finallycoffee/services
finallycoffee/services
6
1
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: finallycoffee:fadea9d84ff92db55aec2b311d96640708f83906
Branches Tags
finallycoffee:main
finallycoffee:transcaffeine/snipe-it-8.1.0
finallycoffee:transcaffeine/phpldapadmin
finallycoffee:transcaffeine/authelia-refactor
finallycoffee:transcaffeine/snipe-it
finallycoffee:transcaffeine/vaultwarden
finallycoffee:transcaffeine/hedgedoc
finallycoffee:transcaffeine/restic-unlock-on-boot
finallycoffee:0.1.15
finallycoffee:0.1.14
finallycoffee:0.1.13
finallycoffee:0.1.12
finallycoffee:0.1.11
finallycoffee:0.1.10
finallycoffee:0.1.9
finallycoffee:0.1.8
finallycoffee:0.1.7
finallycoffee:0.1.6
finallycoffee:0.1.5
finallycoffee:0.1.4
finallycoffee:0.1.3
finallycoffee:0.1.2
finallycoffee:0.1.1
finallycoffee:0.1.0
..
compare: finallycoffee:a62a3304a82c1a0814911950565ca81be39cfa13
Branches Tags
finallycoffee:main
finallycoffee:transcaffeine/snipe-it-8.1.0
finallycoffee:transcaffeine/phpldapadmin
finallycoffee:transcaffeine/authelia-refactor
finallycoffee:transcaffeine/snipe-it
finallycoffee:transcaffeine/vaultwarden
finallycoffee:transcaffeine/hedgedoc
finallycoffee:transcaffeine/restic-unlock-on-boot
finallycoffee:0.1.15
finallycoffee:0.1.14
finallycoffee:0.1.13
finallycoffee:0.1.12
finallycoffee:0.1.11
finallycoffee:0.1.10
finallycoffee:0.1.9
finallycoffee:0.1.8
finallycoffee:0.1.7
finallycoffee:0.1.6
finallycoffee:0.1.5
finallycoffee:0.1.4
finallycoffee:0.1.3
finallycoffee:0.1.2
finallycoffee:0.1.1
finallycoffee:0.1.0

1 Commits
fadea9d84f ... a62a3304a8

Author SHA1 Message Date
transcaffeine
a62a3304a8
feat(vaultwarden): add ansible role 2024-10-17 21:45:23 +02:00
7 changed files with 35 additions and 6 deletions
Show Stats Expand all files Collapse all files

3
README.md
View File

@ -26,6 +26,9 @@ concise area of concern.
- [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
installation using the upstream provided docker-compose setup.
- [`vaultwarden`](roles/vaultwarden/README.md): Deploy [vaultwarden](https://github.com/dani-garcia/vaultwarden/),
an open-source implementation of the Bitwarden Server (formerly Bitwarden\_RS).
- [`vouch_proxy`](roles/vouch_proxy/README.md): Deploys [vouch-proxy](https://github.com/vouch/vouch-proxy),
an authorization proxy for arbitrary webapps working with `nginx`s' `auth_request` module.

1
galaxy.yml
View File

@ -18,4 +18,5 @@ tags:
- gitea
- hedgedoc
- jellyfin
- vaultwarden
- docker

6
playbooks/vaultwarden.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Install and configure vaultwarden
hosts: "{{ vaultwarden_hosts | default('vaultwarden') }}"
become: "{{ vaultwarden_become | default(true, false) }}"
roles:
- role: finallycoffee.services.vaultwarden

7
roles/vaultwarden/defaults/main/config.yml
View File

@ -39,6 +39,10 @@ vaultwarden_config_disable_2fa_remember: false
vaultwarden_config_disable_admin_token: true
vaultwarden_config_require_device_email: false
vaultwarden_config_authenticator_disable_time_drift: true
# Other
vaultwarden_config_log_timestamp_format: "%Y-%m-%d %H:%M:%S.%3f"
vaultwarden_config_ip_header: "X-Real-IP"
vaultwarden_config_reload_templates: false
vaultwarden_base_config:
domain: "{{ vaultwarden_config_domain }}"
@ -60,6 +64,9 @@ vaultwarden_base_config:
disable_admin_token: "{{ vaultwarden_config_disable_admin_token }}"
require_device_email: "{{ vaultwarden_config_require_device_email }}"
authenticator_disable_time_drift: "{{ vaultwarden_config_authenticator_disable_time_drift }}"
ip_header: "{{ vaultwarden_config_ip_header }}"
log_timestamp_format: "{{ vaultwarden_config_log_timestamp_format }}"
reload_templates: "{{ vaultwarden_config_reload_templates }}"
sends_allowed: "{{ vaultwarden_config_sends_allowed }}"
_enable_yubico: "{{ vaultwarden_config_enable_yubico }}"
_enable_duo: "{{ vaultwarden_config_enable_duo }}"

6
roles/vaultwarden/defaults/main/container.yml
View File

@ -18,14 +18,14 @@ vaultwarden_container_image: >-2
+ (vaultwarden_container_image_tag | default(
vaultwarden_version + (
((vaultwarden_container_image_flavour is string)
and (hedgedoc_container_image_flavour | length > 0))
and (vaultwarden_container_image_flavour | length > 0))
| ternary(
'-' + hedgedoc_container_image_flavour | default('', true),
'-' + vaultwarden_container_image_flavour | default('', true),
''
)
),
true
)
))
}}
vaultwarden_container_name: vaultwarden

12
roles/vaultwarden/meta/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: vaultwarden
description: >-2
Deploy vaultwarden, a bitwarden-compatible server backend
galaxy_tags:
- vaultwarden
- bitwarden
- passwordstore
- docker

6
roles/vaultwarden/tasks/main.yml
View File

@ -26,7 +26,7 @@
- name: Ensure required variables are given
ansible.builtin.fail:
msg: "Required variable '{{ var.name }}' is undefined!"
loop: "{{ vaultwarden_optionally_required_variables }}"
loop: "{{ vaultwarden_conditionally_required_variables }}"
loop_control:
loop_var: var
label: "{{ var.name }}"
@ -52,13 +52,13 @@
- name: Ensure base paths are {{ vaultwarden_state }}
ansible.builtin.file:
path: "{{ mount.path }}"
state: "{{ (vaultwarden_state == 'present' | ternary('directory', 'absent') }}"
state: "{{ (vaultwarden_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ mount.owner | default(vaultwarden_run_user_id) }}"
group: "{{ mount.group | default(vaultwarden_run_group_id) }}"
mode: "{{ mount.mode | default('0755', true) }}"
loop:
- path: "{{ vaultwarden_config_directory }}"
- path: "{[ vaultwarden_data_directory }}"
- path: "{{ vaultwarden_data_directory }}"
loop_control:
loop_var: mount
label: "{{ mount.path }}"