Update documentation to centralize Vaultwarden integration details and enhance backup scripts

Refactor README, architecture, and backup documentation to emphasize the use of Vaultwarden for credential management across various services. Update scripts for Nextcloud, Gitea, Paperless, and others to reference Vaultwarden for sensitive information. Remove outdated references to previous backup strategies and ensure clarity on credential retrieval processes. This improves security practices and streamlines backup operations.
2026-02-28 00:52:56 +03:00
parent f319133cee
commit 16c254510a
34 changed files with 1677 additions and 437 deletions
--- a/scripts/certbot-hooks/check-beget-credentials.sh
+++ b/scripts/certbot-hooks/check-beget-credentials.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# Pre-hook для certbot: проверка beget.ini перед renew
+# Путь: /etc/letsencrypt/renewal-hooks/pre/check-beget-credentials.sh
+# При отсутствии файла или неверных правах — exit 1, certbot не выполнит renew.
+
+BEGET_INI="/root/.secrets/certbot/beget.ini"
+
+if [ ! -f "$BEGET_INI" ]; then
+  echo "check-beget-credentials: $BEGET_INI not found" >&2
+  exit 1
+fi
+
+mode=$(stat -c '%a' "$BEGET_INI" 2>/dev/null)
+owner=$(stat -c '%u' "$BEGET_INI" 2>/dev/null)
+
+if [ "$mode" != "600" ]; then
+  echo "check-beget-credentials: $BEGET_INI has mode $mode, expected 600" >&2
+  exit 1
+fi
+
+if [ "$owner" != "0" ]; then
+  echo "check-beget-credentials: $BEGET_INI owner $owner, expected root (0)" >&2
+  exit 1
+fi
+
+exit 0