Added Passbolt password manager (#462)

novaspirit · Aug 31, 2023 · 433474b · 433474b
1 parent f3c039a
commit 433474b
Show file tree

Hide file tree

Showing 7 changed files with 763 additions and 0 deletions.
diff --git a/docs/passbolt.md b/docs/passbolt.md
@@ -0,0 +1,112 @@
+# Install and setup instructions for Passbolt
+
+- [Introduction](#introduction)
+- [Installation](#installation)
+- [Setup first admin user](#setup-first-admin-user)
+- [Setup Android Mobile App](#setup-android-mobile-app)
+- [Acknowledgment / Troubleshoot](#acknowledgment--troubleshoot)
+
+
+## Introduction
+
+[Passbolt](https://www.passbolt.com) is an open source password manager with [MariaDB](https://mariadb.com) backend. 
+
+## Installation
+
+### Pre-Installation Steps
+
+Create directorys:
+```
+sudo mkdir /portainer/Files/AppData/Config/passbolt && \
+sudo mkdir /portainer/Files/AppData/Config/passbolt/certs
+```
+
+Generate a proper Self-signed certificate. Type in the code below and change it to your needs:
+```
+sudo openssl req -x509 \
+    -newkey rsa:4096 \
+    -days 120 \
+    -subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \
+    -nodes \
+    -addext "subjectAltName = DNS:passbolt.domain.tld" \
+    -keyout /portainer/Files/AppData/Config/passbolt/certs/key.pem \
+    -out /portainer/Files/AppData/Config/passbolt/certs/cert.pem
+```
+
+This command will output two files: **key.pem** and **cert.pem**.
+
+Of course, replace -subj values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName.
+
+You can use an IP address instead of a domain name for your self-signed certificate. If you do that, replace DNS with IP in subjectAltName. `Example: IP:127.0.0.1`
+
+### Install the App Template.
+
+Goto App Templates and click on "Passbolt". Change Configuration to your needs:
+- **PUID** (Enter your user's PUID here)
+- **PGID** (Enter your user's PGID here)
+- **TZ** (Enter your time zone here. See examples [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones))
+- **MYSQL_ROOT_PASSWORD** (Enter your MySql root password here)
+- **MYSQL_DATABASE** (Enter your Passbolt database name here)
+- **MYSQL_USER** (Enter your Passbolt database user here)
+- **MYSQL_PASSWORD** (Enter your Passbolt database password here)
+- **PASSBOLT_PORT** (Enter your Passbolt https port here)
+- **PASSBOLT_URL** (Enter your full Passbolt https base URL here. Including port if different from 443)
+- **EMAIL_FROM_NAME** (Enter your from email name)
+- **EMAIL_FROM_ADDRESS** (Enter your from email address)
+- **EMAIL_SMTP_SERVER** (Enter your email smtp server here)
+- **EMAIL_SMTP_PORT** (Enter your email smtp port here)
+- **EMAIL_USERNAME** (Enter your email username here)
+- **EMAIL_PASSWORD** (Enter your email password here)
+- **EMAIL_TLS** (Enter set TLS here)
+
+## Setup first admin user
+
+Go into Passbolt container console. Type in the code below and change it to your needs:
+```
+su -s /bin/bash -c "./bin/cake \
+    passbolt register_user \
+    -u [email protected] \
+    -f yourfirstname \
+    -l yourlastname \
+    -r admin" www-data
+```
+After that you get something like this:
+```
+     ____                  __          ____  
+    / __ \____  _____ ____/ /_  ____  / / /_ 
+   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
+  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
+ /_/    \__,_/____/____/_.___/\____/_/\__/   
+
+ Open source password manager for teams
+-------------------------------------------------------------------------------
+User saved successfully.
+To start registration follow the link provided in your mailbox or here: 
+https://passbolt.local/setup/start/9fb7180d-b44b-41bf-bf77-8c5ab23e8cbc/966ce549-18ec-4b12-9171-9a1bb2f1a393
+```
+Now you should get an email. Open it and click on `get starded`.
+
+If you do not get an email:
+- Double check configuration above
+- Have a look into your spam folder
+- Copy the url above and paste it in browser
+
+You may have to accept self signed certificate and/or install Passbolt browser add-on.
+
+Proceed with `Welcome to Passbolt, please select a passphrase!`.
+
+## Setup Android Mobile App
+
+### Import certificate on mobile application
+[How to import SSL certificate on mobile application](https://help.passbolt.com/faq/hosting/how-to-import-ssl-certificate-on-mobile)
+
+### Transfer your account key
+In your desktop browser go to log in to Passbolt, navigate to `your user > Mobile Transfer` and follow the steps.
+
+
+## Acknowledgment / Troubleshoot
+- Help: [Docker passbolt installation](https://help.passbolt.com/hosting/install/ce/docker)
+- Help: [iOS / Android Mobile FAQ](https://help.passbolt.com/faq/hosting/mobile-faq)
+- Help: [How to import SSL certificate on mobile application](https://help.passbolt.com/faq/hosting/how-to-import-ssl-certificate-on-mobile)
+- Help: [Troubleshoot SSL](https://help.passbolt.com/faq/hosting/troubleshoot-ssl)
+- GitHub: [https://github.com/passbolt/passbolt_docker](https://github.com/passbolt/passbolt_docker)
diff --git a/pi-hosted_template/template/portainer-v2.json b/pi-hosted_template/template/portainer-v2.json
@@ -2667,6 +2667,122 @@
 			"type": 3,
 			"note": "<b>Template created by Pi-Hosted Series</b><br><b>Check our Github page: <a href=\"https://github.com/pi-hosted/pi-hosted\" target=\"_blank\">https://github.com/pi-hosted/pi-hosted</a></b><br><br><b>Official Webpage: </b><a href=\"https://github.com/paperless-ngx/paperless-ngx\" target=\"_blank\">https://github.com/paperless-ngx/paperless-ngx</a><br><b>Official Docker Documentation: </b><a href=\"https://github.com/paperless-ngx/paperless-ngx\" target=\"_blank\">https://github.com/paperless-ngx/paperless-ngx</a><br><br><br>"
 		},
+		{
+			"categories": [
+				"Other",
+				"Tools"
+			],
+			"description": "Passbolt is a free and open source password manager designed for collaboration. With Passbolt you can securely generate, store, manage and monitor your team credentials. Get access to all of your logins and passwords from multiple browsers or even your mobile phone.",
+			"env": [
+				{
+					"default": "1000",
+					"description": "Enter your user's PUID here",
+					"label": "PUID",
+					"name": "PUID"
+				},
+				{
+					"default": "1000",
+					"description": "Enter your user's PGID here",
+					"label": "PGID",
+					"name": "PGID"
+				},
+				{
+					"default": "Europe/Zurich",
+					"description": "Enter your time zone here. See examples https://en.wikipedia.org/wiki/List_of_tz_database_time_zones",
+					"label": "TZ",
+					"name": "TZ"
+				},
+				{
+					"default": "",
+					"description": "Enter your MySql root password here",
+					"label": "MYSQL_ROOT_PASSWORD",
+					"name": "MYSQL_ROOT_PASSWORD"
+				},
+				{
+					"default": "passbolt",
+					"description": "Enter your Passbolt database name here",
+					"label": "MYSQL_DATABASE",
+					"name": "MYSQL_DATABASE"
+				},
+				{
+					"default": "passbolt",
+					"description": "Enter your Passbolt database user here",
+					"label": "MYSQL_USER",
+					"name": "MYSQL_USER"
+				},
+				{
+					"default": "",
+					"description": "Enter your Passbolt database password here",
+					"label": "MYSQL_PASSWORD",
+					"name": "MYSQL_PASSWORD"
+				},
+				{
+					"default": "443",
+					"description": "Enter your Passbolt https port here",
+					"label": "PASSBOLT_PORT",
+					"name": "PASSBOLT_PORT"
+				},
+				{
+					"default": "https://passbolt.local",
+					"description": "Enter your full Passbolt https base URL here. Including port if different from 443",
+					"label": "PASSBOLT_URL",
+					"name": "PASSBOLT_URL"
+				},
+				{
+					"default": "Passbolt",
+					"description": "Enter your from email name",
+					"label": "EMAIL_FROM_NAME",
+					"name": "EMAIL_FROM_NAME"
+				},
+				{
+					"default": "",
+					"description": "Enter your from email address",
+					"label": "EMAIL_FROM_ADDRESS",
+					"name": "EMAIL_FROM_ADDRESS"
+				},
+				{
+					"default": "smtp.gmail.com",
+					"description": "Enter your email smtp server here",
+					"label": "EMAIL_SMTP_SERVER",
+					"name": "EMAIL_SMTP_SERVER"
+				},
+				{
+					"default": "587",
+					"description": "Enter your email smtp port here",
