convert setup to use config.yml

util/Setup/Templates/AppId.hbs

@@ -0,0 +1,15 @@
+{
+  "trustedFacets": [
+    {
+      "version": {
+        "major": 1,
+        "minor": 0
+      },
+      "ids": [
+        "{{{Url}}}",
+        "ios:bundle-id:com.8bit.bitwarden",
+        "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"
+      ]
+    }
+  ]
+}

util/Setup/Templates/DockerCompose.hbs

@@ -0,0 +1,133 @@
+# https://docs.docker.com/compose/compose-file/
+#
+# WARNING: This file is generated. Do not make changes to this file.
+# They will be overwritten on update. If you want to make additions to
+# this file, you can create a `docker-compose.override.yml` file in the
+# same directory and it will be merged into this file at runtime.
+
+version: '3'
+
+services:
+  mssql:
+    image: bitwarden/mssql:{{{CoreVersion}}}
+    container_name: bitwarden-mssql
+    restart: always
+    volumes:
+{{#if MssqlDataDockerVolume}}
+        - mssql_data:/var/opt/mssql/data
+{{else}}
+        - ../mssql/data:/var/opt/mssql/data
+{{/if}}
+      - ../logs/mssql:/var/opt/mssql/log
+      - ../mssql/backups:/etc/bitwarden/mssql/backups
+    env_file:
+      - mssql.env
+      - ../env/uid.env
+      - ../env/mssql.override.env
+
+  web:
+    image: bitwarden/web:{{{WebVersion}}}
+    container_name: bitwarden-web
+    restart: always
+    volumes:
+      - ../web:/etc/bitwarden/web
+    env_file:
+      - global.env
+      - ../env/uid.env
+
+  attachments:
+    image: bitwarden/attachments:{{{CoreVersion}}}
+    container_name: bitwarden-attachments
+    restart: always
+    volumes:
+      - ../core/attachments:/etc/bitwarden/core/attachments
+    env_file:
+      - global.env
+      - ../env/uid.env
+
+  api:
+    image: bitwarden/api:{{{CoreVersion}}}
+    container_name: bitwarden-api
+    restart: always
+    volumes:
+      - ../core:/etc/bitwarden/core
+      - ../ca-certificates:/etc/bitwarden/ca-certificates
+      - ../logs/api:/etc/bitwarden/logs
+    env_file:
+      - global.env
+      - ../env/uid.env
+      - ../env/global.override.env
+
+  identity:
+    image: bitwarden/identity:{{{CoreVersion}}}
+    container_name: bitwarden-identity
+    restart: always
+    volumes:
+      - ../identity:/etc/bitwarden/identity
+      - ../core:/etc/bitwarden/core
+      - ../ca-certificates:/etc/bitwarden/ca-certificates
+      - ../logs/identity:/etc/bitwarden/logs
+    env_file:
+      - global.env
+      - ../env/uid.env
+      - ../env/global.override.env
+
+  admin:
+    image: bitwarden/admin:{{{CoreVersion}}}
+    container_name: bitwarden-admin
+    restart: always
+    volumes:
+      - ../core:/etc/bitwarden/core
+      - ../ca-certificates:/etc/bitwarden/ca-certificates
+      - ../logs/admin:/etc/bitwarden/logs
+    env_file:
+      - global.env
+      - ../env/uid.env
+      - ../env/global.override.env
+
+  icons:
+    image: bitwarden/icons:{{{CoreVersion}}}
+    container_name: bitwarden-icons
+    restart: always
+    volumes:
+      - ../ca-certificates:/etc/bitwarden/ca-certificates
+      - ../logs/icons:/etc/bitwarden/logs
+    env_file:
+      - global.env
+      - ../env/uid.env
+
+  notifications:
+    image: bitwarden/notifications:{{{CoreVersion}}}
+    container_name: bitwarden-notifications
+    restart: always
+    volumes:
+      - ../ca-certificates:/etc/bitwarden/ca-certificates
+      - ../logs/notifications:/etc/bitwarden/logs
+    env_file:
+      - global.env
+      - ../env/uid.env
+      - ../env/global.override.env
+
+  nginx:
+    image: bitwarden/nginx:{{{CoreVersion}}}
+    container_name: bitwarden-nginx
+    restart: always
+    ports:
+{{#if HttpPort}}
+      - '{{{HttpPort}}}:8080'
+{{/if}}
+{{#if HttpsPort}}
+      - '{{{HttpsPort}}}:8443'
+{{/if}}
+    volumes:
+      - ../nginx:/etc/bitwarden/nginx
+      - ../letsencrypt:/etc/letsencrypt
+      - ../ssl:/etc/ssl
+      - ../logs/nginx:/var/log/nginx
+    env_file:
+      - ../env/uid.env
+{{#if MssqlDataDockerVolume}}
+
+volumes:
+  mssql_data:
+{{/if}}

util/Setup/Templates/EnvironmentFile.hbs

@@ -0,0 +1,3 @@
+{{#each Variables}}
+{{{Key}}}={{{Value}}}
+{{/each}}

util/Setup/Templates/NginxConfig.hbs

@@ -0,0 +1,99 @@
+# WARNING: This file is generated. Do not make changes to this file.
+# They will be overwritten on update.
+
+server {
+  listen 8080 default_server;
+  listen [::]:8080 default_server;
+  server_name {{{Domain}}};
+{{#if Ssl}}
+
+  return 301 {{{Url}}}$request_uri;
+}
+
+server {
+  listen 8443 ssl http2;
+  listen [::]:8443 ssl http2;
+  server_name {{{Domain}}};
+
+  ssl_certificate {{{CertificatePath}}};
+  ssl_certificate_key {{{KeyPath}}};
+  ssl_session_timeout 30m;
+  ssl_session_cache shared:SSL:20m;
+  ssl_session_tickets off;
+{{#if DiffieHellmanPath}}
+
+  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
+  ssl_dhparam {{{DiffieHellmanPath}}};
+{{/if}}
+
+  # SSL protocol TLSv1.2 is allowed. Disabled SSLv3, TLSv1, and TLSv1.1
+  ssl_protocols TLSv1.2;
+  # Enable most secure cipher suites only.
+  ssl_ciphers "{{{SslCiphers}}}";
+  # Enables server-side protection from BEAST attacks
+  ssl_prefer_server_ciphers on;
+{{#if CaPath}}
+
+  # OCSP Stapling ---
+  # Fetch OCSP records from URL in ssl_certificate and cache them
+  ssl_stapling on;
+  ssl_stapling_verify on;
+
+  # Verify chain of trust of OCSP response using Root CA and Intermediate certs
+  ssl_trusted_certificate {{{CaPath}}};
+  resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s;
+{{/if}}
+{{/if}}
+
+  # Security headers
+  add_header Referrer-Policy same-origin;
+  #add_header X-Frame-Options SAMEORIGIN;
+{{#if Ssl}}
+  add_header X-Content-Type-Options nosniff;
+  # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack. 6 months age
+  add_header Strict-Transport-Security max-age=15768000;
+{{/if}}
+
+  location / {
+    proxy_pass http://web:5000/;
+    # Security headers
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Content-Security-Policy "{{{ContentSecurityPolicy}}}";
+  }
+
+  location = /app-id.json {
+    proxy_pass http://web:5000/app-id.json;
+    proxy_hide_header Content-Type;
+    add_header Content-Type $fido_content_type;
+  }
+
+  location /attachments/ {
+    proxy_pass http://attachments:5000/;
+  }
+
+  location /api/ {
+    proxy_pass http://api:5000/;
+  }
+
+  location /identity/ {
+    proxy_pass http://identity:5000/;
+  }
+
+  location /icons/ {
+    proxy_pass http://icons:5000/;
+  }
+
+  location /notifications/ {
+    proxy_pass http://notifications:5000/;
+  }
+
+  location /notifications/hub {
+    proxy_pass http://notifications:5000/hub;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+  }
+
+  location /admin {
+    proxy_pass http://admin:5000;
+  }
+}