Add bitwarden and discord button

manuscript/CHANGELOG.md

@@ -13,13 +13,10 @@
 
 ## Recently added recipes
 
+* Added [Bitwarden](/recipes/bitwarden/), an **awesome** open-source password manager, with great mobile sync support (_14 May 2019_)
 * Added [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/), replacing function of multiple [oauth_proxies](/reference/oauth_proxy/) with a single, 7MB Go application, which can authenticate against Google, [KeyCloak](/recipes/keycloak/), and other OIDC providers (_10 May 2019_)
 * Added Kubernetes version of [Miniflux](/recipes/kubernetes/miniflux/) recipe, a minimalistic RSS reader supporting the Fever API (_26 Mar 2019_)
 * Added Kubernetes version of [Kanboard](/recipes/kubernetes/kanboard/) recipe, a lightweight, well-supported Kanban tool for visualizing your work (_19 Mar 2019_)
-* Added [Minio](/recipes/minio/), a high performance distributed object storage server, designed for large-scale private cloud infrastructure, but perfect for simple use cases where emulating AWS S3 is useful. (_27 Jan 2019_)
-* Added the beginning of the **Kubernetes** design, including a getting started on using [Digital Ocean,](/kubernetes/digitalocean/) and a WIP recipe for an [MQTT](/recipes/mqtt/) broker (_21 Jan 2019_)
-* [ElkarBackup](/recipes/elkarbackup/), a beautiful GUI-based backup solution built on rsync/rsnapshot (_1 Jan 2019_)
-
 
 ## Recent improvements
 

manuscript/book.txt

@@ -49,6 +49,7 @@ recipes/swarmprom.md
 recipes/turtle-pool.md
 
 sections/menu-docker.md
+recipes/bitwarden.md
 recipes/bookstack.md
 recipes/cryptominer.md
 recipes/cryptominer/mining-rig.md

manuscript/recipes/bitwarden.md

@@ -0,0 +1,97 @@
+# Bitwarden
+
+Heard about the [latest passsword breach](https://www.databreaches.net) (since lunch)? [HaveYouBeenPowned](http://haveibeenpwned.com) lately? [Passwords are broken](https://www.theguardian.com/technology/2008/nov/13/internet-passwords), and as the amount of sites for which you need to store credentials grows exponetially, so does the risk of using a common password.
+
+"*Duh, use a password manager*", you say. Sure, but be aware that [even password managers have security flaws](https://www.securityevaluators.com/casestudies/password-manager-hacking/).
+
+**OK, look** - no software is perfect, and there will always be a risk of your credentials being exposed in ways you didn't intend. You can at least **minimize** the impact of such exposure by using a password manager to store unique credentials per-site. While [1Password](http://1password.com) is king of the commercial password manager, [BitWarden](https://bitwarden.com) is king of the open-source, self-hosted password manager.
+
+Enter Bitwarden..
+
+![BitWarden Screenshot](../images/bitwarden.png)
+
+Bitwarden is a free and open source password management solution for individuals, teams, and business organizations. While Bitwarden does offer a paid / hosted version, the free version comes with the following (*better than any other free password manager!*):
+
+* Access & install all Bitwarden apps
+* Sync all of your devices, no limits!
+* Store unlimited items in your vault
+* Logins, secure notes, credit cards, & identities
+* Two-step authentication (2FA)
+* Secure password generator
+* Self-host on your own server (optional)
+
+## Ingredients
+
+1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
+2. [Traefik](/ha-docker-swarm/traefik_public) configured per design
+3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP
+
+## Preparation
+
+### Setup data locations
+
+We'll need to create a directory to bind-mount into our container, so create `/var/data/bitwarden`:
+
+```
+mkdir /var/data/bitwarden
+```
+
+### Setup Docker Swarm
+
+Create a docker swarm config file in docker-compose syntax (v3), something like this:
+
+!!! tip
+        I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
+
+
+```
+version: "3"
+services:
+  bitwarden:
+    image: mprasil/bitwarden
+    env_file: /var/data/config/bitwarden/bitwarden.env
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/data/bitwarden:/data/:rw
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.web.frontend.rule=Host:bitwarden.example.com
+        - traefik.web.port=80
+        - traefik.hub.frontend.rule=Host:bitwarden.example.com;Path:/notifications/hub
+        - traefik.hub.port=3012
+        - traefik.docker.network=traefik_public
+    networks:
+        - traefik_public
+
+networks:
+  traefik_public:
+    external: true
+```
+
+!!! note
+    Note the clever use of two Traefik frontends to expose the notifications hub on port 3012. Thanks @gkoerk!
+
+
+## Serving
+
+### Launch Bitwarden stack
+
+Launch the Bitwarden stack by running ```docker stack deploy bitwarden -c <path -to-docker-compose.yml>```
+
+Browse to your new instance at https://**YOUR-FQDN**, and create a new user account and master password (*Just click the **Create Account** button without filling in your email address or master password*)
+
+### Get the apps / extensions
+
+Once you've created your account, jump over to https://bitwarden.com/#download and download the apps for your mobile and browser, and start adding your logins!
+
+## Chef's Notes
+
+1. You'll notice we're not using the *official* container images (*[all 6 of them required](https://help.bitwarden.com/article/install-on-premise/#install-bitwarden)!)*, but rather a [more lightweight version ideal for self-hosting](https://hub.docker.com/r/mprasil/bitwarden). All of the elements are contained within a single container, and SQLite is used for the database backend.
+2. The inclusion of Bitwarden was due to the efforts of @gkoerk in our [Discord server](http://chat.funkypenguin.co.nz)- Thanks Gerry!
+
+### Tip your waiter (donate) 👏
+
+Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
+
+### Your comments? 💬