+					"label": "EMAIL_SMTP_PORT",
+					"name": "EMAIL_SMTP_PORT"
+				},
+				{
+					"default": "",
+					"description": "Enter your email username here",
+					"label": "EMAIL_USERNAME",
+					"name": "EMAIL_USERNAME"
+				},
+				{
+					"default": "",
+					"description": "Enter your email password here",
+					"label": "EMAIL_PASSWORD",
+					"name": "EMAIL_PASSWORD"
+				},
+				{
+					"default": "true",
+					"description": "Enter set TLS here",
+					"label": "EMAIL_TLS",
+					"name": "EMAIL_TLS"
+				}
+			],
+			"logo": "https://raw.githubusercontent.com/pi-hosted/pi-hosted/master/images/passbolt.png",
+			"name": "Passbolt",
+			"platform": "linux",
+			"repository": {
+				"stackfile": "stack/passbolt.yml",
+				"url": "https://github.com/pi-hosted/pi-hosted"
+			},
+			"restart_policy": "unless-stopped",
+			"title": "Passbolt",
+			"type": 3,
+			"note": "<b>Template created by Pi-Hosted Series</b><br><b>Check our Github page: <a href=\"https://github.com/pi-hosted/pi-hosted\" target=\"_blank\">https://github.com/pi-hosted/pi-hosted</a></b><br><br><b>Official Webpage: </b><a href=\"https://github.com/pi-hosted/pi-hosted/blob/master/docs/passbolt.md\" target=\"_blank\">https://github.com/pi-hosted/pi-hosted/blob/master/docs/passbolt.md</a><br><b>Official Docker Documentation: </b><a href=\"https://github.com/pi-hosted/pi-hosted/blob/master/docs/passbolt.md\" target=\"_blank\">https://github.com/pi-hosted/pi-hosted/blob/master/docs/passbolt.md</a><br><h3><b>Pi-Hosted dedicated documentation: </b><a href=\"https://github.com/pi-hosted/pi-hosted/blob/master/docs/passbolt.md\" target=\"_blank\">passbolt.md</a></h3><br><br><br>"
+		},
 		{
 			"categories": [
 				"Other",

diff --git a/stack/passbolt.yml b/stack/passbolt.yml
@@ -0,0 +1,67 @@
+version: "3.9"
+services:
+  passbolt-db:
+    container_name: passbolt-db
+    environment:
+      PUID: ${PUID}
+      PGID: ${PGID}
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_DATABASE: ${MYSQL_DATABASE}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+    hostname: passbolt-db
+    image: linuxserver/mariadb:arm64v8-latest
+    networks:
+      - passbolt_default
+    restart: unless-stopped
+    volumes:
+      - /portainer/Files/AppData/Config/passbolt/db:/config
+
+  passbolt:
+    container_name: passbolt
+    command:
+      [
+        "/usr/bin/wait-for.sh",
+        "-t",
+        "0",
+        "passbolt-db:3306",
+        "--",
+        "/docker-entrypoint.sh",
+      ]
+    depends_on:
+      - passbolt-db
+    environment:
+      APP_FULL_BASE_URL: ${PASSBOLT_URL}
+      DATASOURCES_DEFAULT_HOST: passbolt-db
+      DATASOURCES_DEFAULT_USERNAME: ${MYSQL_USER}
+      DATASOURCES_DEFAULT_PASSWORD: ${MYSQL_PASSWORD}
+      DATASOURCES_DEFAULT_DATABASE: ${MYSQL_DATABASE}
+      EMAIL_DEFAULT_FROM_NAME: ${EMAIL_FROM_NAME}
+      EMAIL_DEFAULT_FROM: ${EMAIL_FROM_ADDRESS}
+      EMAIL_TRANSPORT_DEFAULT_HOST: ${EMAIL_SMTP_SERVER}
+      EMAIL_TRANSPORT_DEFAULT_PORT: ${EMAIL_SMTP_PORT}
+      EMAIL_TRANSPORT_DEFAULT_USERNAME: ${EMAIL_USERNAME}
+      EMAIL_TRANSPORT_DEFAULT_PASSWORD: ${EMAIL_PASSWORD}
+      EMAIL_TRANSPORT_DEFAULT_TLS: ${EMAIL_TLS}
+    hostname: passbolt
+    image: passbolt/passbolt:latest-ce
+    networks:
+      - passbolt_default
+    ports:
+    #  - 80:80
+      - ${PASSBOLT_PORT}:443
+    restart: unless-stopped
+    volumes:
+      - /portainer/Files/AppData/Config/passbolt/certs/cert.pem:/etc/ssl/certs/certificate.crt:ro
+      - /portainer/Files/AppData/Config/passbolt/certs/key.pem:/etc/ssl/certs/certificate.key:ro
+      - gpg:/etc/passbolt/gpg
+      - jwt:/etc/passbolt/jwt
+
+networks:
+  passbolt_default:
+      name: passbolt
+      driver: bridge
+
+volumes:
+  gpg:
+  jwt: