Add vaultwarden
This commit is contained in:
parent
24efc8f687
commit
d7c83a4d55
6 changed files with 114 additions and 0 deletions
|
|
@ -12,3 +12,6 @@ acme:
|
|||
# Other
|
||||
protonmail:
|
||||
initialized: false
|
||||
|
||||
vaultwarden:
|
||||
admin_token: token
|
||||
|
|
@ -9,6 +9,7 @@
|
|||
- { role: whoami, tags: ["whoami"] }
|
||||
- { role: protonmail, tags: ["protonmail"] }
|
||||
- { role: cloud, tags: ["cloud"] }
|
||||
- { role: vaultwarden, tags: ["vaultwarden"] }
|
||||
- { role: home_assistant, tags: ["home_assistant"] }
|
||||
- { role: n8n, tags: ["n8n"] }
|
||||
- { role: matrix, tags: ["matrix"] }
|
||||
|
|
|
|||
46
roles/vaultwarden/tasks/base.yml
Normal file
46
roles/vaultwarden/tasks/base.yml
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
|
||||
- name: Check vaultwarden directory exist
|
||||
ansible.builtin.file:
|
||||
path: vaultwarden
|
||||
state: directory
|
||||
|
||||
- name: Copy template conf
|
||||
ansible.builtin.template:
|
||||
backup: true
|
||||
src: "{{ item.src }}"
|
||||
dest: "vaultwarden/{{ item.dest }}"
|
||||
loop:
|
||||
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
|
||||
register: vaultwarden_copy_templates_results
|
||||
|
||||
- name: Copy dotenv as root
|
||||
ansible.builtin.template:
|
||||
backup: true
|
||||
owner: root
|
||||
group: root
|
||||
src: ".env.j2"
|
||||
dest: "vaultwarden/.env"
|
||||
mode: 0600
|
||||
become: true
|
||||
|
||||
- name: Prepare volume folder
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
loop:
|
||||
- "{{ server.work_dir }}/vaultwarden"
|
||||
- "{{ server.work_dir }}/vaultwarden/base"
|
||||
- "{{ server.work_dir }}/vaultwarden/db"
|
||||
become: true
|
||||
|
||||
- name: Update and restart container
|
||||
community.docker.docker_compose:
|
||||
project_src: vaultwarden
|
||||
state: present
|
||||
pull: true
|
||||
restarted: "{{ vaultwarden_copy_templates_results.changed }}"
|
||||
become: true
|
||||
4
roles/vaultwarden/tasks/main.yml
Normal file
4
roles/vaultwarden/tasks/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
- ansible.builtin.import_tasks: base.yml
|
||||
name: base
|
||||
7
roles/vaultwarden/templates/.env.j2
Normal file
7
roles/vaultwarden/templates/.env.j2
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
WEBSOCKET_ENABLED=true
|
||||
SIGNUPS_ALLOWED=false
|
||||
ADMIN_TOKEN={{ vaultwarden.admin_token }}
|
||||
POSTGRES_PASSWORD=vaultwarden
|
||||
POSTGRES_DB=vaultwarden
|
||||
POSTGRES_USER=vaultwarden
|
||||
DATABASE_URL=postgresql://vaultwarden:vaultwarden@db/vaultwarden
|
||||
53
roles/vaultwarden/templates/docker-compose.yml.j2
Normal file
53
roles/vaultwarden/templates/docker-compose.yml.j2
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:latest
|
||||
restart: always
|
||||
container_name: db
|
||||
networks:
|
||||
- internal
|
||||
env_file:
|
||||
- .env
|
||||
volumes:
|
||||
- {{ server.work_dir }}/vaultwarden/db:/var/lib/postgresql/data
|
||||
|
||||
vaultwarden:
|
||||
image: vaultwarden/server:latest
|
||||
restart: always
|
||||
container_name: vaultwarden
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
env_file:
|
||||
- .env
|
||||
volumes:
|
||||
- {{ server.work_dir }}/vaultwarden/base:/data
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=proxy
|
||||
- traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
|
||||
- traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
|
||||
- traefik.http.routers.bitwarden-ui-https.rule=Host(`pwds.{{ server.domain }}`)
|
||||
- traefik.http.routers.bitwarden-ui-https.entrypoints=https
|
||||
- traefik.http.routers.bitwarden-ui-https.tls=true
|
||||
- traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui
|
||||
- traefik.http.routers.bitwarden-ui-http.rule=Host(`pwds.{{ server.domain }}`)
|
||||
- traefik.http.routers.bitwarden-ui-http.entrypoints=http
|
||||
- traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
|
||||
- traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui
|
||||
- traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
|
||||
- traefik.http.routers.bitwarden-websocket-https.rule=Host(`pwds.{{ server.domain }}`) && Path(`/notifications/hub`)
|
||||
- traefik.http.routers.bitwarden-websocket-https.entrypoints=https
|
||||
- traefik.http.routers.bitwarden-websocket-https.tls=true
|
||||
- traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
|
||||
- traefik.http.routers.bitwarden-websocket-http.rule=Host(`pwds.{{ server.domain }}`) && Path(`/notifications/hub`)
|
||||
- traefik.http.routers.bitwarden-websocket-http.entrypoints=http
|
||||
- traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https
|
||||
- traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
|
||||
- traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
|
||||
|
||||
networks:
|
||||
internal:
|
||||
proxy:
|
||||
external: true
|
||||
Loading…
Reference in a new issue