update(vaultwarden): bump version to 1.32.7

Migrate role from `entropia.sso` collection

README.md

@@ -23,9 +23,15 @@ concise area of concern.
 - [`jellyfin`](roles/jellyfin/README.md): Deploy [jellyfin.org](https://jellyfin.org),
   the free software media system for streaming stored media to any device.
 
+- [`keycloak`](roles/keycloak/README.md): Deploy [keycloak](https://www.keycloak.org/),
+  the open source identity and access management solution.
+
 - [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
   installation using the upstream provided docker-compose setup.
 
+- [`snipe_it`](roles/snipe_it/README.md): Deploys [Snipe-IT](https://snipeitapp.com/),
+  the free and open-source IT asset (and license) management with a powerful REST API
+
 - [`vaultwarden`](roles/vaultwarden/README.md): Deploy [vaultwarden](https://github.com/dani-garcia/vaultwarden/),
   an open-source implementation of the Bitwarden Server (formerly Bitwarden\_RS).
 

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: finallycoffee
 name: services
-version: 0.1.5
+version: 0.1.10
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
@@ -19,4 +19,5 @@ tags:
   - hedgedoc
   - jellyfin
   - vaultwarden
+  - snipeit
   - docker

playbooks/snipe_it.yml

@@ -0,0 +1,6 @@
+---
+- name: Install and configure Snipe-IT
+  hosts: "{{ snipe_it_hosts | default('snipe_it') }}"
+  become: "{{ snipe_it_become | default(true, false) }}"
+  roles:
+    - role: finallycoffee.services.snipe_it

roles/authelia/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-authelia_version: "4.38.16"
+authelia_version: "4.38.17"
 authelia_user: authelia
 authelia_base_dir: /opt/authelia
 authelia_domain: authelia.example.org

roles/authelia/handlers/main.yml

@@ -4,5 +4,7 @@
   docker_container:
     name: "{{ authelia_container_name }}"
     state: started
-    restart: yes
+    restart: true
+    comparisons:
+      '*': ignore
   listen: restart-authelia

roles/authelia/vars/main.yml

@@ -170,7 +170,12 @@ authelia_config_access_control:
   default_policy: "{{ authelia_config_access_control_default_policy }}"
   networks: "{{ authelia_config_access_control_networks }}"
   rules: "{{ authelia_config_access_control_rules }}"
-authelia_config_session:
+authelia_config_session: >-2
+  {{ authelia_config_session_base
+    | combine(({'redis': authelia_config_session_redis}
+      if authelia_config_session_redis_host else {}), recursive=true)
+  }}
+authelia_config_session_base:
   name: "{{ authelia_config_session_name }}"
   domain: "{{ authelia_config_session_domain }}"
   same_site: "{{ authelia_config_session_same_site }}"

roles/ghost/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 ghost_domain: ~
-ghost_version: "5.96.0"
+ghost_version: "5.103.0"
 ghost_user: ghost
 ghost_user_group: ghost
 ghost_base_path: /opt/ghost

roles/gitea/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-gitea_version: "1.22.3"
+gitea_version: "1.22.4"
 gitea_user: git
 gitea_run_user: "{{ gitea_user }}"
 gitea_base_path: "/opt/gitea"

roles/jellyfin/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 jellyfin_user: jellyfin
-jellyfin_version: 10.9.11
+jellyfin_version: "10.10.3"
 jellyfin_state: present
 
 jellyfin_base_path: /opt/jellyfin

roles/keycloak/README.md

@@ -0,0 +1,16 @@
+# `finallycoffee.services.keycloak` ansible role
+
+Ansible role for deploying keycloak, currently only supports docker.
+
+Migrated from `entropia.sso.keycloak`.
+
+## Required variables
+
+- `keycloak_database_password` - password for the database user
+- `keycloak_config_hostname` - public domain of the keycloak server
+
+## Database configuration
+
+- `keycloak_database_hostname` - hostname of the database server, defaults to `localhost`
+- `keycloak_database_username` - username to use when connecting to the database server, defaults to `keycloak`
+- `keycloak_database_database` - name of the database to use, defaults to `keycloak`

