Hunterseeker139

• Bitwarden is the easiest and safest way to store all of your logins and passwords while conveniently keeping them synced between all of your devices. Password theft is a serious problem. The websites and apps that you use are under attack every day. Security breaches occur and your passwords are stolen.
• Bitwarden provides a shell script for easy installation on Linux and macOS (Bash), or Windows (PowerShell). Complete the following steps to install Bitwarden using the shell script: (Linux Only) If you’ve completed the Docker Post-Installation steps, do so as the bitwarden.

1. Bitwarden Cli Python
2. Bitwarden Python
3. Bitwarden Python Client

Bitwarden is an open source option that does an outstanding job of keeping your passwords locked away and does so with a user interface that is easy enough for any user, regardless of experience.

Released:

Simple bitwarden CLI written in Python to list and decrypt secrets

Project description

This is an unofficial port of the Bitwarden NodeJS CLI to Pythonfocused on decryption of secrets with increased performance

How to install

Pip

How to use ?

This tool do not replace the official NodeJs CLI of Bitwarden. You still need it to perform auth, unlock and sync operations.

First, ensure that your bitwarden vault in unlocked and that you register the BW_SESSION in your environment.

Get decrypted valued

List items

Currently supported fields

The script currently handles the decryption of the following entities and fields:

• login
  • [ custom field name ]
  • name
  • notes
  • password
  • uri: retrieve first uri without new line
  • uris: retrieve all uris, one per line
  • username
• note
  • [ custom field name ]
  • name
  • notes

It supports decryption of personal and organization ciphers.

Why this project ?

We use Ansible to manage infrastructures and use a lookup plugin to grab hundred of secrets. Each secret is retrievenwith the native NodeJS CLI in about 0.85s on my computer. When you have hundreds of secrets, that makes long minutes to wait.

According to https://github.com/bitwarden/cli/issues/67, node looks like to suffer from slow bootstrap.

This port to Python is aimed to increase secrets lookup performance. First benchmarks spotted that secrets could beretrieven in around 0.15s with this port.

Benchmark

Original bw cli: 20 requests - 17,21s

bw-simple: 20 requests - 2,2s

Development

Development requirements are listed in requirements/dev.txt

Testing

Testing is done through pytest. A sample database unlocked with BW_SESSION are provided.

License

GPLv3

Release historyRelease notifications | RSS feed

1.3.1

1.2.8

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.1

1.2

1.1.1

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Hashes for bitwarden simple cli-1.3.1.linux-x86_64.tar.gz

Hashes for bitwarden_simple_cli-1.3.1-py3-none-any.whl

Overview¶

To install any of the DietPi optimised software listed below run from the command line:

Choose Software Optimised and select one or more items. Finally click on Install. DietPi will do all the necessary steps to install and start these software items.

To see all the DietPi configurations options, review DietPi Tools section.

ownCloud¶

The ownCloud package turns your DietPi system into your very own personal cloud based backup/data storage system (e.g.: Dropbox).

Also Installs:

• Webserver
• USB dedicated hard drive highly recommended

• URL = http://<your.IP>/owncloud
• Username = admin
• Password = <your global password>

If you may want to configure your ownCloud from command line via occ command see the ownCloud admin manual.

To simplify this configuration, DietPi has added a shortcut to the otherwise necessary sudo -u www-data php /var/www/owncloud/occ.
Just use inside your terminal:

1. Option: Use the web-based updater from within the ownCloud web UI settings.

2. Option: Use the updater script from console (recommended):

3. Follow the official documentation for a manual upgrade process: https://doc.owncloud.com/server/admin_manual/maintenance/manual_upgrade.html

Where is my data stored?

/mnt/dietpi_userdata/owncloud_data (or dietpi.txt choice)

Why am I limited to 2 GiB file size uploads?

DietPi will automatically apply the max supported upload size to the PHP and ownCloud configs.

• 32-bit systems can handle 2 GB
• 64-bit systems can handle 8796 PB, yep, in petabyte
• echo -e '$(( $(php -r 'print(PHP_INT_MAX);') / 1024 / 1024))MB'

Will my data be saved after deinstallation?

Your userdata directory will stay after deinstallation.
As well a database backup will be saved to your userdata directory. Thus you can easily restore your instance by reinstalling ownCloud and restore the database dump.

Website: https://owncloud.com
Official documentation: https://doc.owncloud.org/server/admin_manual

YouTube video tutorial: How to Install DietPi OwnCloud on Raspberry Pi.

Nextcloud¶

Nextcloud gives you access to all your files wherever you are. Store your documents, calendar, contacts and photos on a server at home, at one of our providers or in a data center you trust.

Access the web interface using the next URL when running on SBC (http://localhost/nextcloud/) or the IP address / hostname of your DietPi device (e.g.: http://192.168.0.100/nextcloud/).

• Username = admin
• Password = <your global password>

Nextcloud is installed together with the webserver. To fast access the files, a dedicated USB hard drive is highly recommended.

For an advanced setup you could further configure your Nextcloud setup from the command line - see the Nextcloud Admin guide.

To simplify this configuration, DietPi has added a shortcut to the otherwise necessary sudo -u www-data php /var/www/nextcloud/occ.
Just use inside your terminal:

Nextcloud offers built-in brute force protection and additionally a plugin Brute-force settings.
This will delay your login rate in case of several failed login attempts.

This protection can be extended with Fail2Ban (see following tab).

See also:

Using Fail2Ban your can block users after failed login attempts. This hardens your system, e.g. against brute force attacks.

• Set options in the Nextcloud configuration file (typical /var/www/nextcloud/config/config.php):

  • Add trusted domains if not already set via the 'trusted_domains' entry.

    The entry of the trusted domains is important, because one of the Fail2Ban regular expressions in the Fail2Ban filter file (“Trusted domain error”, see below) deals with trusted domain login errors. By default, if you login via a non trusted domain, Nextcloud will show an error login dialog.

    Attention

    Take care, if you use this “Trusted domain error” failregex option and you then reload the page several times (more often than maxretry value in the Fail2Ban jail file) you lockout yourself also for logging in via a trusted domain from the IP address you are using.

  • log file options: These are set to appropriate values by default (e.g. log_level, log_type) resp. DietPi defaults (logfile via SOFTWARE_NEXTCLOUD_DATADIR within /boot/dietpi.txt), so that they do not need to be set as sometimes otherwise described.

• Create new Fail2Ban filter (e.g. /etc/fail2ban/filter.d/nextcloud.conf):

• Create new Fail2Ban jail file/etc/fail2ban/jail.d/nextcloud.local:

  Check whether the logpath is identical to the value in the Nextcloud configuration file (config.phpsee above).

  As not specified here, Fail2Ban uses properties like maxretry, bantime, etc. from /etc/fail2ban/jail.conf or /etc/fail2ban/jail.local (if present). Note the setting backend = auto. By default, backend is set to systemd in /etc/fail2ban/jail.conf. As a result, Fail2Ban ignores the logpath entry here in the jail nextcloud.conf, with the consequence, that Fail2Ban does not recognize an attack on Nextcloud (port 80, 443) even though attacks are listed in /mnt/dietpi_userdata/nextcloud_data/nextcloud.log.

• Restart Fail2Ban: systemctl restart fail2ban.

• Test your settings by trying to sign in multiple times from a remote PC with a wrong user or password. After maxretry attempts your IP must be banned for bantime seconds (DietPi does not respond anymore) as the default action by Fail2Ban is route, specified in /etc/fail2ban/action.d/route.conf.
• Check the current status on your DietPi with fail2ban-client status nextcloud.
• See also:

1. Option: Use the web-based updater from within the Nextcloud web UI settings.

2. Option: Use the updater script from console (recommended):

3. Follow the official documentation for a manual upgrade process: https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html

Where is my data stored?

/mnt/dietpi_userdata/nextcloud_data (or dietpi.txt choice)

Why am I limited to 2GB file size uploads?

DietPi will automatically apply the max supported upload size to the PHP and Nextcloud configs.

• 32bit systems can handle 2 GB
• 64bit systems can handle 8796 PB (petabytes)

Will my data be saved after deinstallation?

Your user data directory will stay after deinstallation. As well a database backup will be saved to your user data directory. Thus you can easily restore your instance by reinstalling Nextcloud and restore the database dump.

Website: https://nextcloud.com/athome
Official documentation: https://docs.nextcloud.com/server/latest/admin_manual/contents.html

YouTube video tutorial #1: DietPi Nextcloud Setup on Raspberry Pi 3 B Plus.

YouTube video tutorial #2: DietPi Docker Nextcloud External Storage Setup with SAMBA SERVER on RPI3B

Nextcloud Talk¶

Host video calls on your own Nextcloud instance. The TURN server Coturn will be installed and configured as well to allow reliable video calls through outside the local network, NAT and firewall setups.

