - [Drone](examples/drone) - Drone is a continuous delivery system built on container technology. Drone uses a simple YAML build file, to define and execute build pipelines inside Docker containers.
- [Gitlab Community](examples/gitlab-ce) - Self Hosted Git repository management, code reviews, issue tracking, activity feeds and wikis. - [Gitlab Community](examples/gitlab-ce) - Self Hosted Git repository management, code reviews, issue tracking, activity feeds and wikis.
- [Code-Server](examples/code-server) - VS Code in the browser, hosted on a remote server. - [Code-Server](examples/code-server) - VS Code in the browser, hosted on a remote server.
- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser. - [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
- [Onedev](examples/onedev) - Self-hosted Git Server with CI/CD and Kanban. - [Onedev](examples/onedev) - Self-hosted Git Server with CI/CD and Kanban.
- [n8n](examples/n8n) - Free and source-available fair-code licensed workflow automation tool. Easily automate tasks across different services. - [n8n](examples/n8n) - Free and source-available fair-code licensed workflow automation tool. Easily automate tasks across different services.
@ -164,7 +165,7 @@ docker compose up
### Finance ### Finance
- [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data. - [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data.
- [Money-Balancer](examples/money-balancer) - A simple application for managing debt with your friends! - [Money-Balancer](examples/money-balancer) - A simple application for managing debt with your friends!
- [Firefly III](examples/firefly-iii) - A self-hosted manager for your personal finances. - [Firefly III](examples/firefly-iii) - A self-hosted manager for your personal finances.
### Communication and Social ### Communication and Social
- [Mirotalk P2P](examples/mirotalk) - Simple, Secure, Fast Real-Time Video Conferences Up to 4k and 60fps, compatible with all browsers and platforms. - [Mirotalk P2P](examples/mirotalk) - Simple, Secure, Fast Real-Time Video Conferences Up to 4k and 60fps, compatible with all browsers and platforms.

View File

@ -0,0 +1,17 @@
# References
- https://www.passbolt.com
# Notes
Passbolt container runs as specific user with a UID and GUID of `33`.
Therefore, ensure proper permissions on the Docker data bind mount volumes:
````
sudo chgrp 33 /mnt/docker-volumes/passbolt/gpg
sudo chmod 770 /mnt/docker-volumes/passbolt/gpg
sudo chgrp 33 /mnt/docker-volumes/passbolt/jwt
sudo chmod 770 /mnt/docker-volumes/passbolt/jwt
````

View File

@ -0,0 +1,38 @@
version: '3.9'
services:
db:
image: mariadb:10.3
container_name: passbolt-db
hostname: passbolt-db
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "P4ssb0lt"
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/mariadb:/var/lib/mysql
passbolt:
image: passbolt/passbolt:latest-ce # alternatively, you can use the rootless image passbolt/passbolt:latest-ce-non-root
container_name: passbolt
hostname: passbolt
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: http://127.0.0.1:8543 # adjust http/https and add your hostname or domain
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
DATASOURCES_DEFAULT_DATABASE: "passbolt"
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/gpg:/etc/passbolt/gpg
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/jwt:/etc/passbolt/jwt
command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
ports:
- 8543:80 # HTTP
- 8432:443 # HTTPS
# - 8543:8080 # alternative port mappings if rootless image is used
# - 8432:4433 # alternative port mappings if rootless image is used