First commit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Adrien
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,59 @@
+# bw-updater
+This script checks if the Bitwarden RS server is up to date, updates it if necessary and sends a message to a Telegram bot.
+
+## Introduction
+The trap to avoid when installing custom software is to update it. It seems obvious but it is never very easy because there is often a compilation part, interoperability management between bricks, backups and so on.
+
+## Requirements
+
+### Software
+It is clearly necessary to have deployed a Bitwarden RS instance on your server. I wrote an article about this topic here: https://illuad.fr/2020/06/11/install-a-bitwarden-rs-server.html
+
+Since a message is sent to a Telegram bot, it is necessary to have one configured. I wrote an article about this topic here: https://illuad.fr/2020/10/27/get-a-telegram-alert-on-a-ssh-login-with-pam.html
+
+### System
+This script can run on any GNU/Linux machine.
+
+This script uses `git`, `cargo`, `curl` and `restorecon` commands but if you have followed my article, some of them are required which means they will necessarily be installed.
+
+## Installation
+Since this script must be executed with root rights, it is a good practice to place it in `/usr/local/sbin/`.
+
+```
+sudo curl -Lo /usr/local/sbin/bw-updater -sSf https://gitea.illuad.fr/adrien/bw-updater/raw/branch/master/bw-updater
+sudo chmod 750 /usr/local/sbin/bw-updater
+```
+
+## Configuration
+This script requires the configuration of 3 variables to work: `key`, `chat_id` and `username`.
+
+Variables `key` and `chat_id` correspond to the API key and the chat id obtained during the bot creation process. The variable `username` must match the username with which you installed Bitwarden RS server.
+
+#### Fast variables setting
+For the `key` variable.
+
+```
+sudo sed -i "s/key=/key=<your_key>/" /usr/local/sbin/tls-checker
+```
+
+For the `chat_id` variable.
+
+```
+sudo sed -i "s/chat_id=/chat_id=<your_chat_id>/" /usr/local/sbin/tls-checker
+```
+
+For the `username` variable.
+
+```
+sudo sed -i "s/username=/username=<your_username>/" /usr/local/sbin/tls-checker
+```
+
+## Automation
+Running this script automatically is a good idea, here is what you should have in the cron jobs of the root user.
+
+```
+sudo crontab -l
+0 1 * * * /usr/local/sbin/bw-updater
+```
+
+Every day at 1:00 am, the script will check if the Bitwarden RS server is up to date.

bw-updater

@@ -0,0 +1,45 @@
+#! /usr/bin/env bash
+
+# abort on nonzero exitstatus
+set -o errexit
+
+# abort on unbound variable
+set -o nounset
+
+# don't hide errors within pipes
+set -o pipefail
+
+# set your API key here
+key=
+
+# set your chat id here
+chat_id=
+
+# set your username
+username=
+
+download_and_compile_bitwarden () {
+        rm --recursive --force /tmp/bitwarden
+        su --login "${username}" --command "git clone https://github.com/dani-garcia/bitwarden_rs.git /tmp/bitwarden"
+        su --login "${username}" --command "/home/${username}/.cargo/bin/cargo build --quiet --features sqlite --release --manifest-path=/tmp/bitwarden/Cargo.toml"
+        systemctl stop bitwarden.service
+        mv /tmp/bitwarden/target/release/bitwarden_rs /usr/local/bin/bitwarden
+        chown root:bitwarden /usr/local/bin/bitwarden
+        chmod 750 /usr/local/bin/bitwarden
+	restorecon /usr/local/bin/bitwarden
+        systemctl start bitwarden.service
+}
+
+function check_if_bitwarden_is_up_to_date {
+        local_release=$(/usr/local/bin/bitwarden --version | awk --field-separator '-' '{print $2}')
+        latest_release=$(git ls-remote https://github.com/dani-garcia/bitwarden_rs.git HEAD | awk '{print substr($1, 1, length($1) - 32)}')
+        if [ "${latest_release}" == "${local_release}" ]; then
+                curl -sSf -X POST https://api.telegram.org/"${key}"/sendMessage --data chat_id="${chat_id}" --data text="[Bitwarden] - Bitwarden RS is up to date (${local_release})" --output /dev/null
+        else
+                curl -sSf -X POST https://api.telegram.org/"${key}"/sendMessage --data chat_id="${chat_id}" --data text="[Bitwarden] - Bitwarden RS is not up to date (https://github.com/dani-garcia/bitwarden_rs/commit/${latest_release})" --output /dev/null
+                download_and_compile_bitwarden "${latest_release}"
+                curl -sSf -X POST https://api.telegram.org/"${key}"/sendMessage --data chat_id="${chat_id}" --data text="[Bitwarden] - Bitwarden RS has just been updated." --output /dev/null
+        fi
+}
+
+check_if_bitwarden_is_up_to_date