feat(playbooks/vaultwarden): add playbook
This commit is contained in:
@@ -44,6 +44,7 @@ concise area of concern.
|
|||||||
|
|
||||||
- [`hedgedoc`](playbooks/hedgedoc.md)
|
- [`hedgedoc`](playbooks/hedgedoc.md)
|
||||||
- [`gitea`](playbooks/gitea.md)
|
- [`gitea`](playbooks/gitea.md)
|
||||||
|
- [`vaultwarden`](playbooks/vaultwarden.md)
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
|||||||
6
playbooks/vaultwarden.md
Normal file
6
playbooks/vaultwarden.md
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
# `finallycoffee.services.vaultwarden` ansible playbook
|
||||||
|
|
||||||
|
## Feature toggles
|
||||||
|
|
||||||
|
- `vaultwarden_configure_lego_rfc2136` (default `false`)
|
||||||
|
- `vaultwarden_configure_caddy_reverse_proxy` (default `false`)
|
||||||
@@ -1,6 +1,53 @@
|
|||||||
---
|
---
|
||||||
|
- import_playbook: finallycoffee.base.lego_certificate
|
||||||
|
when: vaultwarden_configure_lego_rfc2136 | default(false)
|
||||||
|
vars:
|
||||||
|
target_domains: "{{ vaultwarden_lego_cert_domains }}"
|
||||||
|
target_acme_zone: "{{ acme_domain }}"
|
||||||
|
target_acme_account_email: "{{ vaultwarden_lego_acme_account_email }}"
|
||||||
|
target_dns_server: "{{ dns_server }}"
|
||||||
|
target_dns_tsig_key: "{{ dns_tsig_keydata }}"
|
||||||
|
target_dns_additional_records: "{{ vaultwarden_dns_records }}"
|
||||||
|
target_hosts: >-2
|
||||||
|
{{ vaultwarden_lego_hosts | default(vaultwarden_hosts | default('vaultwarden')) }}
|
||||||
|
target_become: >-2
|
||||||
|
{{ vaultwarden_lego_become | default(vaultwarden_become | default(false)) }}
|
||||||
|
target_gather_facts: >-2
|
||||||
|
{{ vaultwarden_lego_gather_facts | default(false) }}
|
||||||
|
tags:
|
||||||
|
- vaultwarden
|
||||||
|
- vaultwarden-lego
|
||||||
|
|
||||||
- name: Install and configure vaultwarden
|
- name: Install and configure vaultwarden
|
||||||
hosts: "{{ vaultwarden_hosts | default('vaultwarden') }}"
|
hosts: "{{ vaultwarden_hosts | default('vaultwarden') }}"
|
||||||
become: "{{ vaultwarden_become | default(true, false) }}"
|
become: "{{ vaultwarden_become | default(false) }}"
|
||||||
|
gather_facts: "{{ vaultwarden_gather_facts | default(false) }}"
|
||||||
|
pre_tasks:
|
||||||
|
- name: Ensure host directories are created
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
loop:
|
||||||
|
- "{{ vaultwarden_base_dir }}"
|
||||||
|
- "{{ vaultwarden_config_dir }}"
|
||||||
|
when: vaultwarden_state == 'present'
|
||||||
roles:
|
roles:
|
||||||
- role: finallycoffee.services.vaultwarden
|
- role: finallycoffee.services.vaultwarden
|
||||||
|
tags:
|
||||||
|
- vaultwarden
|
||||||
|
|
||||||
|
- import_playbook: finallycoffee.base.caddy_reverse_proxy
|
||||||
|
when: vaultwarden_configure_caddy_reverse_proxy | default(false)
|
||||||
|
vars:
|
||||||
|
caddy_site_name: "{{ vaultwarden_domain }}"
|
||||||
|
caddy_reverse_proxy_backend_addr: "http://{{ vaultwarden_host_bind_ip }}"
|
||||||
|
target_hosts: >-2
|
||||||
|
{{ vaultwarden_caddy_hosts | default(vaultwarden_hosts | default('vaultwarden')) }}
|
||||||
|
target_become: >-2
|
||||||
|
{{ vaultwarden_caddy_become | default(vaultwarden_become | default(false)) }}
|
||||||
|
target_gather_facts: >-2
|
||||||
|
{{ vaultwarden_caddy_gather_facts | default(false) }}
|
||||||
|
tags:
|
||||||
|
- vaultwarden
|
||||||
|
- vaultwarden-caddy
|
||||||
|
|||||||
Reference in New Issue
Block a user