feat(vaultwarden): add ansible role

2024-10-17 21:45:23 +02:00
6 changed files with 22 additions and 31 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# `finallycoffee.services` ansible collection
+# `finallycoffee.service` ansible collection

 ## Overview

--- a/galaxy.yml
+++ b/galaxy.yml
@ -1,6 +1,6 @@
 namespace: finallycoffee
 name: services
-version: 0.1.6
+version: 0.1.5
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
--- a/roles/hedgedoc/tasks/check.yml
+++ b/roles/hedgedoc/tasks/check.yml
@ -15,7 +15,7 @@
  when: hedgedoc_deployment_method not in hedgedoc_deployment_methods

 - name: Ensure required variables are given
-  ansible.builtin.fail:
+  ansible.builtin.file:
    msg: "Required variable '{{ item }}' is undefined!"
  loop: "{{ hedgedoc_required_arguments }}"
  when: >-2
--- a/roles/vaultwarden/README.md
+++ b/roles/vaultwarden/README.md
@ -1,12 +1,5 @@
 # `finallycoffee.services.vaultwarden` ansible role

-Vaultwarden is an unofficial (not associated with Bitwarden) bitwarden API compatible
-server backend, formally called `bitwarden_rs`, written in rust.
-
-This ansible role can deploy and configure `vaultwarden`, and supports removing
-itself using `vaultwarden_state: absent` (Warning: It does not ask for confirmation,
-and will remove all user data when instructed to remove it).
-
 ## Configuration

 To use this role, the following variables need to be populated:
@ -14,14 +7,9 @@ To use this role, the following variables need to be populated:
 - `vaultwarden_config_domain` - always. Changing this will lead to two-factor not working for two-factor methods registered in the past.
 - `vaultwarden_config_admin_token` - if `vaultwarden_config_disable_admin_token` is `false`.

-Setting other configuration values for vaultwarden can be done using role-provided flattened keys in the
-`vaultwarden_config_*` namespace (see [`defaults/main/config.yml`](defaults/main/config.yml) for available variables),
-or by setting the configuration directly in the same structure as the `config.json` would be in `vaultwarden_config`.
-
 ### Email

-Configure mailing by first enabling SMTP using `vaultwarden_config_enable_smtp: true`,
-then configure your email server like this:
+Configure mailing by first enabling SMTP using `vaultwarden_config_enable_smtp: true`, then configure your email server like this:
 ```yaml
 vaultwarden_config:
  smtp_host: "mail.example.com"
@ -36,8 +24,7 @@ vaultwarden_config:

 ### 2FA via email

-To enable email-based two-factor-authentication, set `vaultwarden_config_enable_email_2fa: true`
-and optionally set the following configuration:
+To enable email-based two-factor-authentication, set `vaultwarden_config_enable_email_2fa: true` and optionally set the following configuration:
 ```yaml
 vaultwarden_config:
  email_token_size: 8
@ -45,10 +32,3 @@ vaultwarden_config:
  email_attempts_limit: 3
 ```

-### Feature flags
-
-To enable more authentication methods, toggles are provided in
-[`vaultwarden_config_enable_*`](defaults/main/config.yml#L18).
-It is genereally recommended to simply keep unused methods off.
-
-Per default, 'Sends' are allowed.
--- a/roles/vaultwarden/defaults/main/config.yml
+++ b/roles/vaultwarden/defaults/main/config.yml
@ -7,13 +7,24 @@ vaultwarden_config_invitations_allowed: false
 vaultwarden_config_invitation_org_name: ~
 vaultwarden_config_signups_allowed: false
 vaultwarden_config_signups_verify: true
-vaultwarden_config_signups_verify_resend_time: 3600
-vaultwarden_config_signups_verify_resend_limit: 5
+vaultwarden_config_signups_verify_resend_time: >-2
+  {{ vaultwarden_config_signups_verify_resend_time_seconds }}
+vaultwarden_config_signups_verify_resend_time_seconds: 3600
+vaultwarden_config_signups_verify_resend_limit: >-2
+  {{ vaultwarden_config_signups_verify_resend_limit_count }}
+vaultwarden_config_signups_verify_resend_limit_count: 5
 # Entry preview icons
 vaultwarden_config_disable_icon_download: true
-vaultwarden_config_icon_cache_ttl: 604800 # 7 days
-vaultwarden_config_icon_cache_negttl: 259200 # 3 days
-vaultwarden_config_icon_download_timeout: 30 # seconds
+vaultwarden_config_icon_cache_ttl: >-2
+  {{ vaultwarden_config_icon_cache_ttl_seconds }}
+vaultwarden_config_icon_cache_ttl_seconds: "{{ (60 * 60 * 24 * 7) | int }}"
+vaultwarden_config_icon_cache_negttl: >-2
+  {{ vaultwarden_config_icon_cache_negttl_seconds }}
+vaultwarden_config_icon_cache_negttl_seconds: >-2
+  {{ (60 * 60 * 24 * 3) | int }}
+vaultwarden_config_icon_download_timeout: >-2
+  {{ vaultwarden_config_icon_download_timeout_seconds }}
+vaultwarden_config_icon_download_timeout_seconds: 30
 vaultwarden_config_icon_blacklist_non_global_ips: true
 # Features
 vaultwarden_config_sends_allowed: true
--- a/roles/vaultwarden/tasks/main.yml
+++ b/roles/vaultwarden/tasks/main.yml
@ -47,7 +47,7 @@
        (vaultwarden_user_groups | default([], true) | length > 0),
        true,
      ) }}
-  register: vaultwarden_user_info
+  register: ansible_user_info

 - name: Ensure base paths are {{ vaultwarden_state }}
  ansible.builtin.file: