From 78725a317b72627593ea897484cb76f0c68818b8 Mon Sep 17 00:00:00 2001 From: vincent Date: Sat, 8 May 2021 09:59:30 +0200 Subject: [PATCH] move bitwardenrs to vaultwarden --- defaults/main.yml | 30 +++++++++---------- handlers/main.yml | 6 ++-- meta/.galaxy_install_info | 2 ++ meta/main.yml | 1 + tasks/database_mysql.yml | 29 +++++++++--------- tasks/database_postgresql.yml | 30 +++++++++---------- tasks/main.yml | 21 ++++++------- tasks/setup-Archlinux.yml | 3 +- ...arden_rs.local.j2 => vaultwarden.local.j2} | 6 ++-- ...bitwarden_rs.env.j2 => vaultwarden.env.j2} | 30 +++++++++---------- tests/test.yml | 2 +- vars/Archlinux.yml | 8 ++--- 12 files changed, 85 insertions(+), 83 deletions(-) create mode 100644 meta/.galaxy_install_info rename templates/fail2ban/{bitwarden_rs.local.j2 => vaultwarden.local.j2} (61%) rename templates/{bitwarden_rs.env.j2 => vaultwarden.env.j2} (94%) diff --git a/defaults/main.yml b/defaults/main.yml index 8547d44..d600513 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,16 +1,16 @@ --- -# defaults file for ansible-bitwardenrs -bitwardenrs_web_vault_enable: True -bitwarden_baseURL: http://localhost -bitwardenrs_port: 8080 -bitwardenrs_websocket_port: 3012 -bitwarden_rs_websocket_enabler: true -bitwardenrs_logfile: /var/log/bitwarden_rs.log -#dbtype mange postgresql and mysql -bitwardenrs_db_type: -bitwardenrs_db_user: bitwardenrs -bitwardenrs_db_name: bitwardenrs -bitwardenrs_db_password: bitwardenrs -bitwarden_db_host: localhost -bitwardenrs_SQl_target_file: - +# defaults file for ansible-vaultwarden +vaultwarden_web_vault_enable: true +vaultwarden_baseURL: http://localhost +vaultwarden_port: 8080 +vaultwarden_websocket_port: 3012 +vaultwarden_websocket_enabler: true +vaultwarden_logfile: /var/log/vaultwarden.log +# dbtype mange postgresql and mysql +vaultwarden_db_type: +vaultwarden_db_user: vaultwarden +vaultwarden_db_name: vaultwarden +vaultwarden_db_password: vaultwarden +vaultwarden_db_host: localhost +vaultwarden_SQl_target_file: +vaultwarden_serviceName: vaultwarden diff --git a/handlers/main.yml b/handlers/main.yml index 937a2c1..f6b8bdf 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,7 +1,7 @@ --- -# handlers file for ansible-bitwardenrs -- name: restart bitwardenrs +# handlers file for ansible-vaultwarden +- name: restart vaultwarden service: - name: "{{ bitwardenrs_serviceName }}" + name: "{{ vaultwarden_serviceName }}" state: restarted when: ansible_service_mgr == "systemd" diff --git a/meta/.galaxy_install_info b/meta/.galaxy_install_info new file mode 100644 index 0000000..dbdc213 --- /dev/null +++ b/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Mon Apr 19 11:34:59 2021 +version: '' diff --git a/meta/main.yml b/meta/main.yml index adbd58b..42dda87 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,3 +1,4 @@ +--- galaxy_info: author: VincentDcmps description: diff --git a/tasks/database_mysql.yml b/tasks/database_mysql.yml index b395e8e..ac286c5 100644 --- a/tasks/database_mysql.yml +++ b/tasks/database_mysql.yml @@ -1,25 +1,26 @@ +--- - name: "Ensure database is present" - become: yes - mysql_db: - name: "{{ bitwardenrs_db_name }}" + become: true + mysql_db: + name: "{{ vaultwarden_db_name }}" collation: utf8mb4_unicode_ci encoding: utf8mb4 state: present - register: bitwardenrs_database_creation + register: vaultwarden_database_creation - name: import DATA in database in case of creation - become: yes - mysql_db: - name: "{{ bitwardenrs_db_name }}" + become: true + mysql_db: + name: "{{ vaultwarden_db_name }}" state: import - target: "{{bitwardenrs_SQl_target_file}}" - when: bitwardenrs_database_creation.changed == true and bitwarden_rs_SQl_target_file is defined + target: "{{vaultwarden_SQl_target_file}}" + when: vaultwarden_database_creation.changed == true and vaultwarden_SQl_target_file is defined - name: "Ensure db user is present" - become: yes - mysql_user: - name: "{{ bitwardenrs_db_user }}" + become: true + mysql_user: + name: "{{ vaultwarden_db_user }}" host: localhost - password: "{{ bitwardenrs_db_password }}" - priv: "{{ bitwardenrs_db_name }}.