WIP: Container building changes

2025-08-11 05:29:07 +00:00 · 2023-10-05 17:09:38 +02:00 · 2023-10-05 17:09:38 +02:00 · 685a75f07d
commit 685a75f07d
parent 6eaf131922
36 changed files with 985 additions and 2681 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -12,6 +12,7 @@ on:
      - "rustfmt.toml"
      - "diesel.toml"
      - "docker/Dockerfile.j2"
+      - "docker/DockerSettings.yaml"
  pull_request:
    paths:
      - ".github/workflows/build.yml"
@ -23,6 +24,7 @@ on:
      - "rustfmt.toml"
      - "diesel.toml"
      - "docker/Dockerfile.j2"
+      - "docker/DockerSettings.yaml"

 jobs:
  build:
--- a/.github/workflows/hadolint.yml
+++ b/.github/workflows/hadolint.yml
@ -16,7 +16,6 @@ jobs:
        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
      # End Checkout the repo

-
      # Download hadolint - https://github.com/hadolint/hadolint/releases
      - name: Download hadolint
        shell: bash
@ -30,5 +29,5 @@ jobs:
      # Test Dockerfiles
      - name: Run hadolint
        shell: bash
-        run:  git ls-files --exclude='docker/*/Dockerfile*' --ignored --cached | xargs hadolint
+        run: hadolint docker/Dockerfile.{debian,alpine}
      # End Test Dockerfiles
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@ -1,10 +1,12 @@
 ignored:
+  # To prevent issues and make clear some images only work on linux/amd64, we ignore this
+  - DL3029
  # disable explicit version for apt install
  - DL3008
  # disable explicit version for apk install
  - DL3018
-  # disable check for consecutive `RUN` instructions
-  - DL3059
+  # Ignore shellcheck info message
+  - SC1091
 trustedRegistries:
  - docker.io
  - ghcr.io
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -72,10 +72,10 @@ tokio = { version = "1.32.0", features = ["rt-multi-thread", "fs", "io-util", "p

 # A generic serialization/deserialization framework
 serde = { version = "1.0.188", features = ["derive"] }
-serde_json = "1.0.105"
+serde_json = "1.0.107"

 # A safe, extensible ORM and Query builder
-diesel = { version = "2.1.1", features = ["chrono", "r2d2"] }
+diesel = { version = "2.1.2", features = ["chrono", "r2d2"] }
 diesel_migrations = "2.1.0"
 diesel_logger = { version = "0.3.0", optional = true }

@ -90,9 +90,9 @@ ring = "0.16.20"
 uuid = { version = "1.4.1", features = ["v4"] }

 # Date and time libraries
-chrono = { version = "0.4.28", features = ["clock", "serde"], default-features = false }
+chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false }
 chrono-tz = "0.8.3"
-time = "0.3.28"
+time = "0.3.29"

 # Job scheduler
 job_scheduler_ng = "2.0.4"
@ -121,19 +121,19 @@ percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails
 email_address = "0.2.4"

 # HTML Template library
-handlebars = { version = "4.3.7", features = ["dir_source"] }
+handlebars = { version = "4.4.0", features = ["dir_source"] }

 # HTTP client (Used for favicons, version check, DUO and HIBP API)
-reqwest = { version = "0.11.20", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] }
+reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] }

 # Favicon extraction libraries
 html5gum = "0.5.7"
-regex = { version = "1.9.4", features = ["std", "perf", "unicode-perl"], default-features = false }
+regex = { version = "1.9.6", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.3.0"
-bytes = "1.4.0"
+bytes = "1.5.0"

 # Cache function results (Used for version check and favicon fetching)
-cached = "0.44.0"
+cached = { version = "0.46.0", features = ["async"] }

 # Used for custom short lived cookie jar during favicon extraction
 cookie = "0.16.2"
@ -150,34 +150,41 @@ paste = "1.0.14"
 governor = "0.6.0"

 # Check client versions for specific features.
-semver = "1.0.18"
+semver = "1.0.19"

 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
-mimalloc = { version = "0.1.38", features = ["secure"], default-features = false, optional = true }
-which = "4.4.0"
+mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true }
+which = "4.4.2"

 # Argon2 library with support for the PHC format
-argon2 = "0.5.1"
+argon2 = "0.5.2"

 # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN
 rpassword = "7.2.0"

+# Set openssl-sys fixed to v0.9.92 to prevent building issues with musl, arm and 32bit pointer width
+# It will force add a dynamically linked library which prevents the build from being static
+openssl-sys = "=0.9.92"
+
+
 [patch.crates-io]
 rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch
 # rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch

+
 # Strip debuginfo from the release builds
 # Also enable thin LTO for some optimizations
 [profile.release]
 strip = "debuginfo"
 lto = "thin"

-# Always build argon2 using opt-level 3
-# This is a huge speed improvement during testing
-[profile.dev.package.argon2]
-opt-level = 3

 # A little bit of a speedup
 [profile.dev]
 split-debuginfo = "unpacked"
+
+# Always build argon2 using opt-level 3
+# This is a huge speed improvement during testing
+[profile.dev.package.argon2]
+opt-level = 3
--- a/docker/DockerSettings.yaml
+++ b/docker/DockerSettings.yaml
@ -0,0 +1,25 @@
+---
+vault_version: "v2023.8.2"
+vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" # v2023.8.2
+rust_version: 1.72.1 # Rust version to be used
+debian_version: bookworm # Debian release name to be used
+alpine_version: 3.18 # Alpine version to be used
+# For which platforms/architectures will we try to build images
+platforms: ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+# Determine the build images per OS/Arch
+build_stage_image:
+  debian:
+    image: "docker.io/library/rust:{{rust_version}}-slim-{{debian_version}}"
+    platform: "$BUILDPLATFORM"
+  alpine:
+    image: "build_${TARGETARCH}${TARGETVARIANT}"
+    platform: "linux/amd64" # The Alpine build images only have linux/amd64 images
+    arch_image:
+      amd64: "ghcr.io/blackdex/rust-musl:x86_64-musl-stable-{{rust_version}}"
+      arm64: "ghcr.io/blackdex/rust-musl:aarch64-musl-stable-{{rust_version}}"
+      armv7: "ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-{{rust_version}}"
+      armv6: "ghcr.io/blackdex/rust-musl:arm-musleabi-stable-{{rust_version}}"
+# The final image which will be used to distribute the container images
+runtime_stage_image:
+  debian: "docker.io/library/debian:{{debian_version}}-slim"
+  alpine: "docker.io/library/alpine:{{alpine_version}}"
--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@ -0,0 +1,156 @@
+# syntax=docker/dockerfile:1
+
+# This file was generated using a Jinja2 template.
+# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make`
+# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine`
+
+# Using multistage build:
+# 	https://docs.docker.com/develop/develop-images/multistage-build/
+# 	https://whitfin.io/speeding-up-rust-docker-builds/
+
+####################### VAULT BUILD IMAGE #######################
+# The web-vault digest specifies a particular web-vault build on Docker Hub.
+# Using the digest instead of the tag name provides better security,
+# as the digest of an image is immutable, whereas a tag name can later
+# be changed to point to a malicious image.
+#
+# To verify the current digest for a given tag name:
+# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
+#   click the tag name to view the digest of the image it currently points to.
+# - From the command line:
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
+#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
+#
+# - Conversely, to get the tag name from the digest:
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
+#     [docker.io/vaultwarden/web-vault:v2023.8.2]
+#
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
+
+########################## ALPINE BUILD IMAGES ##########################
+## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
+## And for Alpine we define all build images here, they will only be loaded when actually used
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.72.1 as build_amd64
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.72.1 as build_arm64
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.1 as build_armv7
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.72.1 as build_armv6
+
+########################## BUILD IMAGE ##########################
+# hadolint ignore=DL3006
+FROM --platform=linux/amd64 build_${TARGETARCH}${TARGETVARIANT} as build
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG TARGETPLATFORM
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive \
+    LANG=C.UTF-8 \
+    TZ=UTC \
+    TERM=xterm-256color \
+    CARGO_HOME="/root/.cargo" \
+    USER="root" \
+    # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
+    # Debian Bookworm already contains libpq v15
+    PQ_LIB_DIR="/usr/local/musl/pq15/lib"
+
+
+# Create CARGO_HOME folder and don't download rust docs
+RUN mkdir -pv "${CARGO_HOME}" \
+    && rustup set profile minimal
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
+WORKDIR /app
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain.toml ./rust-toolchain.toml
+COPY ./build.rs ./build.rs
+
+# Shared variables across Debian and Alpine
+RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \
+    # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
+    if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi
+
+# Enable MiMalloc to improve performance on Alpine builds
+ARG DB=sqlite,mysql,postgresql,enable_mimalloc
+
+RUN source /env-cargo && \
+    rustup target add "${CARGO_TARGET}"
+
+# ARG CARGO_PROFILE=release
+ARG CARGO_PROFILE=dev
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN source /env-cargo && \
+    cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+    find . -not -path "./target*" -delete
+
+# Copies the complete project
+# To avoid copying unneeded files, use .dockerignore
+COPY . .
+
+# Builds again, this time it will be the actual source files being build
+RUN source /env-cargo && \
+    # Make sure that we actually build the project by updating the src/main.rs timestamp
+    touch src/main.rs && \
+    # Create a symlink to the binary target folder to easy copy the binary in the final stage
+    cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+    if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \
+        ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \
+    else \
+        ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \
+    fi
+
+
+######################## RUNTIME IMAGE  ########################
+# Create a new stage with a minimal image
+# because we already have a binary built
+#
+# For these images to be able to built you need to have qemu binfmt support.
+# See the following pages to help install these tools locally
+# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
+# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
+#
+# Or use a Docker image which modifies your host system to support this.
+# The GitHub Actions Workflow uses the same image as used below.
+# See: https://github.com/tonistiigi/binfmt
+# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
+# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
+FROM docker.io/library/alpine:3.18
+
+ENV ROCKET_PROFILE="release" \
+    ROCKET_ADDRESS=0.0.0.0 \
+    ROCKET_PORT=80 \
+    SSL_CERT_DIR=/etc/ssl/certs
+
+# Create data folder and Install needed libraries
+RUN mkdir /data && \
+    apk --no-cache add \
+          ca-certificates \
+          curl \
+          openssl \
+          tzdata
+
+VOLUME /data
+EXPOSE 80
+EXPOSE 3012
+
+# Copies the files from the context (Rocket.toml file and web-vault)
+# and the binary from the "build" stage to the current stage
+WORKDIR /
+
+COPY docker/healthcheck.sh /healthcheck.sh
+COPY docker/start.sh /start.sh
+
+COPY --from=vault /web-vault ./web-vault
+COPY --from=build /app/target/final/vaultwarden .
+
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
+
+CMD ["/start.sh"]
--- a/docker/Dockerfile.buildx
+++ b/docker/Dockerfile.buildx
@ -1,34 +0,0 @@
-# syntax=docker/dockerfile:1
-# The cross-built images have the build arch (`amd64`) embedded in the image
-# manifest, rather than the target arch. For example:
-#
-#   $ docker inspect vaultwarden/server:latest-armv7 | jq -r '.[]|.Architecture'
-#   amd64
-#
-# Recent versions of Docker have started printing a warning when the image's
-# claimed arch doesn't match the host arch. For example:
-#
