Add vaultwarden
This commit is contained in:
parent
24efc8f687
commit
d7c83a4d55
6 changed files with 114 additions and 0 deletions
|
|
@ -12,3 +12,6 @@ acme:
|
||||||
# Other
|
# Other
|
||||||
protonmail:
|
protonmail:
|
||||||
initialized: false
|
initialized: false
|
||||||
|
|
||||||
|
vaultwarden:
|
||||||
|
admin_token: token
|
||||||
|
|
@ -9,6 +9,7 @@
|
||||||
- { role: whoami, tags: ["whoami"] }
|
- { role: whoami, tags: ["whoami"] }
|
||||||
- { role: protonmail, tags: ["protonmail"] }
|
- { role: protonmail, tags: ["protonmail"] }
|
||||||
- { role: cloud, tags: ["cloud"] }
|
- { role: cloud, tags: ["cloud"] }
|
||||||
|
- { role: vaultwarden, tags: ["vaultwarden"] }
|
||||||
- { role: home_assistant, tags: ["home_assistant"] }
|
- { role: home_assistant, tags: ["home_assistant"] }
|
||||||
- { role: n8n, tags: ["n8n"] }
|
- { role: n8n, tags: ["n8n"] }
|
||||||
- { role: matrix, tags: ["matrix"] }
|
- { role: matrix, tags: ["matrix"] }
|
||||||
|
|
|
||||||
46
roles/vaultwarden/tasks/base.yml
Normal file
46
roles/vaultwarden/tasks/base.yml
Normal file
|
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Check vaultwarden directory exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: vaultwarden
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy template conf
|
||||||
|
ansible.builtin.template:
|
||||||
|
backup: true
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "vaultwarden/{{ item.dest }}"
|
||||||
|
loop:
|
||||||
|
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
|
||||||
|
register: vaultwarden_copy_templates_results
|
||||||
|
|
||||||
|
- name: Copy dotenv as root
|
||||||
|
ansible.builtin.template:
|
||||||
|
backup: true
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
src: ".env.j2"
|
||||||
|
dest: "vaultwarden/.env"
|
||||||
|
mode: 0600
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Prepare volume folder
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0700
|
||||||
|
loop:
|
||||||
|
- "{{ server.work_dir }}/vaultwarden"
|
||||||
|
- "{{ server.work_dir }}/vaultwarden/base"
|
||||||
|
- "{{ server.work_dir }}/vaultwarden/db"
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Update and restart container
|
||||||
|
community.docker.docker_compose:
|
||||||
|
project_src: vaultwarden
|
||||||
|
state: present
|
||||||
|
pull: true
|
||||||
|
restarted: "{{ vaultwarden_copy_templates_results.changed }}"
|
||||||
|
become: true
|
||||||
4
roles/vaultwarden/tasks/main.yml
Normal file
4
roles/vaultwarden/tasks/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- ansible.builtin.import_tasks: base.yml
|
||||||
|
name: base
|
||||||
7
roles/vaultwarden/templates/.env.j2
Normal file
7
roles/vaultwarden/templates/.env.j2
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
WEBSOCKET_ENABLED=true
|
||||||
|
SIGNUPS_ALLOWED=false
|
||||||
|
ADMIN_TOKEN={{ vaultwarden.admin_token }}
|
||||||
|
POSTGRES_PASSWORD=vaultwarden
|
||||||
|
POSTGRES_DB=vaultwarden
|
||||||
|
POSTGRES_USER=vaultwarden
|
||||||
|
DATABASE_URL=postgresql://vaultwarden:vaultwarden@db/vaultwarden
|
||||||
53
roles/vaultwarden/templates/docker-compose.yml.j2
Normal file
53
roles/vaultwarden/templates/docker-compose.yml.j2
Normal file
|
|
@ -0,0 +1,53 @@
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:latest
|
||||||
|
restart: always
|
||||||
|
container_name: db
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
volumes:
|
||||||
|
- {{ server.work_dir }}/vaultwarden/db:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
vaultwarden:
|
||||||
|
image: vaultwarden/server:latest
|
||||||
|
restart: always
|
||||||
|
container_name: vaultwarden
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- internal
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
volumes:
|
||||||
|
- {{ server.work_dir }}/vaultwarden/base:/data
|
||||||
|
labels:
|
||||||
|
- traefik.enable=true
|
||||||
|
- traefik.docker.network=proxy
|
||||||
|
- traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
|
||||||
|
- traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
|
||||||
|
- traefik.http.routers.bitwarden-ui-https.rule=Host(`pwds.{{ server.domain }}`)
|
||||||
|
- traefik.http.routers.bitwarden-ui-https.entrypoints=https
|
||||||
|
- traefik.http.routers.bitwarden-ui-https.tls=true
|
||||||
|
- traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui
|
||||||
|
- traefik.http.routers.bitwarden-ui-http.rule=Host(`pwds.{{ server.domain }}`)
|
||||||
|
- traefik.http.routers.bitwarden-ui-http.entrypoints=http
|
||||||
|
- traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
|
||||||
|
- traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui
|
||||||
|
- traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
|
||||||
|
- traefik.http.routers.bitwarden-websocket-https.rule=Host(`pwds.{{ server.domain }}`) && Path(`/notifications/hub`)
|
||||||
|
- traefik.http.routers.bitwarden-websocket-https.entrypoints=https
|
||||||
|
- traefik.http.routers.bitwarden-websocket-https.tls=true
|
||||||
|
- traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
|
||||||
|
- traefik.http.routers.bitwarden-websocket-http.rule=Host(`pwds.{{ server.domain }}`) && Path(`/notifications/hub`)
|
||||||
|
- traefik.http.routers.bitwarden-websocket-http.entrypoints=http
|
||||||
|
- traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https
|
||||||
|
- traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
|
||||||
|
- traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
|
||||||
|
|
||||||
|
networks:
|
||||||
|
internal:
|
||||||
|
proxy:
|
||||||
|
external: true
|
||||||
Loading…
Reference in a new issue