海运的博客

编译安装bitwarden_rs：

apt install git make gcc libssl-dev pkg-config curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
cargo build --features sqlite --release
mkdir /usr/local/bitwarden
cp target/release/bitwarden_rs /usr/local/bitwarden/  

编译安装web-vault，已编译版本：https://github.com/dani-garcia/bw_web_builds/releases

curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install nodejs
git clone https://github.com/bitwarden/web.git web-vault
cd web-vault
git checkout v2.11.0
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.11.0.patch
git apply v2.11.0.patch
npm run sub:init
npm install
npm run dist
cp -r build /usr/local/bitwarden/web-vault
export PATH=/usr/local/bitwarden/:$PATH

如果遇到以下错误：
ERROR in node_modules/sweetalert/typings/sweetalert.d.ts(4,9): error TS2403: Subsequent variable declarations must have the same type. Variable 'swal' must be of type 'typeof import("/usr/local/src/web-vault/node_modules/sweetalert/typings/sweetalert")', but here has type 'SweetAlert'.
则：

sed -i 's/const swal/\/\/const swal/' node_modules/sweetalert/typings/sweetalert.d.ts

启动：

export WEB_VAULT_FOLDER=/usr/local/bitwarden/web-vault
export DATA_FOLDER=/usr/local/bitwarden/data
bitwarden_rs

https://github.com/dani-garcia/bitwarden_rs/wiki/Building-binary
https://github.com/t4t5/sweetalert/issues/890
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/
https://www.ixsystems.com/community/threads/how-to-build-your-own-bitwarden_rs-jail.81389/

alpine从硬盘grub引导到内存中运行，重启后会破坏原硬盘分区，使用alpine官方推荐的使用ipxe netboot。
生成ipxe grub引导脚本，ssh_key为后续ssh登录目标系统操作的机器ssh public key，grub引导的ipxe lkrn可自行编译。

#!/bin/bash
#set -x
network=static
dns=8.8.8.8
ssh_key="ssh_key=http://www.haiyun.me/id_rsa.pub"
mirror="http://mirrors.aliyun.com/alpine/v3.11"
ipxe_file="http://www.haiyun.me/ipxe.lkrn"

valid_ip() {
  [[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]
  state=$?
  return $state 
}
cidr2mask() {
    value=$(( 0xffffffff ^ ((1 << (32 - $1)) - 1) ))
    echo "$(( ($value >> 24) & 0xff )).$(( ($value >> 16) & 0xff )).$(( ($value >> 8) & 0xff )).$(( $value & 0xff ))"
}
which wget &> /dev/null && which ip &> /dev/null || {
  echo '请先安装wget和ip'
  exit
}
alpine_addr="ip=dhcp"
if [ "$network" == 'static' ]; then
  address=$(ip -o -f inet addr show | awk '/scope global/ {print $4}' | head -n 1)
  addr=$(echo $address | awk -F'/' '{print $1}')
  cidr=$(echo $address | awk -F'/' '{print $2}')
  gw=$(ip rou | awk '/default via/ {print $3}')
  mask=$(cidr2mask $cidr)
  alpine_addr="ip=${addr}::${gw}:${mask}::::${dns}:"
  echo 'ip：' $addr
  echo 'route：' $gw
  echo 'netmask：' $mask
  valid_ip "$addr" && valid_ip "$mask" && valid_ip "$gw" || {
    echo '获取网络信息失败'
    exit
  }
  read -r -p "以上IP信息是否正确? [Y/n] " input
  if [[ $input != "y" && $input != "Y" ]]; then
    echo "abort"
    exit
  fi
fi

if [ -f "/etc/redhat-release" ]; then
  grubfile=/boot/grub2/grub.cfg
  grubcmd=grub2-mkconfig
else
  grubfile=/boot/grub/grub.cfg
  grubcmd=grub-mkconfig
fi
#root=`grep "set root" $grubfile|sed -e 's/^[ \t]*//'|head -n 1`
root=$(grep 'set root' $grubfile | sed -e 's/^[ \t]*//' | sort | uniq -c | head -n 1 | awk '{print $2,$3}')
if mount | grep -q /boot; then
  dir=/
else
  dir=/boot/
fi
vmlinuzfile=${dir}ipxe.lkrn
initrdfile=${dir}ipxe.initrd
wget -q $ipxe_file -O /boot/ipxe.lkrn
cat > /boot/ipxe.initrd << EOF
#!ipxe
imgfree
set net0/ip ${addr}
set net0/netmask ${mask}
set net0/gateway ${gw}
set dns ${dns}
ifopen net0

