Category Archives: Raspberry Pi

Self-hosting free password manager : Vaultwarden

Posted by on July 24, 2025 No comments

Bitwarden is an open-source password manager that helps individuals and organizations securely store, manage, and share sensitive information such as passwords, passkeys, and credit card details—all within an encrypted vault. While Bitwarden offers a robust free tier, premium features like TOTP (time-based one-time password) generation for two-factor authentication (2FA) are reserved for paid plans.

Bitwarden also offers a self-hosting option that includes its core password management features for free. However, this option comes with some notable limitations:

  • Certain advanced features still require a paid subscription.
  • Hardware requirements are relatively high, typically needing a x64 CPU and at least 2GB of RAM.
  • This can be a barrier for enthusiasts or hobbyists who want to host it on low-power devices or can’t run servers 24/7.

Enter Vaultwarden


Vaultwarden is a lightweight, community-maintained, and fully self-hosted alternative that is API-compatible with official Bitwarden clients. Originally known as “bitwarden_rs”, it was designed to be much more resource-efficient while supporting nearly all Bitwarden features—including many of the paid ones—for free.

Key advantages of Vaultwarden:

  • Low hardware requirements: Runs smoothly on devices like Raspberry Pi, Synology DiskStation, or other minimal setups.
  • Easy to deploy using Docker.
  • Fast, reliable, and regularly updated by the community.

Deploying Vaultwarden with Docker on Raspberry Pi


In this guide, I’ll show you how to install and configure Vaultwarden on a Raspberry Pi using Docker. We’ll also cover how to make it accessible over the internet using a Cloudflare Tunnel, so you can securely access your password vault from anywhere. I am going to assume that docker is already installed, and you have basic idea of docker commands.

First lets create docker network, and needed directories.


sudo docker network create --subnet=10.5.0.0/16 net_localapps
sudo docker network list
sudo mkdir /var/log/vaultwarden
sudo mkdir /mnt/docker/vaultwarden/
sudo mkdir -p /mnt/docker/vaultwarden/

Next, let add logrotate config, this is completely optional. Add the following to /etc/logrotate.d/vaultwarden

/var/log/vaultwarden/*.log {
  # Run as root (default), since logs are owned by root
  daily
  size 5M
  compress
  rotate 4
  copytruncate
  missingok
  notifempty
  dateext
  dateformat -%Y-%m-%d-%s
}

Next we need to generate a hash of your admin password. Vaultwarden’s admin panel token should be secure and hashed, preventing someone from easily discovering or misusing it—even if they access your environment variables or config. Run the following command, which will give you an hash, we will need that in the next step.

sudo docker run --rm vaultwarden/server:latest hash

It will prompt you to enter a password (your desired admin token):

Admin token (hidden input):
Re-enter admin token:
Hashed token:
$argon2id$v=19$m=19456,t=2,p=1$….

Now, lets use this to launch our vaultwarden docker container.

sudo docker run -d --name bitwarden --restart=always -v /mnt/docker/vaultwarden/:/data/ -v /var/log/vaultwarden:/data/logs/ -e TZ=Asia/Kolkata -e LOG_LEVEL=error -e LOG_FILE=/data/logs/access.log -e EXTENDED_LOGGING=true -e ADMIN_TOKEN='<ADD_YOUR_ADMIN_TOKEN>'  --net net_localapps --ip 10.5.0.2 -p 127.0.0.1:8082:80 -p 127.0.0.1:3012:3012 vaultwarden/server:latest

I have chosen a fixed IP, you may change it. Next, lets configure Cloudflare tunnel to provide access from the internet.

Install cloudflared

sudo apt install wget
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb
sudo dpkg -i cloudflared-linux-arm64.deb

Authenticate Cloudflared

cloudflared tunnel login

Create the Tunnel

cloudflared tunnel create vaultwarden-tunnel

This will generate a tunnel ID (needed in the next) and credentials file (saved locally).

Create Tunnel Configuration

mkdir -p ~/.cloudflared
nano ~/.cloudflared/config.yml
Config 
tunnel: vaultwarden-tunnel
credentials-file: /home/pi/.cloudflared/<YOUR_TUNNEL_ID>.json

ingress:
  - hostname: vault.yourdomain.com
    service: http://10.5.0.2:80
  - service: http_status:404

Cloudflare will handle SSL certificates for your domain.

Happy secure password management!

Installing Log2RAM utility on your Raspberry Pi

Posted by on June 2, 2025 No comments

log2ram is a utility specifically designed for Linux-based systems, particularly single-board computers like the Raspberry Pi, to mitigate wear on their SD cards. It achieves this by strategically minimizing write operations to the SD card, a component known for its susceptibility to degradation from frequent write cycles. The core functionality involves storing system logs in RAM (Random Access Memory), a much faster and less wear-prone storage medium. This approach not only significantly extends the lifespan of the SD card, as detailed in https://linuxfun.org/en/2021/01/01/what-log2ram-does-en/, but also enhances overall system responsiveness due to the inherently faster read and write speeds of RAM compared to SD cards.

Although, log2ram is primarily recommended for Raspberry Pi and systems which run off an SD card, but it can be installed on any Linux system.

log2ram operates by keeping system logs in a RAM-based filesystem (tmpfs). To persist these logs, it periodically flushes or syncs the contents of this RAM filesystem to the actual storage media (typically an SD card) at a defined interval. This synchronization ensures that logs are not completely lost upon a system crash or power failure. The frequency of this flush operation is configurable, allowing users to balance the need for up-to-date persistent logs with the desire to minimize write operations to the SD card. Additionally, log2ram might also trigger a sync under specific conditions, such as before a system shutdown, to ensure data integrity.

Overall, log2ram is a simple yet effective tool to optimize Raspberry Pi and other Linux systems by protecting SD cards from premature failure due to excessive logging writes, while also enhancing system speed.

Installation is pretty straight forward on Debian based system, where you can install from the repository.

echo "deb [signed-by=/usr/share/keyrings/azlux-archive-keyring.gpg] http://packages.azlux.fr/debian/ bookworm main" | sudo tee /etc/apt/sources.list.d/azlux.list
sudo wget -O /usr/share/keyrings/azlux-archive-keyring.gpg  https://azlux.fr/repo.gpg
sudo apt update
sudo apt install log2ram

For manual install & more information refer to https://github.com/azlux/log2ram?tab=readme-ov-file

Post installtion you may tweak the log2ram config file, to adjust the amount of RAM allocated for log storage to suit your system’s resources and logging needs. The configuration also allows you to enable or disable log compression. If compression is enabled, you can typically select from various algorithms that offer different trade-offs between compression ratio and processing overhead. For instance, lz4 is the default and generally recommended for its excellent balance of speed and compression, while zstd can be chosen for achieving maximum compression at the potential cost of slightly higher CPU usage. Here is my log2ram.conf

SIZE=512M
PATH_DISK="/var/log"
JOURNALD_AWARE=true
ZL2R=false
COMP_ALG=lz4
LOG_DISK_SIZE=512M

To further optimize RAM usage, you can configure log2ram to manage only active log files. By default, log2ram mirrors the entire /var/log directory in RAM, which includes both actively written logs and older, rotated log files. Retaining these rotated logs in RAM can consume considerable memory, especially if you have numerous or large historical log files.

However, you can instruct log2ram to exclude these rotated logs by utilizing the olddir directive within the system’s log rotation configuration (managed by logrotate). The olddir directive allows you to specify an alternative directory or even a different partition on your SD card where rotated log files will be moved instead of remaining in /var/log.

By manually editing each relevant logrotate configuration file (typically found in /etc/logrotate.d/) to include an olddir directive pointing to a separate location (for example, /mnt/log/rotated_logs), you ensure that once logs are rotated, they are moved out of /var/log. Consequently, log2ram will only load the active logs present in /var/log into the RAM disk, significantly reducing RAM consumption.

We hope this advanced tip enhances your log2ram experience and contributes even further to the longevity of your SD card. Happy optimizing!