Add bitwarden and discord button

manuscript/recipes/bitwarden.md

@@ -0,0 +1,97 @@
+# Bitwarden
+
+Heard about the [latest passsword breach](https://www.databreaches.net) (since lunch)? [HaveYouBeenPowned](http://haveibeenpwned.com) lately? [Passwords are broken](https://www.theguardian.com/technology/2008/nov/13/internet-passwords), and as the amount of sites for which you need to store credentials grows exponetially, so does the risk of using a common password.
+
+"*Duh, use a password manager*", you say. Sure, but be aware that [even password managers have security flaws](https://www.securityevaluators.com/casestudies/password-manager-hacking/).
+
+**OK, look** - no software is perfect, and there will always be a risk of your credentials being exposed in ways you didn't intend. You can at least **minimize** the impact of such exposure by using a password manager to store unique credentials per-site. While [1Password](http://1password.com) is king of the commercial password manager, [BitWarden](https://bitwarden.com) is king of the open-source, self-hosted password manager.
+
+Enter Bitwarden..
+
+![BitWarden Screenshot](../images/bitwarden.png)
+
+Bitwarden is a free and open source password management solution for individuals, teams, and business organizations. While Bitwarden does offer a paid / hosted version, the free version comes with the following (*better than any other free password manager!*):
+
+* Access & install all Bitwarden apps
+* Sync all of your devices, no limits!
+* Store unlimited items in your vault
+* Logins, secure notes, credit cards, & identities
+* Two-step authentication (2FA)
+* Secure password generator
+* Self-host on your own server (optional)
+
+## Ingredients
+
+1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
+2. [Traefik](/ha-docker-swarm/traefik_public) configured per design
+3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP
+
+## Preparation
+
+### Setup data locations
+
+We'll need to create a directory to bind-mount into our container, so create `/var/data/bitwarden`:
+
+```
+mkdir /var/data/bitwarden
+```
+
+### Setup Docker Swarm
+
+Create a docker swarm config file in docker-compose syntax (v3), something like this:
+
+!!! tip
+        I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
+
+
+```
+version: "3"
+services:
+  bitwarden:
+    image: mprasil/bitwarden
+    env_file: /var/data/config/bitwarden/bitwarden.env
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/data/bitwarden:/data/:rw
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.web.frontend.rule=Host:bitwarden.example.com
+        - traefik.web.port=80
+        - traefik.hub.frontend.rule=Host:bitwarden.example.com;Path:/notifications/hub
+        - traefik.hub.port=3012
+        - traefik.docker.network=traefik_public
+    networks:
+        - traefik_public
+
+networks:
+  traefik_public:
+    external: true
+```
+
+!!! note
+    Note the clever use of two Traefik frontends to expose the notifications hub on port 3012. Thanks @gkoerk!
+
+
+## Serving
+
+### Launch Bitwarden stack
+
+Launch the Bitwarden stack by running ```docker stack deploy bitwarden -c <path -to-docker-compose.yml>```
+
+Browse to your new instance at https://**YOUR-FQDN**, and create a new user account and master password (*Just click the **Create Account** button without filling in your email address or master password*)
+
+### Get the apps / extensions
+
+Once you've created your account, jump over to https://bitwarden.com/#download and download the apps for your mobile and browser, and start adding your logins!
+
+## Chef's Notes
+
+1. You'll notice we're not using the *official* container images (*[all 6 of them required](https://help.bitwarden.com/article/install-on-premise/#install-bitwarden)!)*, but rather a [more lightweight version ideal for self-hosting](https://hub.docker.com/r/mprasil/bitwarden). All of the elements are contained within a single container, and SQLite is used for the database backend.
+2. The inclusion of Bitwarden was due to the efforts of @gkoerk in our [Discord server](http://chat.funkypenguin.co.nz)- Thanks Gerry!
+
+### Tip your waiter (donate) 👏
+
+Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
+
+### Your comments? 💬

manuscript/recipes/keycloak.md

@@ -173,15 +173,13 @@ For each of the following mappers, click the name, and set the "_Read Only_" fla
 ![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-4.png)
 
 !!! important
-    Development of this recipe is sponsored by [The Common Observatory](https://www.observe.global/). Thanks guys!
+    Development of the original KeyCloak recipe is sponsored by [The Common Observatory](https://www.observe.global/). Thanks guys!
 
     [![Common Observatory](../images/common_observatory.png)](https://www.observe.global/)
 
 
 ## Chef's Notes
 
-1. I wanted to be able to add multiple networks to KeyCloak (_i.e., a dedicated overlay network for LDAP authentication_), but the entrypoint used by the container produces an error when more than one network is configured. This could theoretically be corrected in future, with a PR, but the [GitHub repo](https://github.com/jboss-dockerfiles/keycloak) has no issues enabled, so I wasn't sure where to start.
-
 ### Tip your waiter (donate) 👏
 
 Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