-#   WARNING: The requested image's platform (linux/amd64) does not match the
-#   detected host platform (linux/arm/v7) and no specific platform was requested
-#
-# The image still works fine, but the spurious warning creates confusion.
-#
-# Docker doesn't seem to provide a way to directly set the arch of an image
-# at build time. To resolve the build vs. target arch discrepancy, we use
-# Docker Buildx to build a new set of images with the correct target arch.
-#
-# Docker Buildx uses this Dockerfile to build an image for each requested
-# platform. Since the Dockerfile basically consists of a single `FROM`
-# instruction, we're effectively telling Buildx to build a platform-specific
-# image by simply copying the existing cross-built image and setting the
-# correct target arch as a side effect.
-#
-# References:
-#
-# - https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images
-# - https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
-# - https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
-#
-ARG LOCAL_REPO
-ARG DOCKER_TAG
-FROM ${LOCAL_REPO}:${DOCKER_TAG}-${TARGETARCH}${TARGETVARIANT}
--- a/docker/Dockerfile.debian
+++ b/docker/Dockerfile.debian
@ -0,0 +1,179 @@
+# syntax=docker/dockerfile:1
+
+# This file was generated using a Jinja2 template.
+# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make`
+# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine`
+
+# Using multistage build:
+# 	https://docs.docker.com/develop/develop-images/multistage-build/
+# 	https://whitfin.io/speeding-up-rust-docker-builds/
+
+####################### VAULT BUILD IMAGE #######################
+# The web-vault digest specifies a particular web-vault build on Docker Hub.
+# Using the digest instead of the tag name provides better security,
+# as the digest of an image is immutable, whereas a tag name can later
+# be changed to point to a malicious image.
+#
+# To verify the current digest for a given tag name:
+# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
+#   click the tag name to view the digest of the image it currently points to.
+# - From the command line:
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
+#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
+#
+# - Conversely, to get the tag name from the digest:
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
+#     [docker.io/vaultwarden/web-vault:v2023.8.2]
+#
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
+
+########################## Cross Compile Docker Helper Scripts ##########################
+FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx
+
+########################## BUILD IMAGE ##########################
+# hadolint ignore=DL3006
+FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.72.1-slim-bookworm as build
+COPY --from=xx / /
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG TARGETPLATFORM
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive \
+    LANG=C.UTF-8 \
+    TZ=UTC \
+    TERM=xterm-256color \
+    CARGO_HOME="/root/.cargo" \
+    USER="root"
+
+# Install clang to get `xx-cargo` working
+# Install pkg-config to allow amd64 builds to find all libraries
+RUN apt-get update && \
+    apt-get install -y \
+        --no-install-recommends \
+        clang pkg-config
+
+RUN xx-apt-get install -y \
+        --no-install-recommends \
+        gcc \
+        libc6-dev \
+        linux-libc-dev \
+        libmariadb-dev \
+        libmariadb-dev-compat \
+        libmariadb3 \
+        libpq-dev \
+        libpq5 \
+        libssl-dev
+
+# Create CARGO_HOME folder and don't download rust docs
+RUN mkdir -pv "${CARGO_HOME}" \
+    && rustup set profile minimal
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
+WORKDIR /app
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain.toml ./rust-toolchain.toml
+COPY ./build.rs ./build.rs
+
+# Environment variables for cargo across Debian and Alpine
+RUN echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo && \
+    if xx-info is-cross ; then \
+        # We can't use xx-cargo since that uses clang, which doesn't work for our libraries.
+        # Because of this we generate the needed environment variables here which we can load in the needed steps.
+        echo "export CC_$(xx-cargo --print-target-triple | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+        echo "export CARGO_TARGET_$(xx-cargo --print-target-triple | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+        echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \
+        echo "export CROSS_COMPILE=1" >> /env-cargo && \
+        echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \
+        echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \
+    fi
+
+# Configure the DB ARG as late as possible to not invalidate the cached layers above
+ARG DB=sqlite,mysql,postgresql
+
+RUN source /env-cargo && \
+    rustup target add "${CARGO_TARGET}"
+
+# ARG CARGO_PROFILE=release
+ARG CARGO_PROFILE=dev
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN source /env-cargo && \
+    cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+    find . -not -path "./target*" -delete
+
+# Copies the complete project
+# To avoid copying unneeded files, use .dockerignore
+COPY . .
+
+# Builds again, this time it will be the actual source files being build
+RUN source /env-cargo && \
+    # Make sure that we actually build the project by updating the src/main.rs timestamp
+    touch src/main.rs && \
+    # Create a symlink to the binary target folder to easy copy the binary in the final stage
+    cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+    if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \
+        ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \
+    else \
+        ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \
+    fi
+
+
+######################## RUNTIME IMAGE  ########################
+# Create a new stage with a minimal image
+# because we already have a binary built
+#
+# For these images to be able to built you need to have qemu binfmt support.
+# See the following pages to help install these tools locally
+# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
+# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
+#
+# Or use a Docker image which modifies your host system to support this.
+# The GitHub Actions Workflow uses the same image as used below.
+# See: https://github.com/tonistiigi/binfmt
+# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
+# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
+FROM docker.io/library/debian:bookworm-slim
+
+ENV ROCKET_PROFILE="release" \
+    ROCKET_ADDRESS=0.0.0.0 \
+    ROCKET_PORT=80 \
+    DEBIAN_FRONTEND=noninteractive
+
+# Create data folder and Install needed libraries
+RUN mkdir /data && \
+    apt-get update && apt-get install -y \
+        --no-install-recommends \
+        ca-certificates \
+        curl \
+        libmariadb-dev-compat \
+        libpq5 \
+        openssl && \
+        apt-get clean && \
+        rm -rf /var/lib/apt/lists/*
+
+VOLUME /data
+EXPOSE 80
+EXPOSE 3012
+
+# Copies the files from the context (Rocket.toml file and web-vault)
+# and the binary from the "build" stage to the current stage
+WORKDIR /
+
+COPY docker/healthcheck.sh /healthcheck.sh
+COPY docker/start.sh /start.sh
+
+COPY --from=vault /web-vault ./web-vault
+COPY --from=build /app/target/final/vaultwarden .
+
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
+
+CMD ["/start.sh"]
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@ -1,68 +1,14 @@
 # syntax=docker/dockerfile:1

