init version

.gitignore

@@ -0,0 +1,5 @@
+admin_token.txt
+.env
+fingerprint.txt
+_TO_BE_DELETED/
+backups/

docker-compose.yml

@@ -0,0 +1,24 @@
+---
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    env_file: .env
+    ports:
+      - "127.0.0.1:13003:80"
+    environment:
+      - ROCKET_ADDRESS=${ROCKET_ADDRESS}
+      - ROCKET_PORT=${ROCKET_PORT}
+      - DOMAIN=${DOMAIN}
+      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}
+      # - ADMIN_TOKEN_FILE=${ADMIN_TOKEN_FILE}
+    volumes:
+      - vaultwarden-data:/data
+    dns:
+      - 1.1.1.1
+      - 9.9.9.9
+
+volumes:
+  vaultwarden-data:
+    name: vaultwarden-data

tools/backup.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+# Daily backup for Vaultwarden data volume
+# Creates compressed tar.gz archives with 7-day rotation
+
+set -euo pipefail
+
+BACKUP_DIR="/srv/docker_services/www/sites/knusperkerne/vault/backups"
+VOLUME_NAME="vaultwarden-data"
+DATE=$(date +%F)
+ARCHIVE="$BACKUP_DIR/vaultwarden_${DATE}.tar.gz"
+
+mkdir -p "$BACKUP_DIR"
+
+echo "[INFO] Creating backup for Vaultwarden volume: $VOLUME_NAME"
+docker run --rm \
+  -v "${VOLUME_NAME}:/data:ro" \
+  -v "${BACKUP_DIR}:/backup" \
+  alpine tar czf "/backup/vaultwarden_${DATE}.tar.gz" /data
+
+# Keep only 7 most recent backups
+echo "[INFO] Rotating old backups..."
+ls -1t "$BACKUP_DIR"/vaultwarden_*.tar.gz | tail -n +8 | xargs -r rm -f
+
+echo "[OK] Backup completed: $ARCHIVE"

tools/create-env.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# Create .env for Vaultwarden (self-hosted Bitwarden)
+# No admin-token handling — purely environment setup.
+
+set -e
+
+ENV_FILE=".env"
+
+if [ -f "$ENV_FILE" ]; then
+  echo ".env already exists — skipping."
+  exit 0
+fi
+
+cat >"$ENV_FILE" <<'EOF'
+# Vaultwarden environment configuration
+DOMAIN=https://vault.knusperkerne.de
+ROCKET_ADDRESS=0.0.0.0
+ROCKET_PORT=80
+SIGNUPS_ALLOWED=false
+# ADMIN_TOKEN_FILE=/data/admin_token.txt
+EOF
+
+echo ".env created successfully."