roles/keycloak/defaults/main.yml

@@ -0,0 +1,51 @@
+---
+keycloak_version: 26.0.7
+keycloak_container_name: keycloak
+
+keycloak_container_image_upstream_registry: quay.io
+keycloak_container_image_upstream_namespace: keycloak
+keycloak_container_image_upstream_name: keycloak
+keycloak_container_image_upstream: >-2
+  {{
+    ([
+      keycloak_container_image_upstream_registry | default([]),
+      keycloak_container_image_upstream_namespace | default([]),
+      keycloak_container_image_upstream_name,
+    ] | flatten | join('/'))
+  }}
+keycloak_container_image_name: "keycloak:{{ keycloak_version }}-custom"
+
+keycloak_container_database_vendor: postgres
+keycloak_base_path: /opt/keycloak
+keycloak_container_build_directory: "{{ keycloak_base_path }}/build"
+keycloak_container_build_jar_directory: providers
+keycloak_container_build_flags: {}
+keycloak_provider_jars_directory: "{{ keycloak_base_path }}/providers"
+keycloak_build_provider_jars_directory: "{{ keycloak_container_build_directory }}/{{ keycloak_container_build_jar_directory }}"
+
+keycloak_database_hostname: localhost
+keycloak_database_port: 5432
+keycloak_database_username: keycloak
+keycloak_database_password: ~
+keycloak_database_database: keycloak
+
+keycloak_container_env: {}
+keycloak_container_labels: ~
+keycloak_container_volumes: ~
+keycloak_container_restart_policy: unless-stopped
+keycloak_container_command: >-2
+  start
+  --db-username {{ keycloak_database_username }}
+  --db-password {{ keycloak_database_password }}
+  --db-url jdbc:postgresql://{{ keycloak_database_hostname }}{{ keycloak_database_port | ternary(':' ~ keycloak_database_port, '') }}/{{ keycloak_database_database }}
+  {{ keycloak_container_extra_start_flags | default([]) | join(' ') }}
+  --proxy-headers=xforwarded
+  --hostname {{ keycloak_config_hostname }}
+  --optimized
+
+keycloak_config_health_enabled: true
+keycloak_config_metrics_enabled: true
+
+keycloak_config_hostname: localhost
+keycloak_config_admin_username: admin
+keycloak_config_admin_password: ~

roles/keycloak/meta/main.yml

@@ -0,0 +1,13 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: keycloak
+  description: Deploy keycloak, the opensource identity and access management solution
+  galaxy_tags:
+    - keycloak
+    - sso
+    - oidc
+    - oauth2
+    - iam
+    - docker

