commit 803c689c27222a751f6ab5f6e00b52aec4e4c6af Author: adrien Date: Mon Dec 7 23:48:40 2020 +0100 First commit diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ae88d09 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 Adrien + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..deeaa23 --- /dev/null +++ b/README.md @@ -0,0 +1,59 @@ +# bw-updater +This script checks if the Bitwarden RS server is up to date, updates it if necessary and sends a message to a Telegram bot. + +## Introduction +The trap to avoid when installing custom software is to update it. It seems obvious but it is never very easy because there is often a compilation part, interoperability management between bricks, backups and so on. + +## Requirements + +### Software +It is clearly necessary to have deployed a Bitwarden RS instance on your server. I wrote an article about this topic here: https://illuad.fr/2020/06/11/install-a-bitwarden-rs-server.html + +Since a message is sent to a Telegram bot, it is necessary to have one configured. I wrote an article about this topic here: https://illuad.fr/2020/10/27/get-a-telegram-alert-on-a-ssh-login-with-pam.html + +### System +This script can run on any GNU/Linux machine. + +This script uses `git`, `cargo`, `curl` and `restorecon` commands but if you have followed my article, some of them are required which means they will necessarily be installed. + +## Installation +Since this script must be executed with root rights, it is a good practice to place it in `/usr/local/sbin/`. + +``` +sudo curl -Lo /usr/local/sbin/bw-updater -sSf https://gitea.illuad.fr/adrien/bw-updater/raw/branch/master/bw-updater +sudo chmod 750 /usr/local/sbin/bw-updater +``` + +## Configuration +This script requires the configuration of 3 variables to work: `key`, `chat_id` and `username`. + +Variables `key` and `chat_id` correspond to the API key and the chat id obtained during the bot creation process. The variable `username` must match the username with which you installed Bitwarden RS server. + +#### Fast variables setting +For the `key` variable. + +``` +sudo sed -i "s/key=/key=/" /usr/local/sbin/tls-checker +``` + +For the `chat_id` variable. + +``` +sudo sed -i "s/chat_id=/chat_id=/" /usr/local/sbin/tls-checker +``` + +For the `username` variable. + +``` +sudo sed -i "s/username=/username=/" /usr/local/sbin/tls-checker +``` + +## Automation +Running this script automatically is a good idea, here is what you should have in the cron jobs of the root user. + +``` +sudo crontab -l +0 1 * * * /usr/local/sbin/bw-updater +``` + +Every day at 1:00 am, the script will check if the Bitwarden RS server is up to date. diff --git a/bw-updater b/bw-updater new file mode 100644 index 0000000..b162ffa --- /dev/null +++ b/bw-updater @@ -0,0 +1,45 @@ +#! /usr/bin/env bash + +# abort on nonzero exitstatus +set -o errexit + +# abort on unbound variable +set -o nounset + +# don't hide errors within pipes +set -o pipefail + +# set your API key here +key= + +# set your chat id here +chat_id= + +# set your username +username= + +download_and_compile_bitwarden () { + rm --recursive --force /tmp/bitwarden + su --login "${username}" --command "git clone https://github.com/dani-garcia/bitwarden_rs.git /tmp/bitwarden" + su --login "${username}" --command "/home/${username}/.cargo/bin/cargo build --quiet --features sqlite --release --manifest-path=/tmp/bitwarden/Cargo.toml" + systemctl stop bitwarden.service + mv /tmp/bitwarden/target/release/bitwarden_rs /usr/local/bin/bitwarden + chown root:bitwarden /usr/local/bin/bitwarden + chmod 750 /usr/local/bin/bitwarden + restorecon /usr/local/bin/bitwarden + systemctl start bitwarden.service +} + +function check_if_bitwarden_is_up_to_date { + local_release=$(/usr/local/bin/bitwarden --version | awk --field-separator '-' '{print $2}') + latest_release=$(git ls-remote https://github.com/dani-garcia/bitwarden_rs.git HEAD | awk '{print substr($1, 1, length($1) - 32)}') + if [ "${latest_release}" == "${local_release}" ]; then + curl -sSf -X POST https://api.telegram.org/"${key}"/sendMessage --data chat_id="${chat_id}" --data text="[Bitwarden] - Bitwarden RS is up to date (${local_release})" --output /dev/null + else + curl -sSf -X POST https://api.telegram.org/"${key}"/sendMessage --data chat_id="${chat_id}" --data text="[Bitwarden] - Bitwarden RS is not up to date (https://github.com/dani-garcia/bitwarden_rs/commit/${latest_release})" --output /dev/null + download_and_compile_bitwarden "${latest_release}" + curl -sSf -X POST https://api.telegram.org/"${key}"/sendMessage --data chat_id="${chat_id}" --data text="[Bitwarden] - Bitwarden RS has just been updated." --output /dev/null + fi +} + +check_if_bitwarden_is_up_to_date