 # This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-{% set rust_version = "1.72.0" %}
-{% set debian_version = "bookworm" %}
-{% set alpine_version = "3.17" %}
-{% set build_stage_base_image = "docker.io/library/rust:%s-%s" % (rust_version, debian_version) %}
-{% if "alpine" in target_file %}
-{%   if "amd64" in target_file %}
-{%     set build_stage_base_image = "docker.io/blackdex/rust-musl:x86_64-musl-stable-%s-openssl3" % rust_version %}
-{%     set runtime_stage_base_image = "docker.io/library/alpine:%s" % alpine_version %}
-{%     set package_arch_target = "x86_64-unknown-linux-musl" %}
-{%   elif "armv7" in target_file %}
-{%     set build_stage_base_image = "docker.io/blackdex/rust-musl:armv7-musleabihf-stable-%s-openssl3" % rust_version %}
-{%     set runtime_stage_base_image = "docker.io/balenalib/armv7hf-alpine:%s" % alpine_version %}
-{%     set package_arch_target = "armv7-unknown-linux-musleabihf" %}
-{%   elif "armv6" in target_file %}
-{%     set build_stage_base_image = "docker.io/blackdex/rust-musl:arm-musleabi-stable-%s-openssl3" % rust_version %}
-{%     set runtime_stage_base_image = "docker.io/balenalib/rpi-alpine:%s" % alpine_version %}
-{%     set package_arch_target = "arm-unknown-linux-musleabi" %}
-{%   elif "arm64" in target_file %}
-{%     set build_stage_base_image = "docker.io/blackdex/rust-musl:aarch64-musl-stable-%s-openssl3" % rust_version %}
-{%     set runtime_stage_base_image = "docker.io/balenalib/aarch64-alpine:%s" % alpine_version %}
-{%     set package_arch_target = "aarch64-unknown-linux-musl" %}
-{%   endif %}
-{% elif "amd64" in target_file %}
-{%   set runtime_stage_base_image = "docker.io/library/debian:%s-slim" % debian_version %}
-{% elif "arm64" in target_file %}
-{%   set runtime_stage_base_image = "docker.io/balenalib/aarch64-debian:%s" % debian_version %}
-{%   set package_arch_name = "arm64" %}
-{%   set package_arch_target = "aarch64-unknown-linux-gnu" %}
-{%   set package_cross_compiler = "aarch64-linux-gnu" %}
-{% elif "armv6" in target_file %}
-{%   set runtime_stage_base_image = "docker.io/balenalib/rpi-debian:%s" % debian_version %}
-{%   set package_arch_name = "armel" %}
-{%   set package_arch_target = "arm-unknown-linux-gnueabi" %}
-{%   set package_cross_compiler = "arm-linux-gnueabi" %}
-{% elif "armv7" in target_file %}
-{%   set runtime_stage_base_image = "docker.io/balenalib/armv7hf-debian:%s" % debian_version %}
-{%   set package_arch_name = "armhf" %}
-{%   set package_arch_target = "armv7-unknown-linux-gnueabihf" %}
-{%   set package_cross_compiler = "arm-linux-gnueabihf" %}
-{% endif %}
-{% if package_arch_name is defined %}
-{%   set package_arch_prefix = ":" + package_arch_name %}
-{% else %}
-{%   set package_arch_prefix = "" %}
-{% endif %}
-{% if package_arch_target is defined %}
-{%   set package_arch_target_param = " --target=" + package_arch_target %}
-{% else %}
-{%   set package_arch_target_param = "" %}
-{% endif %}
-{% if "buildkit" in target_file %}
-{%   set mount_rust_cache = "--mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry " %}
-{% else %}
-{%   set mount_rust_cache = "" %}
-{% endif %}
+# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make`
+# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine`
+
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-{% set vault_version = "v2023.8.2" %}
-{% set vault_image_digest = "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" %}
+
+####################### VAULT BUILD IMAGE #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
@ -80,10 +26,31 @@
 #     $ docker image inspect --format "{{ '{{' }}.RepoTags}}" docker.io/vaultwarden/web-vault@{{ vault_image_digest }}
 #     [docker.io/vaultwarden/web-vault:{{ vault_version }}]
 #
-FROM docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault

-########################## BUILD IMAGE  ##########################
-FROM {{ build_stage_base_image }} as build
+{% if base == "debian" %}
+########################## Cross Compile Docker Helper Scripts ##########################
+FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx
+{% elif base == "alpine" %}
+########################## ALPINE BUILD IMAGES ##########################
+## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
+## And for Alpine we define all build images here, they will only be loaded when actually used
+{% for arch in build_stage_image[base].arch_image %}
+FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].arch_image[arch] }} as build_{{ arch }}
+{% endfor %}
+{% endif %}
+
+########################## BUILD IMAGE ##########################
+# hadolint ignore=DL3006
+FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].image }} as build
+{% if base == "debian" %}
+COPY --from=xx / /
+{% endif %}
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG TARGETPLATFORM
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@ -91,56 +58,39 @@ ENV DEBIAN_FRONTEND=noninteractive \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
    USER="root"
+{%- if base == "alpine" %} \
+    # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
+    # Debian Bookworm already contains libpq v15
+    PQ_LIB_DIR="/usr/local/musl/pq15/lib"
+{% endif %}
+
+{% if base == "debian" %}
+
+# Install clang to get `xx-cargo` working
+# Install pkg-config to allow amd64 builds to find all libraries
+RUN apt-get update && \
+    apt-get install -y \
+        --no-install-recommends \
+        clang pkg-config
+
+RUN xx-apt-get install -y \
+        --no-install-recommends \
+        gcc \
+        libc6-dev \
+        linux-libc-dev \
+        libmariadb-dev \
+        libmariadb-dev-compat \
+        libmariadb3 \
+        libpq-dev \
+        libpq5 \
+        libssl-dev
+{% endif %}

 # Create CARGO_HOME folder and don't download rust docs
-RUN {{ mount_rust_cache -}} mkdir -pv "${CARGO_HOME}" \
+RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal

-{% if "alpine" in target_file %}
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-{%   if "armv6" in target_file %}
-# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
-ENV RUSTFLAGS='-Clink-arg=-latomic'
-{%   endif %}
-{% elif "arm" in target_file %}
-# Install build dependencies for the {{ package_arch_name }} architecture
-RUN {{ mount_rust_cache -}} dpkg --add-architecture {{ package_arch_name }} \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        gcc-{{ package_cross_compiler }} \
-        libc6-dev{{ package_arch_prefix }} \
-        linux-libc-dev{{ package_arch_prefix }} \
-        libmariadb-dev{{ package_arch_prefix }} \
-        libmariadb-dev-compat{{ package_arch_prefix }} \
-        libmariadb3{{ package_arch_prefix }} \
-        libpq-dev{{ package_arch_prefix }} \
-        libpq5{{ package_arch_prefix }} \
-        libssl-dev{{ package_arch_prefix }} \
-    #
-    # Make sure cargo has the right target config
-    && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \
-    && echo 'linker = "{{ package_cross_compiler }}-gcc"' >> "${CARGO_HOME}/config" \
-    && echo 'rustflags = ["-L/usr/lib/{{ package_cross_compiler }}"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" \
-    CROSS_COMPILE="1" \
-    OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \
-    OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}"
-{% elif "amd64" in target_file %}
-# Install build dependencies
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libmariadb-dev \
-        libpq-dev
-{% endif %}
-
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
@ -150,74 +100,105 @@ COPY ./Cargo.* ./
 COPY ./rust-toolchain.toml ./rust-toolchain.toml
 COPY ./build.rs ./build.rs

-{% if package_arch_target is defined %}
-RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }}
-{% endif %}
+{% if base == "debian" %}
+# Environment variables for cargo across Debian and Alpine
+RUN echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo && \
+    if xx-info is-cross ; then \
+        # We can't use xx-cargo since that uses clang, which doesn't work for our libraries.
+        # Because of this we generate the needed environment variables here which we can load in the needed steps.
+        echo "export CC_$(xx-cargo --print-target-triple | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+        echo "export CARGO_TARGET_$(xx-cargo --print-target-triple | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+        echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \
+        echo "export CROSS_COMPILE=1" >> /env-cargo && \
+        echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \
+        echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \
+    fi

