added vaultwarden files

vaultwarden/.SRCINFO

@@ -0,0 +1,31 @@
+pkgbase = vaultwarden
+	pkgdesc = Unofficial Bitwarden compatible server written in Rust
+	pkgver = 1.30.1
+	pkgrel = 1
+	url = https://github.com/dani-garcia/vaultwarden
+	install = vaultwarden.install
+	arch = x86_64
+	license = GPL3
+	makedepends = git
+	makedepends = rust
+	depends = glibc
+	depends = gcc-libs
+	depends = mariadb-libs
+	depends = openssl
+	depends = postgresql-libs
+	depends = sqlite
+	optdepends = vaultwarden-web: for the web app
+	provides = bitwarden_rs
+	replaces = bitwarden_rs
+	options = !lto
+	backup = etc/vaultwarden.env
+	source = vaultwarden::git+https://github.com/dani-garcia/vaultwarden#commit=48836501bf348386d9bb1378fb56db33c19d3732
+	source = systemd.service
+	source = sysusers.conf
+	source = tmpfiles.conf
+	b2sums = SKIP
+	b2sums = ff8e896f820b88f079d3d4f4c2eb394362569c921f53693e25d3badaf9fdca841e4d7665862e09d22421f544802f3a64014696fd92d7f0b923faf41f8d99e472
+	b2sums = 6580cf4031f262638abf11e529e8dfc489197afd6cd616c6a7810741e03c004706a5f9358f825aac6644c0ab6b251627ff988ed68f8264120b3575a655972390
+	b2sums = 9cdcd6c997c884eb3c1ad0c9b8cd91e68ec6762a27f9b80a7eb6c0cb1ffa4e500a654da6f17e9f985cc67add154efe737761f74e4e5f72892fc0e9d457314973
+
+pkgname = vaultwarden

vaultwarden/PKGBUILD

@@ -0,0 +1,87 @@
+# Maintainer: Daniel M. Capella <polyzen@archlinux.org>
+# Maintainer: George Rawlinson <grawlinson@archlinux.org>
+# Contributor: Markus Richter <mqus at disroot dot org>
+# Contributor: Timothée Ravier <tim@siosm.fr
+
+pkgname=vaultwarden
+pkgver=1.30.1
+pkgrel=1
+pkgdesc='Unofficial Bitwarden compatible server written in Rust'
+arch=('x86_64')
+url='https://github.com/dani-garcia/vaultwarden'
+license=('GPL3')
+depends=(
+  'glibc'
+  'gcc-libs'
+  'mariadb-libs'
+  'openssl'
+  'postgresql-libs'
+  'sqlite'
+)
+makedepends=('git' 'rust')
+optdepends=('vaultwarden-web: for the web app')
+provides=('bitwarden_rs')
+replaces=('bitwarden_rs')
+backup=('etc/vaultwarden.env')
+options=('!lto')
+install=$pkgname.install
+_commit='48836501bf348386d9bb1378fb56db33c19d3732'
+source=(
+  "$pkgname::git+$url#commit=$_commit"
+  'systemd.service'
+  'sysusers.conf'
+  'tmpfiles.conf'
+)
+b2sums=('SKIP'
+        'ff8e896f820b88f079d3d4f4c2eb394362569c921f53693e25d3badaf9fdca841e4d7665862e09d22421f544802f3a64014696fd92d7f0b923faf41f8d99e472'
+        '6580cf4031f262638abf11e529e8dfc489197afd6cd616c6a7810741e03c004706a5f9358f825aac6644c0ab6b251627ff988ed68f8264120b3575a655972390'
+        '9cdcd6c997c884eb3c1ad0c9b8cd91e68ec6762a27f9b80a7eb6c0cb1ffa4e500a654da6f17e9f985cc67add154efe737761f74e4e5f72892fc0e9d457314973')
+
+pkgver() {
+  cd "$pkgname"
+
+  git describe --tags | sed 's/^v//'
+}
+
+prepare() {
+  cd "$pkgname"
+
+  # change various defaults
+  sed -i "s,# DATA_FOLDER=data,DATA_FOLDER=/var/lib/$pkgname,
+  s,web-vault/,/usr/share/webapps/$pkgname-web,
+  s,# WEB_VAULT_ENABLED=true,WEB_VAULT_ENABLED=false,
+  s,/path/to/log,/var/log/$pkgname.log,
+  /^# ROCKET_TLS/a ROCKET_LIMITS={json=10485760}" .env.template
+
+  # download dependencies
+  cargo fetch --locked --target "$CARCH-unknown-linux-gnu"
+}
+
+build() {
+  cd "$pkgname"
+
+  VW_VERSION="$pkgver" cargo build --release --frozen --features sqlite,mysql,postgresql
+}
+
+check() {
+  cd "$pkgname"
+
+  cargo test --frozen --features sqlite,mysql,postgresql
+}
+
+package() {
+  # systemd integration
+  install -vDm644 systemd.service "$pkgdir/usr/lib/systemd/system/$pkgname.service"
+  install -vDm644 sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
+  install -vDm644 tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
+
+  cd "$pkgname"
+
+  # configuration
+  install -Dm644 .env.template "$pkgdir"/etc/$pkgname.env
+
+  # binary
+  install -vDm755 -t "$pkgdir/usr/bin" "target/release/$pkgname"
+}
+
+# vim:set ts=2 sw=2 et:

vaultwarden/systemd.service

@@ -0,0 +1,54 @@
+[Unit]
+Description=Vaultwarden Server
+Documentation=https://github.com/dani-garcia/vaultwarden
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/vaultwarden
+WorkingDirectory=/var/lib/vaultwarden
+User=vaultwarden
+Group=vaultwarden
+
+# Allow vaultwarden to bind ports in the range of 0-1024 and restrict it to
+# that capability
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+# If vaultwarden is run at ports >1024, you should apply these options via a
+# drop-in file
+#CapabilityBoundingSet=
+#AmbientCapabilities=
+#PrivateUsers=yes
+
+NoNewPrivileges=yes
+
+LimitNOFILE=1048576
+UMask=0077
+
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/var/lib/vaultwarden /var/log/vaultwarden.log
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHostname=yes
+ProtectClock=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+RemoveIPC=yes
+
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+SystemCallArchitectures=native
+
+EnvironmentFile=/etc/vaultwarden.env
+
+[Install]
+WantedBy=multi-user.target

vaultwarden/sysusers.conf

@@ -0,0 +1 @@
+u vaultwarden - "vaultwarden user"

vaultwarden/tmpfiles.conf

@@ -0,0 +1,3 @@
+d /var/lib/vaultwarden     0750 vaultwarden vaultwarden
+h /var/lib/vaultwarden     -    -            -            - +C
+f /var/log/vaultwarden.log 0640 vaultwarden vaultwarden

vaultwarden/vaultwarden.install

@@ -0,0 +1,32 @@
+post_install() {
+  cat << EOF
+!NOTE!
+  bitwarden_rs is now vaultwarden:
+  https://github.com/dani-garcia/vaultwarden/discussions/1642
+
+  If upgrading from bitwarden_rs, do not to leave around files/directories
+  owned by the old bitwarden_rs user/group before removing the old bitwarden_rs
+  user/group.
+
+Configure the server via its environment variables in /etc/vaultwarden.env.
+
+If vaultwarden is run at ports >1024, you should apply these systemd unit
+options via a drop-in file:
+[Service]
+CapabilityBoundingSet=
+AmbientCapabilities=
+PrivateUsers=yes
+
+If the service produces too much noise in your journal, you can redirect stdout
+to /dev/null (vaultwarden will still also write to /var/log/vaultwarden.log if
+configured to do so):
+[Service]
+StandardOutput=null
+
+Create or edit drop-in file:
+# systemctl edit vaultwarden
+
+Start vaultwarden and enable its systemd service:
+# systemctl enable --now vaultwarden
+EOF
+}