:boot
kernel ${mirror}/releases/x86_64/netboot/vmlinuz-virt ${alpine_addr} modules=loop,squashfs quiet nomodeset alpine_repo=${mirror}/main/ modloop=${mirror}/releases/x86_64/netboot/modloop-virt console=tty0 ${ssh_key} || goto boot
initrd ${mirror}/releases/x86_64/netboot/initramfs-virt || goto boot

boot || shell
EOF

[[ -f /boot/ipxe.lkrn ]] && [[ -f /boot/ipxe.initrd ]] || {
  echo '引导文件不存在'
  exit
}

cat > /etc/grub.d/40_custom << EOF
#!/bin/sh
exec tail -n +3 \$0
menuentry 'netinstall' {
$root
linux16 $vmlinuzfile
initrd16 $initrdfile
}
EOF
sed -i 's/GRUB_DEFAULT=.*/GRUB_DEFAULT="netinstall"/' /etc/default/grub
$grubcmd -o $grubfile
cat /etc/grub.d/40_custom

ssh登录到alpine系统，dd备份的系统镜像保存到sshfs挂载远程服务器上，也可使用nfs。

apk add sshfs
modprobe fuse
sshfs -p 22 www.haiyun.me:/mnt/ /mnt/
dd if=/dev/vda | gzip > /mnt/pr.img
sync
umount /mnt/

恢复备份系统的grub引导：

mount -t ext4 /dev/vda1 /mnt/
chmod 644 /mnt/boot/grub/grub.cfg
sed -i 's/default="netinstall"/default="0"/' /mnt/boot/grub/grub.cfg
chmod 444 /mnt/boot/grub/grub.cfg
sed -i 's/GRUB_DEFAULT="netinstall"/GRUB_DEFAULT="0"/' /mnt/etc/default/grub
umount /mnt/

将要dd的目标系统通过以上方法引导至alpine系统并挂载sshfs，然后将之前备份的img dd到目标系统：

gzip -dc /mnt/pr.img |dd of=/dev/vda

如果要dd的目标系统硬盘比备份的系统硬盘大，要进行linux系统分区扩容，如果要扩容的分区下面有swap分区，记住swap的扇区大小和要扩容的分区起始位置，根据总扇区大小计算要扩充的分区扇区大小，将swap分区和扩充的分区删除再新建。

apk add util-linux e2fsprogs-extra
#修改分区扇区大小及位置，方法见上面链接
fdisk /dev/vda
partprobe 
e2fsck -yf /dev/vda1
resize2fs /dev/vda1
#如果有删除并新建swap分区，后面还要修改fstab swap uuid
mkswap /dev/vda2

挂载恢复后硬盘镜像，修改目标系统的IP地址和启动项：

mount -t ext4 /dev/vda1 /mnt/
#如果有更改swap分区，修改fstab uuid
blkid
vim /mnt/etc/fstab 
vim /mnt/etc/network/interfaces
chmod 644 /mnt/boot/grub/grub.cfg
sed -i 's/default="netinstall"/default="0"/' /mnt/boot/grub/grub.cfg
chmod 444 /mnt/boot/grub/grub.cfg
sed -i 's/GRUB_DEFAULT="netinstall"/GRUB_DEFAULT="0"/' /mnt/etc/default/grub
umount /mnt/

虽然dnsmasq自带参数min-cache-ttl可修改服务器缓存最小值，但是首次请求返回给客户端的时正常ttl，使用以下patch可修改返回给客户端ttl时间，配合min-cache-ttl保持和dnsmasq缓存ttl时间一致，dnsmasq不开启缓存可单独修改min ttl。
适用于dnsmasq2.80版本，

diff -urN dnsmasq-2.80/src/dnsmasq.h dnsmasq-2.80-bak/src/dnsmasq.h
--- dnsmasq-2.80/src/dnsmasq.h  2018-10-19 02:21:55.000000000 +0800
+++ dnsmasq-2.80-bak/src/dnsmasq.h      2020-01-13 10:38:16.940067371 +0800
@@ -1023,7 +1023,7 @@
   int max_logs;  /* queue limit */
   int cachesize, ftabsize;
   int port, query_port, min_port, max_port;
-  unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
+  unsigned long local_ttl, neg_ttl, min_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
   char *dns_client_id;
   struct hostsfile *addn_hosts;
   struct dhcp_context *dhcp, *dhcp6;
diff -urN dnsmasq-2.80/src/option.c dnsmasq-2.80-bak/src/option.c
--- dnsmasq-2.80/src/option.c   2018-10-19 02:21:55.000000000 +0800
+++ dnsmasq-2.80-bak/src/option.c       2020-01-13 17:21:13.925164926 +0800
@@ -106,6 +106,7 @@
 #define LOPT_PROXY         295
 #define LOPT_GEN_NAMES     296
 #define LOPT_MAXTTL        297
+#define LOPT_MINTTL        397
 #define LOPT_NO_REBIND     298
 #define LOPT_LOC_REBND     299
 #define LOPT_ADD_MAC       300
@@ -281,6 +282,7 @@
     { "dhcp-broadcast", 2, 0, LOPT_BROADCAST },
     { "neg-ttl", 1, 0, LOPT_NEGTTL },
     { "max-ttl", 1, 0, LOPT_MAXTTL },
+    { "min-ttl", 1, 0, LOPT_MINTTL },
     { "min-cache-ttl", 1, 0, LOPT_MINCTTL },
     { "max-cache-ttl", 1, 0, LOPT_MAXCTTL },
     { "dhcp-alternate-port", 2, 0, LOPT_ALTPORT },
@@ -409,6 +411,7 @@
   { 'T', ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL },
   { LOPT_NEGTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL },
   { LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL },
+  { LOPT_MINTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for minimum TTL to send to clients."), NULL },
   { LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live ceiling for cache."), NULL },
   { LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live floor for cache."), NULL },
   { 'u', ARG_ONE, "<username>", gettext_noop("Change to this user after startup. (defaults to %s)."), CHUSER }, 
@@ -2664,6 +2667,7 @@
     case 'T':         /* --local-ttl */
     case LOPT_NEGTTL: /* --neg-ttl */
     case LOPT_MAXTTL: /* --max-ttl */
+    case LOPT_MINTTL: /* --min-ttl */
     case LOPT_MINCTTL: /* --min-cache-ttl */
     case LOPT_MAXCTTL: /* --max-cache-ttl */
     case LOPT_AUTHTTL: /* --auth-ttl */
@@ -2676,6 +2680,8 @@
          daemon->neg_ttl = (unsigned long)ttl;
        else if (option == LOPT_MAXTTL)
          daemon->max_ttl = (unsigned long)ttl;
+       else if (option == LOPT_MINTTL)
+         daemon->min_ttl = (unsigned long)ttl;
        else if (option == LOPT_MINCTTL)
          {
            if (ttl > TTL_FLOOR_LIMIT)
diff -urN dnsmasq-2.80/src/rfc1035.c dnsmasq-2.80-bak/src/rfc1035.c
--- dnsmasq-2.80/src/rfc1035.c  2018-10-19 02:21:55.000000000 +0800
+++ dnsmasq-2.80-bak/src/rfc1035.c      2020-01-13 17:12:25.455445871 +0800
@@ -669,11 +669,20 @@
                  GETSHORT(aqtype, p1); 
                  GETSHORT(aqclass, p1);
                  GETLONG(attl, p1);
+                  unsigned long mttl = 0;
                  if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
                    {
-                     (p1) -= 4;
-                     PUTLONG(daemon->max_ttl, p1);
+                      mttl = daemon->max_ttl;
+                   }
+                 if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign)
+                   {
+                      mttl = daemon->min_ttl;
                    }
+                  if (mttl != 0)
+                  {
+                     (p1) -= 4;
+                     PUTLONG(mttl, p1);
+                  }
                  GETSHORT(ardlen, p1);
                  endrr = p1+ardlen;
                  
@@ -762,11 +771,20 @@
              GETSHORT(aqtype, p1); 
              GETSHORT(aqclass, p1);
              GETLONG(attl, p1);
+              unsigned long mttl = 0;
              if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
-               {
-                 (p1) -= 4;
-                 PUTLONG(daemon->max_ttl, p1);
-               }
+               {
+                  mttl = daemon->max_ttl;
+               }
+             if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign)
+               {
+                  mttl = daemon->min_ttl;
+               }
+              if (mttl != 0)
+              {
+                 (p1) -= 4;
+                 PUTLONG(mttl, p1);
+              }
              GETSHORT(ardlen, p1);
              endrr = p1+ardlen;