Also installs:

• Nextcloud
• Coturn

Installation notes¶

During installation you will be asked to enter the external server domain and a port, that you want to use for the Coturn TURN server. Note that you need to forward the chosen port and/or open it in your firewall.

If HTTPS was or is enabled via dietpi-letsencrypt, Coturn will be configured to use the LetsEncrypt certificates for TLS connections on the chosen TURN server port automatically.
Coturn by default will listen to non-TLS requests as well on the port configured in /etc/turnserver.conf. You can force TLS/control this by switching port forwarding in your router and/or opening/dropping ports in your firewall.

Coturn logging by default is disabled via /etc/default/coturn command arguments, since it is very verbose and produces much disk I/O. You can enable and configure logging via /etc/turnserver.conf, if required.

Website: https://nextcloud.com/talk

Pydio¶

Pydio is a feature-rich backup and sync server with web interface. Similar to ownCloud with vast configuration options to meet your “cloud” needs.

Also Installs:

• Webserver

• Ignore the warnings and click the button titled CLICK HERE TO CONTINUE TO PYDIO.
  Remark: If you require SSL access, please use LetsEncrypt to set this up.
• The wizard can now be started, click the start wizard > button to begin.
• Enter and create a new admin account for use with Pydio. Then click the >> button.
• Under database details, enter the following:
  • Database type = MySQL
  • Host = localhost
  • Database = pydio
  • User = pydio
  • Password = dietpi
  • Use MySqli = No
• Click test connection, when successful, click the >> button.
• Under advanced options, use the default values, then click the Install Pydio button.

Once the server has been configured (as per above):

• Download the sync client for your system: https://pydio.com/en/get-pydio/downloads/pydiosync-desktop-app
• When configuring the remote server, use the following:
  • Select HTTP option (unless you have setup an SSL cert)
  • URL = http://<your.IP>/pydio (replace IP with your system IP)
  • User = The “admin” user you setup in initial setup.
  • Password = The “admin” password you setup in initial setup.

Website: https://pydio.com

UrBackup¶

UrBackup Server is an Open Source client/server backup system, that through a combination of image and file backups accomplishes both data safety and a fast restoration time.
Basically, it allows you to create a complete system backup, using a simple web interface, for systems on your network.

The web interface is accessible via port 55414:

URL = http://<your.IP>:55414
Remark: Change the IP address for your system.

The location of the backups can be changed in the web interface:

• Select Settings.
• Change the Backup Storage Path: /mnt/dietpi_userdata/urbackup is recommended.
• Click Save.
• Restart service with systemctl restart urbackupsrv.

Install the appropriate client on the systems you wish to backup from https://www.urbackup.org/download.html#client_windows.

Website: https://www.urbackup.org/index.html

Gogs¶

Your very own GitHub style server, with web interface.

The web interface is accessible via port 3000:

• URL = http://<your.IP>:3000

Has to be done once, when connected to the web interface:

• Change the following values only:
  • Database = MySQL
  • User = gogs
  • Database password = <your global password>
  • Repository Root Path = /mnt/dietpi_userdata/gogs-repo
  • Run User = gogs
  • Log Path = /var/log/gogs
  • Email service settings > From = anyone@anyemail.com
• Scroll to the bottom of page and select Install Gogs
• When the web address changes to localhost: and fails to load, you need to reconnect to the web page using the IP address (e.g.: http://<your.IP>:3000)
• Once the page has reloaded, you will need to click register to create the admin account

If you wish to allow external access to your Gogs server, you will need to setup port forwarding on your router, pointing to the IP address of your DietPi device.

• Port = 3000
• Protocol = TCP+UDP

Website: https://gogs.io

Gitea¶

Your very own GitHub style server, with web interface.

The web interface is accessible via port 3000:

• URL = http://<your.IP>:3000

Has to be done once, when connected to the web interface:

• Change the following values only:
  • MySQL database user = gitea
  • MySQL database password = dietpi
  • Repository root path = /mnt/dietpi_userdata/gitea/gitea-repositories
  • Log path = /var/log/gitea
• Scroll to the bottom of page and select Install Gitea
• When the web address changes to localhost: and fails to load, you need to reconnect to the web page using the IP address (e.g.: http://<your.IP>:3000)
• Once the page has reloaded, you will need to click register to create the admin account

If you wish to allow external access to your Gitea server, you will need to setup port forwarding on your router, pointing to the IP address of your DietPi device.

