Browse Source

move bitwardenrs to vaultwarden

master
vincent 7 months ago
parent
commit
78725a317b
  1. 30
      defaults/main.yml
  2. 6
      handlers/main.yml
  3. 2
      meta/.galaxy_install_info
  4. 1
      meta/main.yml
  5. 29
      tasks/database_mysql.yml
  6. 30
      tasks/database_postgresql.yml
  7. 21
      tasks/main.yml
  8. 3
      tasks/setup-Archlinux.yml
  9. 6
      templates/fail2ban/vaultwarden.local.j2
  10. 30
      templates/vaultwarden.env.j2
  11. 2
      tests/test.yml
  12. 8
      vars/Archlinux.yml

30
defaults/main.yml

@ -1,16 +1,16 @@
---
# defaults file for ansible-bitwardenrs
bitwardenrs_web_vault_enable: True
bitwarden_baseURL: http://localhost
bitwardenrs_port: 8080
bitwardenrs_websocket_port: 3012
bitwarden_rs_websocket_enabler: true
bitwardenrs_logfile: /var/log/bitwarden_rs.log
#dbtype mange postgresql and mysql
bitwardenrs_db_type:
bitwardenrs_db_user: bitwardenrs
bitwardenrs_db_name: bitwardenrs
bitwardenrs_db_password: bitwardenrs
bitwarden_db_host: localhost
bitwardenrs_SQl_target_file:
# defaults file for ansible-vaultwarden
vaultwarden_web_vault_enable: true
vaultwarden_baseURL: http://localhost
vaultwarden_port: 8080
vaultwarden_websocket_port: 3012
vaultwarden_websocket_enabler: true
vaultwarden_logfile: /var/log/vaultwarden.log
# dbtype mange postgresql and mysql
vaultwarden_db_type:
vaultwarden_db_user: vaultwarden
vaultwarden_db_name: vaultwarden
vaultwarden_db_password: vaultwarden
vaultwarden_db_host: localhost
vaultwarden_SQl_target_file:
vaultwarden_serviceName: vaultwarden

6
handlers/main.yml

@ -1,7 +1,7 @@
---
# handlers file for ansible-bitwardenrs
- name: restart bitwardenrs
# handlers file for ansible-vaultwarden
- name: restart vaultwarden
service:
name: "{{ bitwardenrs_serviceName }}"
name: "{{ vaultwarden_serviceName }}"
state: restarted
when: ansible_service_mgr == "systemd"

2
meta/.galaxy_install_info

@ -0,0 +1,2 @@
install_date: Mon Apr 19 11:34:59 2021
version: ''

1
meta/main.yml

@ -1,3 +1,4 @@
---
galaxy_info:
author: VincentDcmps
description:

29
tasks/database_mysql.yml

@ -1,25 +1,26 @@
---
- name: "Ensure database is present"
become: yes
mysql_db:
name: "{{ bitwardenrs_db_name }}"
become: true
mysql_db:
name: "{{ vaultwarden_db_name }}"
collation: utf8mb4_unicode_ci
encoding: utf8mb4
state: present
register: bitwardenrs_database_creation
register: vaultwarden_database_creation
- name: import DATA in database in case of creation
become: yes
mysql_db:
name: "{{ bitwardenrs_db_name }}"
become: true
mysql_db:
name: "{{ vaultwarden_db_name }}"
state: import
target: "{{bitwardenrs_SQl_target_file}}"
when: bitwardenrs_database_creation.changed == true and bitwarden_rs_SQl_target_file is defined
target: "{{vaultwarden_SQl_target_file}}"
when: vaultwarden_database_creation.changed == true and vaultwarden_SQl_target_file is defined
- name: "Ensure db user is present"
become: yes
mysql_user:
name: "{{ bitwardenrs_db_user }}"
become: true
mysql_user:
name: "{{ vaultwarden_db_user }}"
host: localhost
password: "{{ bitwardenrs_db_password }}"
priv: "{{ bitwardenrs_db_name }}.*:ALL"
password: "{{ vaultwarden_db_password }}"
priv: "{{ vaultwarden_db_name }}.*:ALL"
state: present

30
tasks/database_postgresql.yml

@ -1,30 +1,30 @@
---
- name: "Ensure db user is present"
become: yes
become: true
become_user: postgres
postgresql_user:
name: "{{ bitwardenrs_db_user }}"
password: "{{ bitwardenrs_db_password }}"
postgresql_user:
name: "{{ vaultwarden_db_user }}"
password: "{{ vaultwarden_db_password }}"
state: present
- name: "Ensure database is present"
become: yes
become: true
become_user: postgres
postgresql_db:
name: "{{ bitwardenrs_db_name }}"
postgresql_db:
name: "{{ vaultwarden_db_name }}"
lc_collate: fr_FR.UTF-8
encoding: utf8
template: template0
owner: "{{ bitwardenrs_db_user }}"
owner: "{{ vaultwarden_db_user }}"
state: present
register: bitwardenrs_database_creation
register: vaultwarden_database_creation
- name: import DATA in database in case of creation
become: yes
become: true
become_user: postgres
postgresql_db:
name: "{{ bitwardenrs_db_name }}"
name: "{{ vaultwarden_db_name }}"
state: restore
target: "{{ bitwardenrs_SQl_target_file }}"
register: bitwardenrs_database_import
when: bitwardenrs_database_creation.changed == true and bitwardenrs_SQl_target_file is defined
target: "{{ vaultwarden_SQl_target_file }}"
register: vaultwarden_database_import
when: vaultwarden_database_creation.changed == true and vaultwarden_SQl_target_file is defined

21
tasks/main.yml

@ -1,9 +1,8 @@
---
# tasks file for ansible-bitwardenrs
# tasks file for ansible-vaultwarden
- name: select specific Database tasks
include_tasks: "database_{{bitwardenrs_db_type}}.yml"
include_tasks: "database_{{vaultwarden_db_type}}.yml"
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
@ -13,16 +12,14 @@
- name: apply config file
template:
dest: /etc/bitwarden_rs.env
src: bitwarden_rs.env.j2
notify: "restart bitwardenrs"
dest: /etc/vaultwarden.env
src: vaultwarden.env.j2
notify: "restart vaultwarden"
- name: apply fail2ban jail
template:
src: fail2ban/bitwarden_rs.local.j2
dest: /etc/fail2ban/jail.d/bitwarden_rs.local
src: fail2ban/vaultwarden.local.j2
dest: /etc/fail2ban/jail.d/vaultwarden.local
- name: enable systemd services
systemd:
name: "{{ bitwardenrs_serviceName }}"
enabled: True
name: "{{ vaultwarden_serviceName }}"
enabled: true

3
tasks/setup-Archlinux.yml

@ -1,4 +1,5 @@
---
- name: install arch packages
package:
name: "{{ bitwardenrs_packages}}"
name: "{{ vaultwarden_packages}}"
state: present

6
templates/fail2ban/bitwarden_rs.local.j2 → templates/fail2ban/vaultwarden.local.j2

@ -1,9 +1,9 @@
[bitwarden_rs]
[vaultwarden]
enabled = true
port = 80,443,8081
filter = bitwarden_rs
filter = vaultwarden
banaction = %(banaction_allports)s
logpath = {{ bitwardenrs_logfile }}
logpath = {{ vaultwarden_logfile }}
maxretry = 3
bantime = 14400
findtime = 14400

30
templates/bitwarden_rs.env.j2 → templates/vaultwarden.env.j2

@ -1,11 +1,11 @@
## Bitwarden_RS Configuration File
## vaultwarden Configuration File
## Uncomment any of the following lines to change the defaults
##
## Be aware that most of these settings will be overridden if they were changed
## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
## Main data folder
DATA_FOLDER=/var/lib/bitwarden_rs
DATA_FOLDER=/var/lib/vaultwarden
## Database URL
## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
@ -19,8 +19,8 @@ DATA_FOLDER=/var/lib/bitwarden_rs
## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html
## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
# DATABASE_URL=postgresql://user:password@host[:port]/database_name
{% if bitwardenrs_db_type %}
DATABASE_URL={{bitwardenrs_db_type}}://{{bitwardenrs_db_user}}:{{bitwardenrs_db_password}}@{{bitwarden_db_host}}/{{bitwardenrs_db_name}}
{% if vaultwarden_db_type %}
DATABASE_URL={{vaultwarden_db_type}}://{{vaultwarden_db_user}}:{{vaultwarden_db_password}}@{{vaultwarden_db_host}}/{{vaultwarden_db_name}}
{% endif %}
## Database max connections
## Define the size of the connection pool used for connecting to the database.
@ -47,15 +47,15 @@ DATA_FOLDER=/var/lib/bitwarden_rs
# ICON_CACHE_NEGTTL=259200
## Web vault settings
WEB_VAULT_FOLDER=/usr/share/bitwarden_rs-web
WEB_VAULT_ENABLED={{ bitwardenrs_web_vault_enable }}
WEB_VAULT_FOLDER=/usr/share/webapps/vaultwarden-web
WEB_VAULT_ENABLED={{ vaultwarden_web_vault_enable }}
## Enables websocket notifications
WEBSOCKET_ENABLED= {{bitwarden_rs_websocket_enabler}}
WEBSOCKET_ENABLED= {{vaultwarden_websocket_enabler}}
## Controls the WebSocket server address and port
# WEBSOCKET_ADDRESS=0.0.0.0
WEBSOCKET_PORT= {{ bitwardenrs_websocket_port }}
WEBSOCKET_PORT= {{ vaultwarden_websocket_port }}
## Enable extended logging, which shows timestamps and targets in the logs
# EXTENDED_LOGGING=true
@ -66,7 +66,7 @@ WEBSOCKET_ENABLED= {{bitwarden_rs_websocket_enabler}}
## Logging to file
## It's recommended to also set 'ROCKET_CLI_COLORS=off'
LOG_FILE= {{ bitwardenrs_logfile }}
LOG_FILE= {{ vaultwarden_logfile }}
## Logging to Syslog
## This requires extended logging
@ -83,7 +83,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
## Enable WAL for the DB
## Set to false to avoid enabling WAL during startup.
## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
## this setting only prevents bitwarden_rs from automatically enabling it on start.
## this setting only prevents vaultwarden from automatically enabling it on start.
## Please read project wiki page about this setting first before changing the value as it can
## cause performance degradation or might render the service unable to start.
# ENABLE_DB_WAL=true
@ -171,7 +171,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
## Invitations org admins to invite users, even when signups are disabled
# INVITATIONS_ALLOWED=true
## Name shown in the invitation emails that don't come from a specific organization
# INVITATION_ORG_NAME=Bitwarden_RS
# INVITATION_ORG_NAME=vaultwarden
## Per-organization attachment limit (KB)
## Limit in kilobytes for an organization attachments, once the limit is exceeded it won't be possible to upload more
@ -193,7 +193,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
## It's recommended to configure this value, otherwise certain functionality might not work,
## like attachment downloads, email links and U2F.
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
DOMAIN= {{ bitwarden_baseURL }}
DOMAIN= {{ vaultwarden_baseURL }}
## Allowed iframe ancestors (Know the risks!)
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
@ -236,7 +236,7 @@ DOMAIN= {{ bitwarden_baseURL }}
## Rocket specific settings, check Rocket documentation to learn more
# ROCKET_ENV=staging
# ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app
ROCKET_PORT= {{bitwardenrs_port}}
ROCKET_PORT= {{vaultwarden_port}}
# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
ROCKET_LIMITS={json=10485760}
@ -244,8 +244,8 @@ ROCKET_LIMITS={json=10485760}
## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
# SMTP_HOST=smtp.domain.tld
# SMTP_FROM=bitwarden-rs@domain.tld
# SMTP_FROM_NAME=Bitwarden_RS
# SMTP_FROM=vaultwarden@domain.tld
# SMTP_FROM_NAME=vaultwarden
# SMTP_PORT=587 # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and used with Implicit TLS.
# SMTP_SSL=true # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true. Either port 587 or 25 are default.
# SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. Usually port 465 is used here.

2
tests/test.yml

@ -2,4 +2,4 @@
- hosts: localhost
remote_user: root
roles:
- ansible-bitwardenrs
- ../ansible-vaultwarden

8
vars/Archlinux.yml

@ -1,6 +1,6 @@
---
bitwardenrs_packages:
- bitwarden_rs
- bitwarden_rs-web
vaultwarden_packages:
- vaultwarden
- vaultwarden-web
bitwardenrs_serviceName: bitwarden_rs
vaultwarden_serviceName: vaultwarden

Loading…
Cancel
Save