diff --git a/README.md b/README.md index 5d66f24..5b199b5 100644 --- a/README.md +++ b/README.md @@ -180,12 +180,14 @@ __GeeseFS variables__ __Litestream variables__ -| Variable | Default | Description | -|---------------------------------------|---------------|-------------| -| `AGE_SECRET_KEY` | n/a, required | | -| `LITESTREAM_RETENTION` | `24h` | | -| `LITESTREAM_RETENTION_CHECK_INTERVAL` | `1h` | | -| `LITESTREAM_VALIDATION_INTERVAL` | `12h` | | +| Variable | Default | Description | +|---------------------------------------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `AGE_SECRET_KEY` | n/a, required | | +| `LITESTREAM_ENABLED` | `true` | Whether to restore and replicate the SQlite database with Litestream. You likely never want to turn this option off, as you will loose your SQlite database on restarts. | +| `LITESTREAM_RETENTION` | `24h` | Configure the Litestream retention period. Retention is enforced periodically and can be changed with `LITESTREAM_RETENTION_CHECK_INTERVAL`. | +| `LITESTREAM_RETENTION_CHECK_INTERVAL` | `1h` | The interval at which retention should be applied. | +| `LITESTREAM_VALIDATION_INTERVAL` | `12h` | The interval at which Litestream does a separate restore of the database and validates the result vs. the current database. | +| `LITESTREAM_SYNC_INTERVAL` | `10s` | Frequency in which frames are pushed to the replica. Note that Litestream's typical default is `1s`, and increasing this frequency can increase storage costs due to higher API request counts. | __Maintenance variables__ diff --git a/vaultwarden-fly-io/Dockerfile b/vaultwarden-fly-io/Dockerfile index ee00ef7..eb31494 100644 --- a/vaultwarden-fly-io/Dockerfile +++ b/vaultwarden-fly-io/Dockerfile @@ -17,12 +17,12 @@ RUN apk add age envsubst fuse jq openssl sudo COPY --from=litestream /litestream /usr/bin/litestream COPY --from=geesefs /geesefs /usr/bin/geesefs COPY --from=minio/mc:RELEASE.2024-10-02T08-27-28Z /usr/bin/mc /usr/bin/mc -RUN echo 'vaultwarden ALL=(ALL) NOPASSWD:SETENV: /usr/bin/geesefs' >> /etc/sudoers COPY entrypoint.sh . # NOTE: I tried to make this work, but mounting a directory with GeeseFS and using the --uid option seems to break # filesystem permissions for the mounted directory entirely (not just the vaultwarden user, even root gets # permission denied errors). So, we run Vaultwarden as root as it can access the GeeseFS mount properly.. +#RUN echo 'vaultwarden ALL=(ALL) NOPASSWD:SETENV: /usr/bin/geesefs' >> /etc/sudoers #RUN addgroup -S vaultwarden && adduser -S vaultwarden -G vaultwarden #RUN mkdir /mnt/s3 && \ # touch /etc/litestream.yml && \ diff --git a/vaultwarden-fly-io/entrypoint.sh b/vaultwarden-fly-io/entrypoint.sh index 147f2b5..7c5452f 100644 --- a/vaultwarden-fly-io/entrypoint.sh +++ b/vaultwarden-fly-io/entrypoint.sh @@ -78,6 +78,8 @@ dbs: path: vaultwarden.db region: $AWS_REGION endpoint: $AWS_ENDPOINT_URL_S3 + # See https://litestream.io/reference/config/#replica-settings + sync-interval: "${LITESTREAM_SYNC_INTERVAL:-10s}" # See https://litestream.io/reference/config/#encryption age: identities: