I hate docker. It's awful. I won't go into it.
Long story short, I want to run Bitwarden. Self compiling it looks like a nightmare. There is a really nice rust package out there for it, but I'm not sure I trust that more than the original, and I might have to self-compile it anyway...
So sigh, I'm building a VM, just to run one stupid docker container. Yay. So efficient.
First, I need systemd for it, so found this helpful post. It was almost correct.. so I have this:
[Unit]
Description=Bitwarden
Requires=docker.service
After=docker.service
[Service]
Type=oneshot
TimeoutSec=1200
ExecStart=/opt/bitwarden/bitwarden.sh start
RemainAfterExit=true
ExecStop=/opt/bitwarden/bitwarden.sh stop
[Install]
WantedBy=default.target
Mistake #1, symlinking the ssl certs. Bad. Changed this to a hardlink.
Bitwarden seems to eat about 3GB of disk once it's all installed.
Ram usage is kinda insane:
MiB Mem : 1995.2 total, 84.9 free, 966.5 used, 943.8 buff/cache
MiB Swap: 508.0 total, 473.5 free, 34.5 used. 855.9 avail Mem
Mabye a tad more?
MiB Mem : 2309.2 total, 67.6 free, 472.0 used, 1769.6 buff/cache
MiB Swap: 508.0 total, 484.6 free, 23.4 used. 1674.0 avail Mem
piggy.
OK.. so.. don't forget to set an admin user. Also SNMP. To do both of these you have to edit bwdata/env/global.override.env and then rebuild.
Every time you edit the bwdata/config.yml file, you have to run bitwarden.sh rebuild. Ugh. Thats painful.
Mistake #2. Don't run the rebuild after enabling it with systemd, unless you systemd stop it first, otherwise the rebuild fails.
Mistake #3. It takes like 2 minutes (no lie!) to start. Wow. If you connect to it while it's starting it behaves badly.
After all that pain. 2-3 hours. It's up. It eats alot of CPU. Docker seems utterly useless here. All it does is put it in an overcomplex ball of network interdependencies, bad shell scripts, and hideous mounts. I think it's just adding overhead. I feel like docker is installation instructions for dummies, rather than an actual useful thing.
Blah.
Addendum:
It turns out that if you turn on SSL in the container, you then can't get a reverse proxy sitting in front of it to function. So, some of this could have been easier from the get go. Luckily, you can just edit the config.yml, set ssl to no, and rebuild.