 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-{% if "alpine" in target_file %}
+ARG DB=sqlite,mysql,postgresql
+{% elif base == "alpine" %}
+# Shared variables across Debian and Alpine
+RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \
+    # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
+    if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi
+
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-{% else %}
-ARG DB=sqlite,mysql,postgresql
 {% endif %}

+RUN source /env-cargo && \
+    rustup target add "${CARGO_TARGET}"
+
+# ARG CARGO_PROFILE=release
+ARG CARGO_PROFILE=dev
+
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
-RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} \
-    && find . -not -path "./target*" -delete
+RUN source /env-cargo && \
+    cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+    find . -not -path "./target*" -delete

 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-# Make sure that we actually build the project
-RUN touch src/main.rs
+# Builds again, this time it will be the actual source files being build
+RUN source /env-cargo && \
+    # Make sure that we actually build the project by updating the src/main.rs timestamp
+    touch src/main.rs && \
+    # Create a symlink to the binary target folder to easy copy the binary in the final stage
+    cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+    if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \
+        ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \
+    else \
+        ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \
+    fi

-# Builds again, this time it'll just be
-# your actual source files being built
-RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }}

 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM {{ runtime_stage_base_image }}
+#
+# For these images to be able to built you need to have qemu binfmt support.
+# See the following pages to help install these tools locally
+# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
+# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
+#
+# Or use a Docker image which modifies your host system to support this.
+# The GitHub Actions Workflow uses the same image as used below.
+# See: https://github.com/tonistiigi/binfmt
+# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
+# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
+FROM {{ runtime_stage_image[base] }}

 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
-{%- if "alpine" in runtime_stage_base_image %} \
+{%- if base == "debian" %} \
+    DEBIAN_FRONTEND=noninteractive
+{% elif base == "alpine" %} \
    SSL_CERT_DIR=/etc/ssl/certs
 {% endif %}

-
-{% if "amd64" not in target_file %}
-RUN [ "cross-build-start" ]
-{% endif %}
-
 # Create data folder and Install needed libraries
-RUN mkdir /data \
-{% if "alpine" in runtime_stage_base_image %}
-    && apk add --no-cache \
+RUN mkdir /data && \
+{% if base == "debian" %}
+    apt-get update && apt-get install -y \
+        --no-install-recommends \
        ca-certificates \
        curl \
-        openssl \
-        tzdata
-{% else %}
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-{% endif %}
-
-{% if "amd64" not in target_file %}
-RUN [ "cross-build-end" ]
+        libmariadb-dev-compat \
+        libpq5 \
+        openssl && \
+        apt-get clean && \
+        rm -rf /var/lib/apt/lists/*
+{% elif base == "alpine" %}
+    apk --no-cache add \
+          ca-certificates \
+          curl \
+          openssl \
+          tzdata
 {% endif %}

 VOLUME /data
@ -227,16 +208,13 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-{% if package_arch_target is defined %}
-COPY --from=build /app/target/{{ package_arch_target }}/release/vaultwarden .
-{% else %}
-COPY --from=build /app/target/release/vaultwarden .
-{% endif %}

 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh

+COPY --from=vault /web-vault ./web-vault
+COPY --from=build /app/target/final/vaultwarden .
+
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 CMD ["/start.sh"]
--- a/docker/Makefile
+++ b/docker/Makefile
@ -1,15 +1,3 @@
-OBJECTS := $(shell find ./ -mindepth 2 -name 'Dockerfile*')
-
-all: $(OBJECTS)
-
-%/Dockerfile: Dockerfile.j2 render_template
-	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
-
-%/Dockerfile.alpine: Dockerfile.j2 render_template
-	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
-
-%/Dockerfile.buildkit: Dockerfile.j2 render_template
-	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
-
-%/Dockerfile.buildkit.alpine: Dockerfile.j2 render_template
-	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
+all:
+	./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian
+	./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine
--- a/docker/README.md
+++ b/docker/README.md
@ -1,3 +1,7 @@
-The arch-specific directory names follow the arch identifiers used by the Docker official images:
+# Vaultwarden Container Building

