feat(vaultwarden): add ansible role

README.md

@@ -26,6 +26,9 @@ concise area of concern.
 - [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
   installation using the upstream provided docker-compose setup.
 
+- [`vaultwarden`](roles/vaultwarden/README.md): Deploy [vaultwarden](https://github.com/dani-garcia/vaultwarden/),
+  an open-source implementation of the Bitwarden Server (formerly Bitwarden\_RS).
+
 - [`vouch_proxy`](roles/vouch_proxy/README.md): Deploys [vouch-proxy](https://github.com/vouch/vouch-proxy),
   an authorization proxy for arbitrary webapps working with `nginx`s' `auth_request` module.
 

galaxy.yml

@@ -18,4 +18,5 @@ tags:
   - gitea
   - hedgedoc
   - jellyfin
+  - vaultwarden
   - docker

playbooks/vaultwarden.yml

@@ -0,0 +1,6 @@
+---
+- name: Install and configure vaultwarden
+  hosts: "{{ vaultwarden_hosts | default('vaultwarden') }}"
+  become: "{{ vaultwarden_become | default(true, false) }}"
+  roles:
+    - role: finallycoffee.services.vaultwarden

roles/vaultwarden/defaults/main/config.yml

@@ -39,6 +39,10 @@ vaultwarden_config_disable_2fa_remember: false
 vaultwarden_config_disable_admin_token: true
 vaultwarden_config_require_device_email: false
 vaultwarden_config_authenticator_disable_time_drift: true
+# Other
+vaultwarden_config_log_timestamp_format: "%Y-%m-%d %H:%M:%S.%3f"
+vaultwarden_config_ip_header: "X-Real-IP"
+vaultwarden_config_reload_templates: false
 
 vaultwarden_base_config:
   domain: "{{ vaultwarden_config_domain }}"
@@ -60,6 +64,9 @@ vaultwarden_base_config:
   disable_admin_token: "{{ vaultwarden_config_disable_admin_token }}"
   require_device_email: "{{ vaultwarden_config_require_device_email }}"
   authenticator_disable_time_drift: "{{ vaultwarden_config_authenticator_disable_time_drift }}"
+  ip_header: "{{ vaultwarden_config_ip_header }}"
+  log_timestamp_format: "{{ vaultwarden_config_log_timestamp_format }}"
+  reload_templates: "{{ vaultwarden_config_reload_templates }}"
   sends_allowed: "{{ vaultwarden_config_sends_allowed }}"
   _enable_yubico: "{{ vaultwarden_config_enable_yubico }}"
   _enable_duo: "{{ vaultwarden_config_enable_duo }}"

roles/vaultwarden/defaults/main/container.yml

@@ -18,14 +18,14 @@ vaultwarden_container_image: >-2
     + (vaultwarden_container_image_tag | default(
         vaultwarden_version + (
           ((vaultwarden_container_image_flavour is string)
-            and (hedgedoc_container_image_flavour | length > 0))
+            and (vaultwarden_container_image_flavour | length > 0))
           | ternary(
-            '-' + hedgedoc_container_image_flavour | default('', true),
+            '-' + vaultwarden_container_image_flavour | default('', true),
             ''
           )
         ),
         true
-    )
+    ))
   }}
 
 vaultwarden_container_name: vaultwarden

roles/vaultwarden/meta/main.yml

@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: vaultwarden
+  description: >-2
+    Deploy vaultwarden, a bitwarden-compatible server backend
+  galaxy_tags:
+    - vaultwarden
+    - bitwarden
+    - passwordstore
+    - docker

roles/vaultwarden/tasks/main.yml

@@ -26,7 +26,7 @@
 - name: Ensure required variables are given
   ansible.builtin.fail:
     msg: "Required variable '{{ var.name }}' is undefined!"
-  loop: "{{ vaultwarden_optionally_required_variables }}"
+  loop: "{{ vaultwarden_conditionally_required_variables }}"
   loop_control:
     loop_var: var
     label: "{{ var.name }}"
@@ -52,13 +52,13 @@
 - name: Ensure base paths are {{ vaultwarden_state }}
   ansible.builtin.file:
     path: "{{ mount.path }}"
-    state: "{{ (vaultwarden_state == 'present' | ternary('directory', 'absent') }}"
+    state: "{{ (vaultwarden_state == 'present') | ternary('directory', 'absent') }}"
     owner: "{{ mount.owner | default(vaultwarden_run_user_id) }}"
     group: "{{ mount.group | default(vaultwarden_run_group_id) }}"
     mode: "{{ mount.mode | default('0755', true) }}"
   loop:
     - path: "{{ vaultwarden_config_directory }}"
-    - path: "{[ vaultwarden_data_directory }}"
+    - path: "{{ vaultwarden_data_directory }}"
   loop_control:
     loop_var: mount
     label: "{{ mount.path }}"