roles/keycloak/tasks/main.yml

@@ -0,0 +1,72 @@
+---
+
+- name: Ensure build directory exists
+  ansible.builtin.file:
+    name: "{{ keycloak_container_build_directory }}"
+    state: directory
+    recurse: yes
+    mode: 0700
+  tags:
+    - keycloak-build-container
+
+- name: Ensure provider jars directory exists
+  ansible.builtin.file:
+    name: "{{ keycloak_provider_jars_directory }}"
+    state: directory
+    mode: 0775
+  tags:
+    - keycloak-build-container
+
+- name: Ensure Dockerfile is templated
+  ansible.builtin.template:
+    src: Dockerfile.j2
+    dest: "{{ keycloak_container_build_directory }}/Dockerfile"
+    mode: 0700
+  register: keycloak_buildfile_info
+  tags:
+    - keycloak-container
+    - keycloak-build-container
+
+- name: Ensure upstream Keycloak container image '{{ keycloak_container_image_upstream }}:{{ keycloak_version }}' is present
+  community.docker.docker_image:
+    name: "{{ keycloak_container_image_upstream }}:{{ keycloak_version }}"
+    source: pull
+    state: present
+  register: keycloak_container_image_upstream_status
+  tags:
+    - keycloak-container
+    - keycloak-build-container
+
+- name: Ensure custom keycloak container image '{{ keycloak_container_image_name }}' is built
+  community.docker.docker_image:
+    name: "{{ keycloak_container_image_name }}"
+    build:
+      args:
+        DB_VENDOR: "{{ keycloak_container_database_vendor }}"
+        KC_ADMIN_PASSWORD: "{{ keycloak_config_admin_password }}"
+      dockerfile: "{{ keycloak_container_build_directory }}/Dockerfile"
+      path: "{{ keycloak_container_build_directory }}"
+    source: build
+    state: present
+    force_source: "{{ keycloak_buildfile_info.changed or keycloak_container_image_upstream_status.changed or (keycloak_force_rebuild_container | default(false))}}"
+  register: keycloak_container_image_status
+  tags:
+    - keycloak-container
+    - keycloak-build-container
+
+- name: Ensure keycloak container is running
+  community.docker.docker_container:
+    name: "{{ keycloak_container_name }}"
+    image: "{{ keycloak_container_image_name }}"
+    env: "{{ keycloak_container_env | default(omit, true) }}"
+    ports: "{{ keycloak_container_ports | default(omit, true) }}"
+    hostname: "{{ keycloak_container_hostname | default(omit) }}"
+    labels: "{{ keycloak_container_labels | default(omit, true) }}"
+    volumes: "{{ keycloak_container_volumes | default(omit, true) }}"
+    restart_policy: "{{ keycloak_container_restart_policy }}"
+    recreate: "{{ keycloak_container_force_recreate | default(false) or (keycloak_container_image_status.changed if keycloak_container_image_status is defined else false) }}"
+    etc_hosts: "{{ keycloak_container_etc_hosts | default(omit) }}"
+    state: started
+    command: "{{ keycloak_container_command }}"
+  tags:
+    - keycloak-container

roles/keycloak/templates/Dockerfile.j2

@@ -0,0 +1,41 @@
+FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }} as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED={{ keycloak_config_health_enabled | ternary('true', 'false') }}
+ENV KC_METRICS_ENABLED={{ keycloak_config_metrics_enabled | ternary('true', 'false') }}
+
+# Configure a database vendor
+ARG DB_VENDOR
+ENV KC_DB=$DB_VENDOR
+
+WORKDIR {{ keycloak_container_working_directory }}
+
+ADD ./providers/* providers/
+# Workaround to set correct mode on jar files
+USER root
+RUN chmod -R 0770 providers/*
+USER keycloak
+
+RUN {{ keycloak_container_working_directory }}/bin/kc.sh --verbose \
+{% for argument in keycloak_container_build_flags | dict2items(key_name='flag', value_name='value') %}
+  --{{- argument['flag'] -}}{{- argument['value'] | default(false, true) | ternary('=' + argument['value'], '') }} \
+{% endfor%}
+  build{% if keycloak_container_build_features | default([]) | length > 0 %} \
+{% endif %}
+{% if keycloak_container_build_features | default([]) | length > 0 %}
+  --features="{{ keycloak_container_build_features | join(',') }}"
+{% endif %}
+
+
+FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }}
+COPY --from=builder {{ keycloak_container_working_directory }}/ {{ keycloak_container_working_directory }}/
+
+ENV KC_HOSTNAME={{ keycloak_config_hostname }}
+ENV KEYCLOAK_ADMIN={{ keycloak_config_admin_username }}
+ARG KC_ADMIN_PASSWORD
+{% if keycloak_version | split('.') | first | int > 21 %}
+ENV KEYCLOAK_ADMIN_PASSWORD=$KC_ADMIN_PASSWORD
+{% else %}
+ENV KEYCLOAK_PASSWORD=$KC_ADMIN_PASSWORD
+{% endif %}
+ENTRYPOINT ["{{ keycloak_container_working_directory }}/bin/kc.sh"]

roles/keycloak/vars/main.yml

@@ -0,0 +1,3 @@
+---
+
+keycloak_container_working_directory: /opt/keycloak

roles/openproject/defaults/main.yml

@@ -2,9 +2,9 @@
 openproject_base_path: "/opt/openproject"
 
 openproject_upstream_git_url: "https://github.com/opf/openproject-deploy.git"
-openproject_upstream_git_branch: "stable/13"
+openproject_upstream_git_branch: "stable/14"
 