manuscript/recipes/keycloak.md

@@ -173,15 +173,13 @@ For each of the following mappers, click the name, and set the "_Read Only_" fla
 ![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-4.png)
 
 !!! important
-    Development of this recipe is sponsored by [The Common Observatory](https://www.observe.global/). Thanks guys!
+    Development of the original KeyCloak recipe is sponsored by [The Common Observatory](https://www.observe.global/). Thanks guys!
 
     [![Common Observatory](../images/common_observatory.png)](https://www.observe.global/)
 
 
 ## Chef's Notes
 
-1. I wanted to be able to add multiple networks to KeyCloak (_i.e., a dedicated overlay network for LDAP authentication_), but the entrypoint used by the container produces an error when more than one network is configured. This could theoretically be corrected in future, with a PR, but the [GitHub repo](https://github.com/jboss-dockerfiles/keycloak) has no issues enabled, so I wasn't sure where to start.
-
 ### Tip your waiter (donate) 👏
 
 Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏

manuscript/sponsored-projects.md

@@ -16,3 +16,6 @@ I regularly donate to / sponsor the following projects. **Join me** in supportin
 | [LinuxServer.io](https://www.linuxserver.io) | [PayPal](https://www.linuxserver.io/donate)
 | [Pi-hole](https://pi-hole.net/) | [Patreon](https://www.patreon.com/pihole/posts)
 | [Franck Nijhof's Hassio Addons](https://www.frenck.nl/about/franck-nijhof/) | [Patreon](https://www.patreon.com/frenck/overview)
+| [WidgetBot's Discord Widget](https://widgetbot.io/) | [Patreon](https://www.patreon.com/widgetbot/overview)
+
+

mkdocs.yml

@@ -87,6 +87,7 @@ nav:
 #      - phpIPAM: recipes/kubernetes/phpipam.md
 #      - PrivateBin: recipes/kubernetes/privatebin.md
     - Menu:
+      - Bitwarden: recipes/bitwarden.md
       - Bookstack: recipes/bookstack.md
       - CryptoMiner:
         - Start: recipes/cryptominer.md
@@ -169,8 +170,8 @@ google_analytics:
   - 'UA-139253-18'
   - 'auto'
 
-extra_javascript:
+#extra_javascript:
-#  - 'extras/javascript/piwik.js'
+# - 'extras/javascript/discord.js'
 
 # Extensions
 markdown_extensions:

overrides/main.html

@@ -16,3 +16,17 @@
 
 <script src="https://instant.page/1.1.0" type="module" integrity="sha384-EwBObn5QAxP8f09iemwAJljc+sU+eUXeL9vSBw1eNmVarwhKk2F9vBEpaN9rsrtp"></script>
 {% endblock %}
+
+
+{% block scripts %}
+<script src="https://cdn.jsdelivr.net/npm/@widgetbot/crate@3" async defer>
+  const button = new Crate({
+    server: '396055506072109067',
+    channel: '456689991326760973',
+    shard: 'https://disweb.deploys.io',
+    color: '#795548'
+  })
+
+  button.notify('Need a 🤚? Hot sweaty geeks are waiting to chat to you! Click 👇')
+</script>
+{% endblock %}