-https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64
+## Local container building
+
+```bash
+docker buildx create --name multiarch --use --driver-opt network=host
+```
--- a/docker/amd64/Dockerfile
+++ b/docker/amd64/Dockerfile
@ -1,119 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Install build dependencies
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libmariadb-dev \
-        libpq-dev
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/library/debian:bookworm-slim
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80
-
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.alpine
+++ b/docker/amd64/Dockerfile.alpine
@ -1,116 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add x86_64-unknown-linux-musl
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/library/alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80 \
-    SSL_CERT_DIR=/etc/ssl/certs
-
-
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apk add --no-cache \
-        ca-certificates \
-        curl \
-        openssl \
-        tzdata
-
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.buildkit
+++ b/docker/amd64/Dockerfile.buildkit
@ -1,119 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Install build dependencies
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libmariadb-dev \
-        libpq-dev
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/library/debian:bookworm-slim
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80
-
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.buildkit.alpine
+++ b/docker/amd64/Dockerfile.buildkit.alpine
@ -1,116 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add x86_64-unknown-linux-musl
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/library/alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80 \
-    SSL_CERT_DIR=/etc/ssl/certs
-
-
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apk add --no-cache \
-        ca-certificates \
-        curl \
-        openssl \
-        tzdata
-
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile
+++ b/docker/arm64/Dockerfile
@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Install build dependencies for the arm64 architecture
-RUN dpkg --add-architecture arm64 \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        gcc-aarch64-linux-gnu \
-        libc6-dev:arm64 \
-        linux-libc-dev:arm64 \
-        libmariadb-dev:arm64 \
-        libmariadb-dev-compat:arm64 \
-        libmariadb3:arm64 \
-        libpq-dev:arm64 \
-        libpq5:arm64 \
-        libssl-dev:arm64 \
-    #
-    # Make sure cargo has the right target config
-    && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \
-    && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \
-    && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \
-    CROSS_COMPILE="1" \
-    OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \
-    OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add aarch64-unknown-linux-gnu
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/aarch64-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.alpine
+++ b/docker/arm64/Dockerfile.alpine
@ -1,118 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add aarch64-unknown-linux-musl
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/aarch64-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80 \
-    SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apk add --no-cache \
-        ca-certificates \
-        curl \
-        openssl \
-        tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.buildkit
+++ b/docker/arm64/Dockerfile.buildkit
@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Install build dependencies for the arm64 architecture
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture arm64 \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        gcc-aarch64-linux-gnu \
-        libc6-dev:arm64 \
-        linux-libc-dev:arm64 \
-        libmariadb-dev:arm64 \
-        libmariadb-dev-compat:arm64 \
-        libmariadb3:arm64 \
-        libpq-dev:arm64 \
-        libpq5:arm64 \
-        libssl-dev:arm64 \
-    #
-    # Make sure cargo has the right target config
-    && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \
-    && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \
-    && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \
-    CROSS_COMPILE="1" \
-    OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \
-    OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-gnu
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/aarch64-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.buildkit.alpine
+++ b/docker/arm64/Dockerfile.buildkit.alpine
@ -1,118 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-musl
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/aarch64-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80 \
-    SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apk add --no-cache \
-        ca-certificates \
-        curl \
-        openssl \
-        tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile
+++ b/docker/armv6/Dockerfile
@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Install build dependencies for the armel architecture
-RUN dpkg --add-architecture armel \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        gcc-arm-linux-gnueabi \
-        libc6-dev:armel \
-        linux-libc-dev:armel \
-        libmariadb-dev:armel \
-        libmariadb-dev-compat:armel \
-        libmariadb3:armel \
-        libpq-dev:armel \
-        libpq5:armel \
-        libssl-dev:armel \
-    #
-    # Make sure cargo has the right target config
-    && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \
-    && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \
-    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \
-    CROSS_COMPILE="1" \
-    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \
-    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add arm-unknown-linux-gnueabi
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/rpi-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.alpine
+++ b/docker/armv6/Dockerfile.alpine
@ -1,120 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
-ENV RUSTFLAGS='-Clink-arg=-latomic'
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add arm-unknown-linux-musleabi
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/rpi-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80 \
-    SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apk add --no-cache \
-        ca-certificates \
-        curl \
-        openssl \
-        tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.buildkit
+++ b/docker/armv6/Dockerfile.buildkit
@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Install build dependencies for the armel architecture
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armel \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        gcc-arm-linux-gnueabi \
-        libc6-dev:armel \
-        linux-libc-dev:armel \
-        libmariadb-dev:armel \
-        libmariadb-dev-compat:armel \
-        libmariadb3:armel \
-        libpq-dev:armel \
-        libpq5:armel \
-        libssl-dev:armel \
-    #
-    # Make sure cargo has the right target config
-    && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \
-    && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \
-    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \
-    CROSS_COMPILE="1" \
-    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \
-    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-gnueabi
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/rpi-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.buildkit.alpine
+++ b/docker/armv6/Dockerfile.buildkit.alpine
@ -1,120 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
-ENV RUSTFLAGS='-Clink-arg=-latomic'
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-musleabi
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/rpi-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80 \
-    SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apk add --no-cache \
-        ca-certificates \
-        curl \
-        openssl \
-        tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile
+++ b/docker/armv7/Dockerfile
@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Install build dependencies for the armhf architecture
-RUN dpkg --add-architecture armhf \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        gcc-arm-linux-gnueabihf \
-        libc6-dev:armhf \
-        linux-libc-dev:armhf \
-        libmariadb-dev:armhf \
-        libmariadb-dev-compat:armhf \
-        libmariadb3:armhf \
-        libpq-dev:armhf \
-        libpq5:armhf \
-        libssl-dev:armhf \
-    #
-    # Make sure cargo has the right target config
-    && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \
-    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \
-    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \
-    CROSS_COMPILE="1" \
-    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \
-    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add armv7-unknown-linux-gnueabihf
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/armv7hf-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.alpine
+++ b/docker/armv7/Dockerfile.alpine
@ -1,118 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add armv7-unknown-linux-musleabihf
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/armv7hf-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80 \
-    SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apk add --no-cache \
-        ca-certificates \
-        curl \
-        openssl \
-        tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.buildkit
+++ b/docker/armv7/Dockerfile.buildkit
@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Install build dependencies for the armhf architecture
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armhf \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        gcc-arm-linux-gnueabihf \
-        libc6-dev:armhf \
-        linux-libc-dev:armhf \
-        libmariadb-dev:armhf \
-        libmariadb-dev-compat:armhf \
-        libmariadb3:armhf \
-        libpq-dev:armhf \
-        libpq5:armhf \
-        libssl-dev:armhf \
-    #
-    # Make sure cargo has the right target config
-    && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \
-    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \
-    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \
-    CROSS_COMPILE="1" \
-    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \
-    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-gnueabihf
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/armv7hf-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apt-get update && apt-get install -y \
-    --no-install-recommends \
-    ca-certificates \
-    curl \
-    libmariadb-dev-compat \
-    libpq5 \
-    openssl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.buildkit.alpine
+++ b/docker/armv7/Dockerfile.buildkit.alpine
@ -1,118 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-#   click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE  ##########################
-FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    TERM=xterm-256color \
-    CARGO_HOME="/root/.cargo" \
-    REGISTRIES_CRATES_IO_PROTOCOL=sparse \
-    USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
-    && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-musleabihf
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \
-    && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
-
-######################## RUNTIME IMAGE  ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/armv7hf-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
-    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_PORT=80 \
-    SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
-    && apk add --no-cache \
-        ca-certificates \
-        curl \
-        openssl \
-        tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
--- a/docker/docker-bake.hcl
+++ b/docker/docker-bake.hcl
@ -0,0 +1,136 @@
+// ==== Baking Variables ====
+
+// Set which cargo provile to use, dev or release for example
+// Use the value provided in the Dockerfile as default
+variable "CARGO_PROFILE" {
+  default = null
+}
+
+// Set which DB's (features) to enable
+// Use the value provided in the Dockerfile as default
+variable "DB" {
+  default = null
+}
+
+// The repository this build was triggered from
+variable "SOURCE_REPOSITORY_URL" {
+  default = null
+}
+
+// The commit hash of of the current commit this build was triggered on
+variable "SOURCE_COMMIT" {
+  default = null
+}
+
+// The version of this build
+// Typically the current exact tag of this commit,
+// else the last tag and the first 8 characters of the source commit
+variable "SOURCE_VERSION" {
+  default = null
+}
+
+// The base tag(s) to use
+// This can be a comma separated value like "testing,1.29.2"
+variable "BASE_TAGS" {
+  default = "testing"
+}
+
+// Which container registries should be used for the tagging
+// This can be a comma separated value
+// Use a full URI like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server`
+variable "CONTAINER_REGISTRIES" {
+  default = "vaultwarden/server"
+}
+
+
+// ==== Baking Groups ====
+
+group "default" {
+  targets = ["debian"]
+}
+
+
+// ==== Shared Baking ====
+
+target "_default_attributes" {
+  labels = {
+    "org.opencontainers.image.licenses" = "AGPL-3.0-only"
+    "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki"
+    "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden"
+    "org.opencontainers.image.created" =  "${formatdate("YYYY-MM-DD'T'hh:mm:ssZZZZZ", timestamp())}"
+    "org.opencontainers.image.source" = "${SOURCE_REPOSITORY_URL}"
+    "org.opencontainers.image.revision" = "${SOURCE_COMMIT}"
+    "org.opencontainers.image.version" = "${SOURCE_VERSION}"
+  }
+  args = {
+    DB = "${DB}"
+    CARGO_PROFILE = "${CARGO_PROFILE}"
+  }
+}
+
+
+// ==== Debian Baking ====
+
+target "debian" {
+  inherits = ["_default_attributes"]
+  dockerfile = "docker/Dockerfile.debian"
+  output = ["type=docker"]
+  tags = generate_tags("", platform_tag())
+}
+
+target "debian-all" {
+  inherits = ["debian"]
+  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+  tags = generate_tags("", "")
+  output = ["type=registry"]
+}
+
+
+// ==== Alpine Baking ====
+
+target "alpine" {
+  inherits = ["_default_attributes"]
+  dockerfile = "docker/Dockerfile.alpine"
+  output = ["type=docker"]
+  tags = generate_tags("-alpine", platform_tag())
+}
+
+target "alpine-all" {
+  inherits = ["alpine"]
+  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+  tags = generate_tags("-alpine", "")
+  output = ["type=registry"]
+}
+
+
+// ==== Baking functions ====
+
+// This will return the local platform as amd64, arm64 or armv7 for example
+// It can be used for creating a local image tag
+function "platform_tag" {
+  params = []
+  result = "-${replace(replace(BAKE_LOCAL_PLATFORM, "linux/", ""), "/", "")}"
+}
+
+
+function "get_container_registries" {
+  params = []
+  result = flatten(split(",", CONTAINER_REGISTRIES))
+}
+
+function "get_base_tags" {
+  params = []
+  result = flatten(split(",", BASE_TAGS))
+}
+
+function "generate_tags" {
+  params = [
+    suffix,   // What to append to the BASE_TAG when needed, like `-alpine` for example
+    platform  // the platform we are building for if needed
+  ]
+  result = flatten([
+    for registry in get_container_registries() :
+      [for base_tag in get_base_tags() :
+        concat(["${registry}:${base_tag}${suffix}${platform}"])]
+  ])
+}
--- a/docker/render_template
+++ b/docker/render_template
@ -1,17 +1,31 @@
 #!/usr/bin/env python3

