meta: bump version to 0.1.6

docs: fix typo
feat(vaultwarden): add ansible role
2024-10-22 20:42:24 +02:00 · 2024-10-19 17:33:13 +02:00 · 2024-10-19 17:26:50 +02:00 · 2024-10-19 17:13:24 +02:00
6 changed files with 31 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# `finallycoffee.service` ansible collection
+# `finallycoffee.services` ansible collection

 ## Overview

--- a/galaxy.yml
+++ b/galaxy.yml
@ -1,6 +1,6 @@
 namespace: finallycoffee
 name: services
-version: 0.1.5
+version: 0.1.6
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
--- a/roles/hedgedoc/tasks/check.yml
+++ b/roles/hedgedoc/tasks/check.yml
@ -15,7 +15,7 @@
  when: hedgedoc_deployment_method not in hedgedoc_deployment_methods

 - name: Ensure required variables are given
-  ansible.builtin.file:
+  ansible.builtin.fail:
    msg: "Required variable '{{ item }}' is undefined!"
  loop: "{{ hedgedoc_required_arguments }}"
  when: >-2
--- a/roles/vaultwarden/README.md
+++ b/roles/vaultwarden/README.md
@ -1,5 +1,12 @@
 # `finallycoffee.services.vaultwarden` ansible role

+Vaultwarden is an unofficial (not associated with Bitwarden) bitwarden API compatible
+server backend, formally called `bitwarden_rs`, written in rust.
+
+This ansible role can deploy and configure `vaultwarden`, and supports removing
+itself using `vaultwarden_state: absent` (Warning: It does not ask for confirmation,
+and will remove all user data when instructed to remove it).
+
 ## Configuration

 To use this role, the following variables need to be populated:
@ -7,9 +14,14 @@ To use this role, the following variables need to be populated:
 - `vaultwarden_config_domain` - always. Changing this will lead to two-factor not working for two-factor methods registered in the past.
 - `vaultwarden_config_admin_token` - if `vaultwarden_config_disable_admin_token` is `false`.

+Setting other configuration values for vaultwarden can be done using role-provided flattened keys in the
+`vaultwarden_config_*` namespace (see [`defaults/main/config.yml`](defaults/main/config.yml) for available variables),
+or by setting the configuration directly in the same structure as the `config.json` would be in `vaultwarden_config`.
+
 ### Email

-Configure mailing by first enabling SMTP using `vaultwarden_config_enable_smtp: true`, then configure your email server like this:
+Configure mailing by first enabling SMTP using `vaultwarden_config_enable_smtp: true`,
+then configure your email server like this:
 ```yaml
 vaultwarden_config:
  smtp_host: "mail.example.com"
@ -24,7 +36,8 @@ vaultwarden_config:

 ### 2FA via email

-To enable email-based two-factor-authentication, set `vaultwarden_config_enable_email_2fa: true` and optionally set the following configuration:
+To enable email-based two-factor-authentication, set `vaultwarden_config_enable_email_2fa: true`
+and optionally set the following configuration:
 ```yaml
 vaultwarden_config:
  email_token_size: 8
@ -32,3 +45,10 @@ vaultwarden_config:
  email_attempts_limit: 3
 ```

+### Feature flags
+
+To enable more authentication methods, toggles are provided in
+[`vaultwarden_config_enable_*`](defaults/main/config.yml#L18).
+It is genereally recommended to simply keep unused methods off.
+
+Per default, 'Sends' are allowed.
--- a/roles/vaultwarden/defaults/main/config.yml
+++ b/roles/vaultwarden/defaults/main/config.yml
@ -7,24 +7,13 @@ vaultwarden_config_invitations_allowed: false
 vaultwarden_config_invitation_org_name: ~
 vaultwarden_config_signups_allowed: false
 vaultwarden_config_signups_verify: true
-vaultwarden_config_signups_verify_resend_time: >-2
-  {{ vaultwarden_config_signups_verify_resend_time_seconds }}
-vaultwarden_config_signups_verify_resend_time_seconds: 3600
-vaultwarden_config_signups_verify_resend_limit: >-2
-  {{ vaultwarden_config_signups_verify_resend_limit_count }}
-vaultwarden_config_signups_verify_resend_limit_count: 5
+vaultwarden_config_signups_verify_resend_time: 3600
+vaultwarden_config_signups_verify_resend_limit: 5
 # Entry preview icons
 vaultwarden_config_disable_icon_download: true
-vaultwarden_config_icon_cache_ttl: >-2
-  {{ vaultwarden_config_icon_cache_ttl_seconds }}
-vaultwarden_config_icon_cache_ttl_seconds: "{{ (60 * 60 * 24 * 7) | int }}"
-vaultwarden_config_icon_cache_negttl: >-2
-  {{ vaultwarden_config_icon_cache_negttl_seconds }}
-vaultwarden_config_icon_cache_negttl_seconds: >-2
-  {{ (60 * 60 * 24 * 3) | int }}
-vaultwarden_config_icon_download_timeout: >-2
-  {{ vaultwarden_config_icon_download_timeout_seconds }}
-vaultwarden_config_icon_download_timeout_seconds: 30
+vaultwarden_config_icon_cache_ttl: 604800 # 7 days
+vaultwarden_config_icon_cache_negttl: 259200 # 3 days
+vaultwarden_config_icon_download_timeout: 30 # seconds
 vaultwarden_config_icon_blacklist_non_global_ips: true
 # Features
 vaultwarden_config_sends_allowed: true
--- a/roles/vaultwarden/tasks/main.yml
+++ b/roles/vaultwarden/tasks/main.yml
@ -47,7 +47,7 @@
        (vaultwarden_user_groups | default([], true) | length > 0),
        true,
      ) }}
-  register: ansible_user_info
+  register: vaultwarden_user_info

 - name: Ensure base paths are {{ vaultwarden_state }}
  ansible.builtin.file:
Author	SHA1	Message	Date
transcaffeine	98c60a73c6	meta: bump version to 0.1.6	2024-10-22 20:42:24 +02:00
transcaffeine	5ac019bace	docs: fix typo	2024-10-19 17:33:13 +02:00
transcaffeine	43fd798712	feat(vaultwarden): add ansible role	2024-10-19 17:26:50 +02:00
transcaffeine	88dc6377ce	fix(hedgedoc): incorrect module used	2024-10-19 17:13:24 +02:00