Skip to content

Commit

Permalink
Add a persistent volume check.
Browse files Browse the repository at this point in the history
This will add a persistent volume check to make sure when running
containers someone is using a volume for persistent storage.

This check can be bypassed if someone configures
`I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable.

This should prevent issues like #2493 .
  • Loading branch information
BlackDex committed May 26, 2022
1 parent bf0b8d9 commit 40ed505
Show file tree
Hide file tree
Showing 18 changed files with 116 additions and 0 deletions.
6 changes: 6 additions & 0 deletions docker/Dockerfile.j2
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/amd64/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/amd64/Dockerfile.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/amd64/Dockerfile.buildx
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/amd64/Dockerfile.buildx.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/arm64/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/arm64/Dockerfile.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/arm64/Dockerfile.buildx
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/arm64/Dockerfile.buildx.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/armv6/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/armv6/Dockerfile.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/armv6/Dockerfile.buildx
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/armv6/Dockerfile.buildx.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/armv7/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/armv7/Dockerfile.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/armv7/Dockerfile.buildx
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
6 changes: 6 additions & 0 deletions docker/armv7/Dockerfile.buildx.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,12 @@ VOLUME /data
EXPOSE 80
EXPOSE 3012

# Create a special empty file which we check within the application.
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
# This file should disappear if a volume is mounted on-top of this using a docker volume.
RUN touch /data/vaultwarden_docker_persistent_volume_check

# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
Expand Down
14 changes: 14 additions & 0 deletions src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,20 @@ fn check_data_folder() {
}
exit(1);
}

let persistent_volume_check_file = format!("{data_folder}/vaultwarden_docker_persistent_volume_check");
let check_file = Path::new(&persistent_volume_check_file);
if check_file.exists() && std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err() {
error!(
"No persistent volume!\n\
########################################################################################\n\
# It looks like you did not configure a persistent volume! #\n\
# This will result in permanent data loss when the container is removed or updated! #\n\
# If you really want to use volatile storage set `I_REALLY_WANT_VOLATILE_STORAGE=true` #\n\
########################################################################################\n"
);
exit(1);
}
}

fn check_rsa_keys() -> Result<(), crate::error::Error> {
Expand Down

0 comments on commit 40ed505

Please sign in to comment.