-openproject_compose_project_path: "{{ openproject_base_path }}/compose"
+openproject_compose_project_path: "{{ openproject_base_path }}"
 openproject_compose_project_name: "openproject"
 openproject_compose_project_env_file: "{{ openproject_compose_project_path }}/.env"
 openproject_compose_project_override_file: "{{ openproject_compose_project_path }}/docker-compose.override.yml"

roles/openproject/tasks/main.yml

@@ -26,14 +26,13 @@
     content: "{{ openproject_compose_overrides | default({}) | to_nice_yaml }}"
 
 - name: Ensure containers are pulled
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
     project_src: "{{ openproject_compose_project_path }}"
     project_name: "{{ openproject_compose_project_name }}"
-    pull: true
+    pull: "missing"
 
 - name: Ensure services are running
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
     project_src: "{{ openproject_compose_project_path }}"
     project_name: "{{ openproject_compose_project_name }}"
     state: "present"
-    build: false

roles/snipe_it/README.md

@@ -0,0 +1,46 @@
+# `finallycoffee.services.snipe_it` ansible role
+
+[Snipe-IT](https://snipeitapp.com/) is an open-source asset management with
+a powerful JSON-REST API. This ansible role deploys and configures Snipe-IT.
+
+## Requirements
+
+Snipe-IT requires a MySQL-Database like MariaDB and a working email service
+for sending email. For installing and configuring MariaDB, see
+[`finallycoffee.base.mariadb`](https://galaxy.ansible.com/ui/repo/published/finallycoffee/base/content/role/mariadb/).
+
+## Configuration
+
+Required variables to set are:
+
+- `snipe_it_domain` - domain name of the snipe-it instance
+- `snipe_it_config_app_url` - URL where snipe-it will be reachable including protocol and port
+- `snipe_it_config_app_key` - Laravel application key
+
+### Database configuration
+
+All (database) options from the upstream laravel `.env` file are available
+under the `snipe_it_config_db_*` prefix. Configure a database as follows:
+```
+snipe_it_config_db_host: localhost # defaults to localhost
+snipe_it_config_db_port: "3306" # defaults to 3306
+snipe_it_config_db_database: my_snipe_db_name # defaults to 'snipeit'
+snipe_it_config_db_username: my_snipe_db_user # defaults to 'snipeit'
+snipe_it_config_db_password: my_snipe_db_password
+# Set this if the database is shared with
+# other applications. defaults to not set
+snipe_it_config_db_prefix: snipe_
+```
+
+### Email configuration
+
+Configuring an email server is mandatory. An example is provided below:
+```yaml
+snipe_it_config_mail_host: smtp.example.com
+snipe_it_config_mail_username: snipe_user@snipe.example.com
+snipe_it_config_mail_password: i_want_to_be_strong_and_long
+snipe_it_config_mail_from_addr: "noreply@snipe.example.com"
+snipe_it_config_mail_from_name: "Example.com SnipeIT instance"
+```
+
+The default smtp port is `587` and can be set in `snipe_it_config_mail_port`.

roles/snipe_it/defaults/main/config.yml

@@ -0,0 +1,131 @@
+---
+snipe_it_config_app_version: "v{{ snipe_it_version }}"
+snipe_it_config_app_port: 8000
+snipe_it_config_app_env: "production"
+snipe_it_config_app_debug: false
+snipe_it_config_app_key: ~
+snipe_it_config_app_url: "http://localhost:{{ snipe_it_config_app_port }}"
+snipe_it_config_app_timezone: UTC
+snipe_it_config_app_locale: en-US
+snipe_it_config_app_locked: false
+snipe_it_config_app_cipher: "AES-256-GCM"
+snipe_it_config_app_force_tls: false
+snipe_it_config_app_trusted_proxies:
+  - '192.168.0.0/16'
+  - '172.16.0.0/12'
+  - '10.0.0.0/8'
+
+snipe_it_config_db_connection: mysql
+snipe_it_config_db_host: localhost
+snipe_it_config_db_port: "3306"
+snipe_it_config_db_database: snipeit
+snipe_it_config_db_username: snipeit
+snipe_it_config_db_password: ~
+snipe_it_config_db_prefix: ~
+snipe_it_config_db_dump_path: /usr/bin/
+snipe_it_config_db_charset: utf8mb4
+snipe_it_config_db_collation: utf8mb4_unicode_ci
+snipe_it_config_db_ssl: false
+snipe_it_config_db_ssl_is_paas: false
+snipe_it_config_db_ssl_key_path: ~
+snipe_it_config_db_ssl_cert_path: ~
+snipe_it_config_db_ssl_ca_path: ~
+snipe_it_config_db_ssl_cipher: ~
+snipe_it_config_db_ssl_verify_server: ~
+
+snipe_it_config_mail_mailer: smtp
+snipe_it_config_mail_host: ~
+snipe_it_config_mail_port: 587
+snipe_it_config_mail_username: ~
+snipe_it_config_mail_password: ~
+snipe_it_config_mail_tls_verify_peer: true
+snipe_it_config_mail_from_addr: ~
+snipe_it_config_mail_from_name: ~
+snipe_it_config_mail_replyto_addr: "{{ snipe_it_config_mail_from_addr }}"
+snipe_it_config_mail_replyto_name: "{{ snipe_it_config_mail_from_name }}"
+snipe_it_config_mail_auto_embed_method: attachment
+snipe_it_config_mail_backup_notification_driver: ~
+snipe_it_config_mail_backup_notification_address: ~
+
+snipe_it_config_private_filesystem_disk: "local"
+snipe_it_config_public_filesystem_disk: "local_public"
+snipe_it_config_allow_backup_delete: false
+snipe_it_config_allow_data_purge: false
+snipe_it_config_image_lib: 'gd'
+
+snipe_it_config_log_channel: 'stderr'
+snipe_it_config_log_max_days: 10
+
+snipe_it_config_cookie_name: "_snipe_session"
+snipe_it_config_cookie_domain: "{{ snipe_it_domain }}"
+snipe_it_config_secure_cookies: true
+
+snipe_it_config_session_driver: file
+snipe_it_config_session_lifetime: 12000
+snipe_it_config_cache_driver: file
+snipe_it_config_cache_prefix: snipeit
+snipe_it_config_queue_driver: file
+
+snipe_it_base_config:
+  APP_VERSION: "{{ snipe_it_config_app_version }}"
+  APP_PORT: "{{ snipe_it_config_app_port }}"
+  APP_ENV: "{{ snipe_it_config_app_env }}"
+  APP_DEBUG: "{{ snipe_it_config_app_debug }}"
+  APP_KEY: "{{ snipe_it_config_app_key }}"
+  APP_URL: "{{ snipe_it_config_app_url }}"
+  APP_TIMEZONE: "{{ snipe_it_config_app_timezone }}"
+  APP_LOCALE: "{{ snipe_it_config_app_locale }}"
+  APP_LOCKED: "{{ snipe_it_config_app_locked }}"
+  APP_CIPHER: "{{ snipe_it_config_app_cipher }}"
+  APP_FORCE_TLS: "{{ snipe_it_config_app_force_tls }}"
+  APP_TRUSTED_PROXIES: "{{ snipe_it_config_app_trusted_proxies | join(',') }}"
+  DB_CONNECTION: "{{ snipe_it_config_db_connection }}"
+  DB_HOST: "{{ snipe_it_config_db_host }}"
+  DB_PORT: "{{ snipe_it_config_db_port }}"
+  DB_DATABASE: "{{ snipe_it_config_db_database }}"
+  DB_USERNAME: "{{ snipe_it_config_db_username }}"
+  DB_PASSWORD: "{{ snipe_it_config_db_password }}"
+  DB_PREFIX: "{{ snipe_it_config_db_prefix | default('null', true) }}"
+  DB_DUMP_PATH: "{{ snipe_it_config_db_dump_path }}"
+  DB_CHARSET: "{{ snipe_it_config_db_charset }}"
+  DB_COLLATION: "{{ snipe_it_config_db_collation }}"
+  DB_SSL: "{{ snipe_it_config_db_ssl }}"
+  DB_SSL_IS_PAAS: "{{ snipe_it_config_db_ssl_is_paas }}"
+  DB_SSL_KEY_PATH: "{{ snipe_it_config_db_ssl_key_path | default('null', true) }}"
+  DB_SSL_CERT_PATH: "{{ snipe_it_config_db_ssl_cert_path | default('null', true) }}"
+  DB_SSL_CA_PATH: "{{ snipe_it_config_db_ssl_ca_path | default('null', true) }}"
+  DB_SSL_CIPHER: "{{ snipe_it_config_db_ssl_cipher | default('null', true) }}"
+  DB_SSL_VERIFY_SERVER: "{{ snipe_it_config_db_ssl_verify_server | default('null', true) }}"
+  MAIL_MAILER: "{{ snipe_it_config_mail_mailer }}"
+  MAIL_HOST: "{{ snipe_it_config_mail_host }}"
+  MAIL_PORT: "{{ snipe_it_config_mail_port }}"
+  MAIL_USERNAME: "{{ snipe_it_config_mail_username }}"
+  MAIL_PASSWORD: "{{ snipe_it_config_mail_password }}"
+  MAIL_TLS_VERIFY_PEER: "{{ snipe_it_config_mail_tls_verify_peer }}"
+  MAIL_FROM_ADDR: "{{ snipe_it_config_mail_from_addr | default('null', true) }}"
+  MAIL_FROM_NAME: "{{ snipe_it_config_mail_from_name | default('null', true) }}"
+  MAIL_REPLYTO_ADDR: "{{ snipe_it_config_mail_replyto_addr | default('null', true) }}"
+  MAIL_REPLYTO_NAME: "{{ snipe_it_config_mail_replyto_name | default('null', true) }}"
+  MAIL_AUTO_EMBED_METHOD: "{{ snipe_it_config_mail_auto_embed_method }}"
+  MAIL_BACKUP_NOTIFICATION_DRIVER: "{{ snipe_it_config_mail_backup_notification_driver }}"
+  MAIL_BACKUP_NOTIFICATION_ADDRESS: "{{ snipe_it_config_mail_backup_notification_address }}"
+  SESSION_DRIVER: "{{ snipe_it_config_session_driver }}"
+  SESSION_LIFETIME: "{{ snipe_it_config_session_lifetime }}"
+  CACHE_DRIVER: "{{ snipe_it_config_cache_driver }}"
+  CACHE_PREFIX: "{{ snipe_it_config_cache_prefix }}"
+  QUEUE_DRIVER: "{{ snipe_it_config_queue_driver }}"
+  PRIVATE_FILESYSTEM_DISK: "{{ snipe_it_config_private_filesystem_disk }}"
+  PUBLIC_FILESYSTEM_DISK: "{{ snipe_it_config_public_filesystem_disk }}"
+  ALLOW_BACKUP_DELETE: "{{ snipe_it_config_allow_backup_delete }}"
+  ALLOW_DATA_PURGE: "{{ snipe_it_config_allow_data_purge }}"
+  IMAGE_LIB: "{{ snipe_it_config_image_lib }}"
+  LOG_CHANNEL: "{{ snipe_it_config_log_channel }}"
+  LOG_MAX_DAYS: "{{ snipe_it_config_log_max_days }}"
+  COOKIE_NAME: "{{ snipe_it_config_cookie_name }}"
+  COOKIE_DOMAIN: "{{ snipe_it_config_cookie_domain }}"
+  SECURE_COOKIES: "{{ snipe_it_config_secure_cookies }}"
+
+snipe_it_config: ~
+snipe_it_merged_config: >-2
+  {{ (snipe_it_base_config | default({}, true))
+    | combine((snipe_it_config | default({}, true)), recursive=True) }}

