From eba62f7bc48cca18b995120406fc0ec6fdd8b749 Mon Sep 17 00:00:00 2001
From: admin <admin@thebunkerops.ca>
Date: Wed, 21 May 2025 23:22:56 -0600
Subject: [PATCH] added vaultwarden

---
 .gitignore         |  2 ++
 README.md          |  5 +----
 config.sh          | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 docker-compose.yml | 17 +++++++++++++++++
 mkdocs/mkdocs.yml  |  2 +-
 5 files changed, 65 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 4fa3c4d..6603b4a 100755
--- a/.gitignore
+++ b/.gitignore
@@ -42,5 +42,7 @@ convertx-data/*
 answer-data/*
 !answer-data/.gitkeep
 
+# vw-data
+vw-data/*
 
 .vscode
diff --git a/README.md b/README.md
index 2eaa2cb..d2b31a1 100755
--- a/README.md
+++ b/README.md
@@ -77,12 +77,9 @@ cd changemaker
 
 For local development, cloudflare credentials can be ignored. 
 
-See [Setting Up Cloudflare Credentials](#setting-up-cloudflare-credentials) for how to get cloudflare credentials for config.sh.
+See [Setting Up Cloudflare Credentials](#setting-up-cloudflare-credentials) for how to get cloudflare credentials for config.sh. For local development, cloudflare credentials can be ignored. 
 
 ```bash
-chmod +x config.sh
-
-# Then run the configuration script. You will need your Cloudflare details.
 ./config.sh
 ```
 
diff --git a/config.sh b/config.sh
index 8ea3503..918afe1 100755
--- a/config.sh
+++ b/config.sh
@@ -295,6 +295,12 @@ ROCKETCHAT_MONGODB_REPLICA_SET=rs0
 ROCKETCHAT_MONGODB_ENABLE_JOURNAL=true
 ROCKETCHAT_MONGODB_ALLOW_EMPTY_PASSWORD=yes
 
+# Vaultwarden Configuration
+VAULTWARDEN_PORT=8200
+VAULTWARDEN_DOMAIN=https://vw.changeme.org
+VAULTWARDEN_SIGNUPS_ALLOWED=false
+VAULTWARDEN_ADMIN_TOKEN=$(generate_password 48)
+
 # Additional Configuration
 EOL
 
@@ -622,6 +628,39 @@ update_env_var "CF_DOMAIN" "$domain_name"
 
 echo "Cloudflare credentials have been updated."
 
+# Vaultwarden Configuration
+echo -e "\n---- Vaultwarden Configuration ----"
+read -p "Enter Vaultwarden domain URL [default: https://vw.$domain_name]: " vaultwarden_domain
+read -p "Enter Vaultwarden port [default: 8200]: " vaultwarden_port
+read -p "Allow new user signups? [y/N]: " vaultwarden_signups
+
+if [ -z "$vaultwarden_domain" ]; then
+  echo "Using default Vaultwarden domain: https://vw.$domain_name"
+  vaultwarden_domain="https://vw.$domain_name"
+fi
+
+if [ -z "$vaultwarden_port" ]; then
+  echo "Using default Vaultwarden port: 8200"
+  vaultwarden_port="8200"
+fi
+
+vaultwarden_signups_allowed="false"
+if [[ "$vaultwarden_signups" =~ ^[Yy]$ ]]; then
+  echo "Enabling user signups for Vaultwarden"
+  vaultwarden_signups_allowed="true"
+fi
+
+# Generate a secure admin token
+vaultwarden_admin_token=$(generate_password 48)
+
+# Update Vaultwarden settings
+update_env_var "VAULTWARDEN_PORT" "$vaultwarden_port"
+update_env_var "VAULTWARDEN_DOMAIN" "$vaultwarden_domain"
+update_env_var "VAULTWARDEN_SIGNUPS_ALLOWED" "$vaultwarden_signups_allowed"
+update_env_var "VAULTWARDEN_ADMIN_TOKEN" "$vaultwarden_admin_token"
+
+echo "Vaultwarden configuration updated."
+
 echo -e "\n---- Generating Random Strong Passwords ----"
 echo "Generating and updating passwords for all other services..."
 
@@ -758,9 +797,13 @@ EOL
   grep -E "^ROCKETCHAT_" "$temp_env" >> "$ENV_FILE.new"
   echo "" >> "$ENV_FILE.new"
   
+  echo "# Vaultwarden Configuration" >> "$ENV_FILE.new"
+  grep -E "^VAULTWARDEN_" "$temp_env" >> "$ENV_FILE.new"
+  echo "" >> "$ENV_FILE.new"
+  
   # Any variables that didn't fit in the above categories
   echo "# Additional Configuration" >> "$ENV_FILE.new"
-  grep -v -E "^DOMAIN=|^BASE_DOMAIN=|^LISTMONK_|^POSTGRES_|^MONICA_|^USER_ID=|^GROUP_ID=|^MKDOCS_|^FLATNOTES_|^GITEA_|^ANSWER_|^EXCALIDRAW_|^CODE_SERVER_|^USER_NAME=|^CF_|^NOCODB_|^OPEN_WEBUI_|^N8N_|^GENERIC_TIMEZONE=|^CONVERTX_|^ROCKETCHAT_" "$temp_env" >> "$ENV_FILE.new"
+  grep -v -E "^DOMAIN=|^BASE_DOMAIN=|^LISTMONK_|^POSTGRES_|^MONICA_|^USER_ID=|^GROUP_ID=|^MKDOCS_|^FLATNOTES_|^GITEA_|^ANSWER_|^EXCALIDRAW_|^CODE_SERVER_|^USER_NAME=|^CF_|^NOCODB_|^OPEN_WEBUI_|^N8N_|^GENERIC_TIMEZONE=|^CONVERTX_|^ROCKETCHAT_|^VAULTWARDEN_" "$temp_env" >> "$ENV_FILE.new"
   
   # Replace the current .env with the new one
   mv "$ENV_FILE.new" "$ENV_FILE"
diff --git a/docker-compose.yml b/docker-compose.yml
index ad553d8..e1b1b6e 100755
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -160,6 +160,23 @@ services:
     volumes:
       - ./assets/uploads:/listmonk/uploads:rw
 
+  # Vaultwarden - Password Manager
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden-changemaker
+    restart: unless-stopped
+    environment:
+      - DOMAIN=${VAULTWARDEN_DOMAIN:-https://vw.${DOMAIN}}
+      - WEBSOCKET_ENABLED=true
+      - SIGNUPS_ALLOWED=${VAULTWARDEN_SIGNUPS_ALLOWED:-false}
+      - ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN:-}
+    volumes:
+      - ./vw-data/:/data/
+    ports:
+      - "${VAULTWARDEN_PORT:-8200}:80"
+    networks:
+      - changemaker
+
   # Postgres database
   listmonk-db:
     image: postgres:17-alpine
diff --git a/mkdocs/mkdocs.yml b/mkdocs/mkdocs.yml
index 9611e9f..bf1cbbf 100755
--- a/mkdocs/mkdocs.yml
+++ b/mkdocs/mkdocs.yml
@@ -1,6 +1,6 @@
 site_name: Changemaker Documentation
 site_description: Demo site for Changemaker
-site_url: http://betteredmonton.org
+site_url: https://test.com
 site_author: Bunker Ops
 docs_dir: docs
 site_dir: site