-import os, argparse, json
-
+import os
+import argparse
+import json
+import yaml
 import jinja2

+# Load settings file
+with open("DockerSettings.yaml", 'r') as yaml_file:
+	yaml_data = yaml.safe_load(yaml_file)
+
+settings_env = jinja2.Environment(
+	loader=jinja2.FileSystemLoader(os.getcwd()),
+)
+settings_yaml = yaml.safe_load(settings_env.get_template("DockerSettings.yaml").render(yaml_data))
+
 args_parser = argparse.ArgumentParser()
 args_parser.add_argument('template_file', help='Jinja2 template file to render.')
 args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.')
 cli_args = args_parser.parse_args()

+# Merge the default config yaml with the json arguments given.
 render_vars = json.loads(cli_args.render_vars)
+settings_yaml.update(render_vars)
+
 environment = jinja2.Environment(
 	loader=jinja2.FileSystemLoader(os.getcwd()),
 	trim_blocks=True,
 )
-print(environment.get_template(cli_args.template_file).render(render_vars))
+print(environment.get_template(cli_args.template_file).render(settings_yaml))
--- a/hooks/README.md
+++ b/hooks/README.md
@ -1,20 +0,0 @@
-The hooks in this directory are used to create multi-arch images using Docker Hub automated builds.
-
-Docker Hub hooks provide these predefined [environment variables](https://docs.docker.com/docker-hub/builds/advanced/#environment-variables-for-building-and-testing):
-
-* `SOURCE_BRANCH`: the name of the branch or the tag that is currently being tested.
-* `SOURCE_COMMIT`: the SHA1 hash of the commit being tested.
-* `COMMIT_MSG`: the message from the commit being tested and built.
-* `DOCKER_REPO`: the name of the Docker repository being built.
-* `DOCKERFILE_PATH`: the dockerfile currently being built.
-* `DOCKER_TAG`: the Docker repository tag being built.
-* `IMAGE_NAME`: the name and tag of the Docker repository being built. (This variable is a combination of `DOCKER_REPO:DOCKER_TAG`.)
-
-The current multi-arch image build relies on the original vaultwarden Dockerfiles, which use cross-compilation for architectures other than `amd64`, and don't yet support all arch/distro combinations. However, cross-compilation is much faster than QEMU-based builds (e.g., using `docker buildx`). This situation may need to be revisited at some point.
-
-## References
-
-* https://docs.docker.com/docker-hub/builds/advanced/
-* https://docs.docker.com/engine/reference/commandline/manifest/
-* https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
-* https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api
--- a/hooks/arches.sh
+++ b/hooks/arches.sh
@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# The default Debian-based images support these arches for all database backends.
-arches=(
-    amd64
-    armv6
-    armv7
-    arm64
-)
-export arches
-
-if [[ "${DOCKER_TAG}" == *alpine ]]; then
-    distro_suffix=.alpine
-fi
-export distro_suffix
--- a/hooks/build
+++ b/hooks/build
@ -1,51 +0,0 @@
-#!/usr/bin/env bash
-
-echo ">>> Building images..."
-
-# shellcheck source=arches.sh
-source ./hooks/arches.sh
-
-if [[ -z "${SOURCE_COMMIT}" ]]; then
-    # This var is typically predefined by Docker Hub, but it won't be
-    # when testing locally.
-    SOURCE_COMMIT="$(git rev-parse HEAD)"
-fi
-
-# Construct a version string in the style of `build.rs`.
-GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)"
-if [[ -n "${GIT_EXACT_TAG}" ]]; then
-    SOURCE_VERSION="${GIT_EXACT_TAG}"
-else
-    GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
-    SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}"
-fi
-
-LABELS=(
-    # https://github.com/opencontainers/image-spec/blob/master/annotations.md
-    org.opencontainers.image.created="$(date --utc --iso-8601=seconds)"
-    org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki"
-    org.opencontainers.image.licenses="AGPL-3.0-only"
-    org.opencontainers.image.revision="${SOURCE_COMMIT}"
-    org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}"
-    org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden"
-    org.opencontainers.image.version="${SOURCE_VERSION}"
-)
-LABEL_ARGS=()
-for label in "${LABELS[@]}"; do
-    LABEL_ARGS+=(--label "${label}")
-done
-
-# Check if DOCKER_BUILDKIT is set, if so, use the Dockerfile.buildkit as template
-if [[ -n "${DOCKER_BUILDKIT}" ]]; then
-    buildkit_suffix=.buildkit
-fi
-
-set -ex
-
-for arch in "${arches[@]}"; do
-    docker build \
-           "${LABEL_ARGS[@]}" \
-           -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \
-           -f "docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix}" \
-           .
-done
--- a/hooks/pre_build
+++ b/hooks/pre_build
@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-set -ex
-
-# If requested, print some environment info for troubleshooting.
-if [[ -n "${DOCKER_HUB_DEBUG}" ]]; then
-    id
-    pwd
-    df -h
-    env
-    docker info
-    docker version
-fi
-
-# Install build dependencies.
-deps=(
-    jq
-)
-apt-get update
-apt-get install -y "${deps[@]}"
-
-# Docker Hub uses a shallow clone and doesn't fetch tags, which breaks some
-# Git operations that we perform later, so fetch the complete history and
-# tags first. Note that if the build is cached, the clone may have been
-# unshallowed already; if so, unshallowing will fail, so skip it.
-if [[ -f .git/shallow ]]; then
-    git fetch --unshallow --tags
-fi
--- a/hooks/push
+++ b/hooks/push
@ -1,111 +0,0 @@
-#!/usr/bin/env bash
-
-# shellcheck source=arches.sh
-source ./hooks/arches.sh
-
-export DOCKER_CLI_EXPERIMENTAL=enabled
-
-# Join a list of args with a single char.
-# Ref: https://stackoverflow.com/a/17841619
-join() { local IFS="$1"; shift; echo "$*"; }
-
-set -ex
-
-echo ">>> Starting local Docker registry when needed..."
-
-# Docker Buildx's `docker-container` driver is needed for multi-platform
-# builds, but it can't access existing images on the Docker host (like the
-# cross-compiled ones we just built). Those images first need to be pushed to
-# a registry -- Docker Hub could be used, but since it's not trivial to clean
-# up those intermediate images on Docker Hub, it's easier to just run a local
-# Docker registry, which gets cleaned up automatically once the build job ends.
-#
-# https://docs.docker.com/registry/deploying/
-# https://hub.docker.com/_/registry
-#
-# Use host networking so the buildx container can access the registry via
-# localhost.
-#
-# First check if there already is a registry container running, else skip it.
-# This will only happen either locally or running it via Github Actions
-#
-if ! timeout 5 bash -c 'cat < /dev/null > /dev/tcp/localhost/5000'; then
-    # defaults to port 5000
-    docker run -d --name registry --network host registry:2
-fi
-
-# Docker Hub sets a `DOCKER_REPO` env var with the format `index.docker.io/user/repo`.
-# Strip the registry portion to construct a local repo path for use in `Dockerfile.buildx`.
-LOCAL_REGISTRY="localhost:5000"
-REPO="${DOCKER_REPO#*/}"
-LOCAL_REPO="${LOCAL_REGISTRY}/${REPO}"
-
-echo ">>> Pushing images to local registry..."
-
-for arch in "${arches[@]}"; do
-    docker_image="${DOCKER_REPO}:${DOCKER_TAG}-${arch}"
-    local_image="${LOCAL_REPO}:${DOCKER_TAG}-${arch}"
-    docker tag "${docker_image}" "${local_image}"
-    docker push "${local_image}"
-done
-
-echo ">>> Setting up Docker Buildx..."
-
-# Same as earlier, use host networking so the buildx container can access the
-# registry via localhost.
-#
-# Ref: https://github.com/docker/buildx/issues/94#issuecomment-534367714
-#
-# Check if there already is a builder running, else skip this and use the existing.
-# This will only happen either locally or running it via Github Actions
-#
-if ! docker buildx inspect builder > /dev/null 2>&1 ; then
-    docker buildx create --name builder --use --driver-opt network=host
-fi
-
-echo ">>> Running Docker Buildx..."
-
-tags=("${DOCKER_REPO}:${DOCKER_TAG}")
-
-# If the Docker tag starts with a version number, assume the latest release
-# is being pushed. Add an extra tag (`latest` or `alpine`, as appropriate)
-# to make it easier for users to track the latest release.
-if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
-    if [[ "${DOCKER_TAG}" == *alpine ]]; then
-        tags+=("${DOCKER_REPO}:alpine")
-    else
-        tags+=("${DOCKER_REPO}:latest")
-    fi
-fi
-
-tag_args=()
-for tag in "${tags[@]}"; do
-    tag_args+=(--tag "${tag}")
-done
-
-# Docker Buildx takes a list of target platforms (OS/arch/variant), so map
-# the arch list to a platform list (assuming the OS is always `linux`).
-declare -A arch_to_platform=(
-    [amd64]="linux/amd64"
-    [armv6]="linux/arm/v6"
-    [armv7]="linux/arm/v7"
-    [arm64]="linux/arm64"
-)
-platforms=()
-for arch in "${arches[@]}"; do
-    platforms+=("${arch_to_platform[$arch]}")
-done
-platform="$(join "," "${platforms[@]}")"
-
-# Run the build, pushing the resulting images and multi-arch manifest list to
-# Docker Hub. The Dockerfile is read from stdin to avoid sending any build
-# context, which isn't needed here since the actual cross-compiled images
-# have already been built.
-docker buildx build \
-       --network host \
-       --build-arg LOCAL_REPO="${LOCAL_REPO}" \
-       --build-arg DOCKER_TAG="${DOCKER_TAG}" \
-       --platform "${platform}" \
-       "${tag_args[@]}" \
-       --push \
-       - < ./docker/Dockerfile.buildx
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@ -1,4 +1,4 @@
 [toolchain]
-channel = "1.72.0"
+channel = "1.72.1"
 components = [ "rustfmt", "clippy" ]
 profile = "minimal"