roles/snipe_it/defaults/main/container.yml

@@ -0,0 +1,48 @@
+---
+snipe_it_container_image_registry: docker.io
+snipe_it_container_image_namespace: snipe
+snipe_it_container_image_name: 'snipe-it'
+snipe_it_container_image_tag: ~
+snipe_it_container_image_flavour: alpine
+snipe_it_container_image_source: pull
+snipe_it_container_image_force_source: >-2
+  {{ snipe_it_container_image_tag | default(false, true) | bool }}
+snipe_it_container_image: >-2
+  {{
+    ([
+      snipe_it_container_image_registry | default([], true),
+      snipe_it_container_image_namespace | default([], true),
+      snipe_it_container_image_name,
+    ] | flatten | join('/'))
+    + ':'
+    + (snipe_it_container_image_tag | default(
+        'v' + snipe_it_version + (
+          ((snipe_it_container_image_flavour is string)
+            and (snipe_it_container_image_flavour | length > 0))
+          | ternary(
+            '-' + snipe_it_container_image_flavour | default('', true),
+            ''
+          )
+        ),
+        true
+    ))
+  }}
+
+snipe_it_container_env_file: "/var/www/html/.env"
+snipe_it_container_data_directory: "/var/lib/snipeit/"
+snipe_it_container_volumes:
+  - "{{ snipe_it_data_directory }}:{{ snipe_it_container_data_directory }}:z"
+
+snipe_it_container_name: 'snipe-it'
+snipe_it_container_state: >-2
+  {{ (snipe_it_state == 'present') | ternary('started', 'absent') }}
+snipe_it_container_env: ~
+snipe_it_container_user: ~
+snipe_it_container_ports: ~
+snipe_it_container_labels: ~
+snipe_it_container_recreate: ~
+snipe_it_container_networks: ~
+snipe_it_container_etc_hosts: ~
+snipe_it_container_dns_servers: ~
+snipe_it_container_network_mode: ~
+snipe_it_container_restart_policy: 'unless-stopped'

roles/snipe_it/defaults/main/main.yml

@@ -0,0 +1,9 @@
+---
+snipe_it_user: snipeit
+snipe_it_version: "7.1.15"
+snipe_it_domain: ~
+snipe_it_state: present
+snipe_it_deployment_method: docker
+
+snipe_it_env_file: /etc/snipeit/env
+snipe_it_data_directory: /var/lib/snipeit

roles/snipe_it/defaults/main/user.yml

@@ -0,0 +1,5 @@
+---
+snipe_it_run_user_id: >-2
+  {{ snipe_it_user_info.uid | default(snipe_it_user) }}
+snipe_it_run_group_id: >-2
+  {{ snipe_it_user_info.group | default(snipe_it_user) }}

roles/snipe_it/meta/main.yml

@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: snipe_it
+  description: >-2
+    Deploy Snipe-IT, an open-source asset / license management system with
+    powerful JSON REST API
+  galaxy_tags:
+    - snipeit
+    - asset-management
+    - docker

roles/snipe_it/tasks/check.yml

@@ -0,0 +1,14 @@
+---
+- name: Ensure state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ snipe_it_state }}'!
+      Supported states are {{ snipe_it_states | join(', ') }}.
+  when: snipe_it_state is not in snipe_it_states
+
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment_method '{{ snipe_it_deployment_method }}'!
+      Supported values are {{ snipe_it_deployment_methods | join(', ') }}.
+  when: snipe_it_deployment_method is not in snipe_it_deployment_methods