• Port = 3000
• Protocol = TCP+UDP

If an external access is used, the activation of the package Let’s Encrypt - Enable HTTPS / SSL is strongly recommended to increase your system security.

Using Fail2Ban your can block users after failed login attempts. This hardens your system, e.g. against brute-force attacks.

• Create new filter /etc/fail2ban/filter.d/gitea.conf:

• Create new jail /etc/fail2ban/jail.d/gitea.conf:

  As not specified here, Fail2Ban uses properties like maxretry, bantime, etc. from /etc/fail2ban/jail.conf or /etc/fail2ban/jail.local (if present). Note the setting backend = auto. By default, backend is set to systemd in /etc/fail2ban/jail.conf. As a result, Fail2Ban ignores the logpath entry here in the jail gitea.conf, with the consequence, that Fail2Ban does not recognize an attack on Gitea (port 3000) even though attacks are listed in /var/log/gitea/gitea.log.

• Restart Fail2Ban: systemctl restart fail2ban.

• Test your settings by trying to sign in multiple times from a remote PC with a wrong user or password. After maxretry attempts your IP must be banned for bantime seconds (DietPi does not respond anymore) as the default action by Fail2Ban is route, specified in /etc/fail2ban/action.d/route.conf.
• Check the current status on your DietPi with fail2ban-client status gitea.
• See also:

You can easily update Gitea by reinstalling it. Your settings and data are preserved by this:

Website: https://gitea.io

Syncthing¶

Backup and sync server with web interface. Extremely lightweight and efficient as no webserver is required.

The web interface is accessible via port 8384:

URL = http://<your.IP>:8384

Has to be done once, when connected to the web interface.

• When the Danger! Please set a GUI Authentication User and Password in the Settings dialog. box appears, click the settings button inside the box.
• Under GUI Authentication User and GUI Authentication Password: Enter new login details you would like to use for access to the web interface. Then click save.

DietPi will automatically setup your default folder share to /mnt/dietpi_userdata.

In this example we will use a Windows system. The goal is to “sync” the user data from your DietPi device with another system.

• Download, extract and run the Windows application syncthing.exe: https://syncthing.net/downloads/.
• Syncthing web interface will load automatically, if not, you can access it via http://127.0.0.1:8384/.
  • Click Actions at the top right, then select Show ID. Copy the UUID code.
• On the DietPi device, open the web interface and click Add remote device (bottom right).
  • Under Device ID, paste in the UUID we copied earlier.
  • Under Device name, enter any name. e.g.: My Windows PC.
  • Under Share Folders With Device tick/select DietPi user data, then click save.
• After a few seconds, go back to the Windows web interface http://127.0.0.1:8384/. You should receive a message asking you to confirm the new device, click Add Device.
  • Under Share Folders With Device tick/select DietPi user data, then click save.

You devices should now duplicate the user data from your DietPi device to your Windows PC.

Website: https://syncthing.net

MinIO¶

It is an open source Kubernetes Native, High Performance Object Storage (S3 Compatible). It helps building cloud-native data infrastructure for machine learning, analytics and application data workloads.

The web interface is accessible via port 9000:

• URL = http://<your.IP>:9000

Website: https://min.io/product/overview
Official documentation: https://docs.min.io

Firefox Sync Server¶

This is Mozilla’s Firefox Sync Server which manages syncing Firefox instance bookmarks, history, tabs and passwords across devices. Out of the box it runs on a Python server for small loads and can be configured to run behind Nginx or Apache.

• Open about:config to access advanced settings.
• Search for: identity.sync.tokenserver.uri.
• Set value to: http://<your.IP>:5000/token/1.0/sync/1.5.
  • We recommend to access your Firefox Sync Server only from local network or via VPN, keeping the default listening port 5000 closed for access from outside of your LAN.
  • If you need to access it remotely without VPN, adjust the public_url setting inside the config file /mnt/dietpi_userdata/firefox-sync/syncserver.ini to contain your public IP or domain and desired port.

• Install directory: /opt/firefox-sync
• Data directory: /mnt/dietpi_userdata/firefox-sync
• Config file: /mnt/dietpi_userdata/firefox-sync/syncserver.ini

View the logs by executing:

You can easily update the Firefox Sync Server by reinstalling it. Your settings and data are preserved by this:

Source code: mozilla-services/syncserver

Credits: This software title has been added to DietPi-Software by CedArctic, many thanks! :D

Bitwarden_RS¶

Bitwarden_RS is an unofficial Bitwarden password manager server with web interface, written in Rust.

• During install, a self-signed 4096-bit RSA TLS certificate is created to allow encrypted HTTPS access, which is required for access with most Bitwarden clients and reasonable as of the sensitivity of the data a password manager handles.
• Most web browsers will warn you on access that the certificate is not trusted, although usually you can choose to ignore that and still access the web vault.
• Most Bitwarden clients on the other hand will deny to access your server, as long as the certificate is not trusted.
• As far as you have a public domain name for your DietPi server, we recommend to request an official trusted CA certificate, e.g. via dietpi-letsencrypt and setup either a reverse proxy, or configure Bitwarden_RS to use the retrieved key and certificate directly via ROCKET_TLS setting in the config file (see “Directories” tab).

Bitwarden Cli Python

1. In your browser, next to the address bar, select the warning or lock icon. Then select the certificate button to open Windows’ Certificate view.
2. Switch to the “Details” tab.
   
3. Select “Save to file”.
4. In the newly opened window, select “Continue”.
   
5. Leave default DER coding and select “Continue”.
6. Select “Browse” to chose a target file location.
   
7. Choose a target file location and name, it is only required temporarily.
8. Select “Continue”.
9. Select “Finish”.
   
10. Double-click the created certificate file and select “Install certificate”.
11. Select “Local system”.
12. Select “Continue”, which requires administrator permissions.
    
13. Choose “Save all certificates to the following store”.
14. Select “Browse”.
15. Select “Trusted Root Certification Authorities”.
16. Select “Ok”.
17. Select “Continue”.
18. Select “Finish”.
    

1. In your browser (note that this cannot be done in Safari), next to the address bar, select the warning or lock icon. Then select the “Certificate (Invalid)” button.
   
2. Drag the certificate icon to your desktop, it is only required temporarily.
3. Double-click on the certificate file.
   
4. On the “Keychain” dropdown, select “System”.
5. Select “Add”.
6. Enter an administrator username and password.
7. Select “Modify Keychain”.
   
8. Double-click on the certificate in the list.
9. Select “Trust”.
   
10. On the “Secure Sockets Layer (SSL)” dropdown, select “Always Trust”.
11. Click the red button in the top left corner of the window.
12. Enter an administrator username and password.
13. Select “Update Settings”.
    

The web interface is accessible via port 8001:

• URL = https://<your.IP>:8001
• On first access, you need to create an account, either via web UI or via client (see “Client access” tab).

Any official Bitwarden client will work: https://bitwarden.com/download

1. Select the settings cog at the top left of the window.
2. Add https://<your.IP>:8001 into the custom server field.
3. Create a new account, which will be created on your own server only.

• Install directory: /opt/bitwarden_rs
• Data directory: /mnt/dietpi_userdata/bitwarden_rs
• Config file: /mnt/dietpi_userdata/bitwarden_rs/bitwarden_rs.env

Official documentation: https://github.com/dani-garcia/bitwarden_rs/wiki
Forum: https://bitwardenrs.discourse.group
Source code: dani-garcia/bitwarden_rs
Open-source license: GPLv3

Credits: This software title has been added to DietPi-Software by CactiChameleon9. Thank you!

FuguHub¶

FuguHub transforms your DietPi device into a secure online storage system, letting you access and share files from any connected computer or device.

Open the browser http://<your.IP>.
On the first access, an admin account needs to be created to log in with (to fully control the FuguHub app).

FuguHub runs by default on port 80 and optional 443, making it incompatible with a regular webserver using the default setup.

Bitwarden Python

1. Press Enter to continue
2. Press Y to accept license
3. Press Y for VPS or N for home/office server
4. Choose whether to install an internal BitTorrent client.

It is recommended to use the a dedicated BitTorrent server, if required: https://dietpi.com/docs/software/bittorrent/

Setup details:

• Install directory: /home/bd
• Config file: /home/bd/bdd.conf
• Data directory: /mnt/dietpi_userdata/fuguhub-data

• Service: journalctl -u bdd
• Trace: /home/bd/trace/
  It contains an info about the database creation only, even after playing around with the web UI a bit.

Bitwarden Python Client

Website: https://fuguhub.com