roles/snipe_it/tasks/deploy-docker.yml

@@ -0,0 +1,30 @@
+---
+- name: Ensure container image '{{ snipe_it_container_image }}' is {{ snipe_it_state }}
+  community.docker.docker_image:
+    name: "{{ snipe_it_container_image }}"
+    state: "{{ snipe_it_state }}"
+    source: "{{ snipe_it_container_image_source }}"
+    force_source: "{{ snipe_it_container_image_force_source }}"
+  register: snipe_it_container_image_info
+  until: snipe_it_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ snipe_it_container_name }}' is {{ snipe_it_container_state }}
+  community.docker.docker_container:
+    name: "{{ snipe_it_container_name }}"
+    image: "{{ snipe_it_container_image }}"
+    env_file: "{{ snipe_it_env_file }}"
+    env: "{{ snipe_it_container_env | default(omit, true) }}"
+    user: "{{ snipe_it_container_user | default(omit, true) }}"
+    ports: "{{ snipe_it_container_ports | default(omit, true) }}"
+    labels: "{{ snipe_it_container_labels | default(omit, true) }}"
+    volumes: "{{ snipe_it_container_volumes | default(omit, true) }}"
+    networks: "{{ snipe_it_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ snipe_it_container_etc_hosts | default(omit, true) }}"
+    dns_servers: "{{ snipe_it_container_dns_servers | default(omit, true) }}"
+    network_mode: "{{ snipe_it_container_network_mode | default(omit, true) }}"
+    restart_policy: >-2
+      {{ snipe_it_container_restart_policy | default(omit, true) }}
+    recreate: "{{ snipe_it_container_recreate | default(omit, true) }}"
+    state: "{{ snipe_it_container_state }}"

roles/snipe_it/tasks/main.yml

@@ -0,0 +1,59 @@
+---
+- name: Check preconditions
+  ansible.builtin.include_tasks:
+    file: "check.yml"
+
+- name: Ensure snipe-it user '{{ snipe_it_user }}' is {{ snipe_it_state }}
+  ansible.builtin.user:
+    name: "{{ snipe_it_user }}"
+    state: "{{ snipe_it_state }}"
+    system: "{{ snipe_it_user_system | default(true, true) }}"
+    create_home: "{{ snipe_it_user_create_home | default(false, true) }}"
+    groups: "{{ snipe_it_user_groups | default(omit, true) }}"
+    append: >-2
+      {{
+        snipe_it_user_groups_append | default(
+            snipe_it_user_groups | default([], true) | length > 0,
+            true,
+        )
+      }}
+  register: snipe_it_user_info
+
+- name: Ensure snipe-it environment file is {{ snipe_it_state }}
+  ansible.builtin.file:
+    path: "{{ snipe_it_env_file }}"
+    state: "{{ snipe_it_state }}"
+  when: snipe_it_state == 'absent'
+
+- name: Ensure snipe-it config directory is {{ snipe_it_state }}
+  ansible.builtin.file:
+    path: "{{ snipe_it_env_file | dirname }}"
+    state: "{{ (snipe_it_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ snipe_it_run_user_id }}"
+    group: "{{ snipe_it_run_group_id }}"
+    mode: "0755"
+  when: snipe_it_state == 'present'
+
+- name: Ensure snipe-it data directory '{{ snipe_it_data_directory }}' is {{ snipe_it_state }}
+  ansible.builtin.file:
+    path: "{{ snipe_it_data_directory }}"
+    state: "{{ (snipe_it_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ snipe_it_run_user_id }}"
+    group: "{{ snipe_it_run_group_id }}"
+    mode: "0755"
+
+- name: Ensure snipe-it environment file is templated
+  ansible.builtin.copy:
+    content: |+2
+      {% for entry in snipe_it_merged_config | dict2items %}
+      {{ entry.key }}={{ entry.value }}
+      {% endfor %}
+    dest: "{{ snipe_it_env_file }}"
+    owner: "{{ snipe_it_run_user_id }}"
+    group: "{{ snipe_it_run_group_id }}"
+    mode: "0640"
+  when: snipe_it_state == 'present'
+
+- name: Deploy using {{ snipe_it_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ snipe_it_deployment_method }}.yml"

roles/snipe_it/vars/main.yml

@@ -0,0 +1,6 @@
+---
+snipe_it_states:
+  - present
+  - absent
+snipe_it_deployment_methods:
+  - docker

roles/vaultwarden/defaults/main/main.yml

@@ -1,6 +1,6 @@
 ---
 vaultwarden_user: vaultwarden
-vaultwarden_version: "1.32.2"
+vaultwarden_version: "1.32.7"
 
 vaultwarden_config_file: "/etc/vaultwarden/config.json"
 vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}"