*:ALL" + password: "{{ vaultwarden_db_password }}" + priv: "{{ vaultwarden_db_name }}.*:ALL" state: present diff --git a/tasks/database_postgresql.yml b/tasks/database_postgresql.yml index b6c5b3b..2e0cab9 100644 --- a/tasks/database_postgresql.yml +++ b/tasks/database_postgresql.yml @@ -1,30 +1,30 @@ +--- - name: "Ensure db user is present" - become: yes + become: true become_user: postgres - postgresql_user: - name: "{{ bitwardenrs_db_user }}" - password: "{{ bitwardenrs_db_password }}" + postgresql_user: + name: "{{ vaultwarden_db_user }}" + password: "{{ vaultwarden_db_password }}" state: present - name: "Ensure database is present" - become: yes + become: true become_user: postgres - postgresql_db: - name: "{{ bitwardenrs_db_name }}" + postgresql_db: + name: "{{ vaultwarden_db_name }}" lc_collate: fr_FR.UTF-8 encoding: utf8 template: template0 - owner: "{{ bitwardenrs_db_user }}" + owner: "{{ vaultwarden_db_user }}" state: present - register: bitwardenrs_database_creation - + register: vaultwarden_database_creation - name: import DATA in database in case of creation - become: yes + become: true become_user: postgres postgresql_db: - name: "{{ bitwardenrs_db_name }}" + name: "{{ vaultwarden_db_name }}" state: restore - target: "{{ bitwardenrs_SQl_target_file }}" - register: bitwardenrs_database_import - when: bitwardenrs_database_creation.changed == true and bitwardenrs_SQl_target_file is defined + target: "{{ vaultwarden_SQl_target_file }}" + register: vaultwarden_database_import + when: vaultwarden_database_creation.changed == true and vaultwarden_SQl_target_file is defined diff --git a/tasks/main.yml b/tasks/main.yml index 22350e4..53cd4f0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,9 +1,8 @@ --- -# tasks file for ansible-bitwardenrs +# tasks file for ansible-vaultwarden - name: select specific Database tasks - include_tasks: "database_{{bitwardenrs_db_type}}.yml" - + include_tasks: "database_{{vaultwarden_db_type}}.yml" - name: Include OS-specific variables. include_vars: "{{ ansible_os_family }}.yml" @@ -13,16 +12,14 @@ - name: apply config file template: - dest: /etc/bitwarden_rs.env - src: bitwarden_rs.env.j2 - notify: "restart bitwardenrs" + dest: /etc/vaultwarden.env + src: vaultwarden.env.j2 + notify: "restart vaultwarden" - name: apply fail2ban jail template: - src: fail2ban/bitwarden_rs.local.j2 - dest: /etc/fail2ban/jail.d/bitwarden_rs.local + src: fail2ban/vaultwarden.local.j2 + dest: /etc/fail2ban/jail.d/vaultwarden.local - name: enable systemd services systemd: - name: "{{ bitwardenrs_serviceName }}" - enabled: True - - + name: "{{ vaultwarden_serviceName }}" + enabled: true diff --git a/tasks/setup-Archlinux.yml b/tasks/setup-Archlinux.yml index dd87927..849896d 100644 --- a/tasks/setup-Archlinux.yml +++ b/tasks/setup-Archlinux.yml @@ -1,4 +1,5 @@ +--- - name: install arch packages package: - name: "{{ bitwardenrs_packages}}" + name: "{{ vaultwarden_packages}}" state: present diff --git a/templates/fail2ban/bitwarden_rs.local.j2 b/templates/fail2ban/vaultwarden.local.j2 similarity index 61% rename from templates/fail2ban/bitwarden_rs.local.j2 rename to templates/fail2ban/vaultwarden.local.j2 index 82a936f..e004dbd 100644 --- a/templates/fail2ban/bitwarden_rs.local.j2 +++ b/templates/fail2ban/vaultwarden.local.j2 @@ -1,9 +1,9 @@ -[bitwarden_rs] +[vaultwarden] enabled = true port = 80,443,8081 -filter = bitwarden_rs +filter = vaultwarden banaction = %(banaction_allports)s -logpath = {{ bitwardenrs_logfile }} +logpath = {{ vaultwarden_logfile }} maxretry = 3 bantime = 14400 findtime = 14400 diff --git a/templates/bitwarden_rs.env.j2 b/templates/vaultwarden.env.j2 similarity index 94% rename from templates/bitwarden_rs.env.j2 rename to templates/vaultwarden.env.j2 index 92b9f1e..0e8c5e4 100644 --- a/templates/bitwarden_rs.env.j2 +++ b/templates/vaultwarden.env.j2 @@ -1,11 +1,11 @@ -## Bitwarden_RS Configuration File +## vaultwarden Configuration File ## Uncomment any of the following lines to change the defaults ## ## Be aware that most of these settings will be overridden if they were changed ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json . ## Main data folder -DATA_FOLDER=/var/lib/bitwarden_rs +DATA_FOLDER=/var/lib/vaultwarden ## Database URL ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3 @@ -19,8 +19,8 @@ DATA_FOLDER=/var/lib/bitwarden_rs ## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING # DATABASE_URL=postgresql://user:password@host[:port]/database_name -{% if bitwardenrs_db_type %} - DATABASE_URL={{bitwardenrs_db_type}}://{{bitwardenrs_db_user}}:{{bitwardenrs_db_password}}@{{bitwarden_db_host}}/{{bitwardenrs_db_name}} +{% if vaultwarden_db_type %} + DATABASE_URL={{vaultwarden_db_type}}://{{vaultwarden_db_user}}:{{vaultwarden_db_password}}@{{vaultwarden_db_host}}/{{vaultwarden_db_name}} {% endif %} ## Database max connections ## Define the size of the connection pool used for connecting to the database. @@ -47,15 +47,15 @@ DATA_FOLDER=/var/lib/bitwarden_rs # ICON_CACHE_NEGTTL=259200 ## Web vault settings -WEB_VAULT_FOLDER=/usr/share/bitwarden_rs-web -WEB_VAULT_ENABLED={{ bitwardenrs_web_vault_enable }} +WEB_VAULT_FOLDER=/usr/share/webapps/vaultwarden-web +WEB_VAULT_ENABLED={{ vaultwarden_web_vault_enable }} ## Enables websocket notifications -WEBSOCKET_ENABLED= {{bitwarden_rs_websocket_enabler}} +WEBSOCKET_ENABLED= {{vaultwarden_websocket_enabler}} ## Controls the WebSocket server address and port # WEBSOCKET_ADDRESS=0.0.0.0 - WEBSOCKET_PORT= {{ bitwardenrs_websocket_port }} + WEBSOCKET_PORT= {{ vaultwarden_websocket_port }} ## Enable extended logging, which shows timestamps and targets in the logs # EXTENDED_LOGGING=true @@ -66,7 +66,7 @@ WEBSOCKET_ENABLED= {{bitwarden_rs_websocket_enabler}} ## Logging to file ## It's recommended to also set 'ROCKET_CLI_COLORS=off' -LOG_FILE= {{ bitwardenrs_logfile }} +LOG_FILE= {{ vaultwarden_logfile }} ## Logging to Syslog ## This requires extended logging @@ -83,7 +83,7 @@ LOG_FILE= {{ bitwardenrs_logfile }} ## Enable WAL for the DB ## Set to false to avoid enabling WAL during startup. ## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB, -## this setting only prevents bitwarden_rs from automatically enabling it on start. +## this setting only prevents vaultwarden from automatically enabling it on start. ## Please read project wiki page about this setting first before changing the value as it can ## cause performance degradation or might render the service unable to start. # ENABLE_DB_WAL=true @@ -171,7 +171,7 @@ LOG_FILE= {{ bitwardenrs_logfile }} ## Invitations org admins to invite users, even when signups are disabled # INVITATIONS_ALLOWED=true ## Name shown in the invitation emails that don't come from a specific organization -# INVITATION_ORG_NAME=Bitwarden_RS +# INVITATION_ORG_NAME=vaultwarden ## Per-organization attachment limit (KB) ## Limit in kilobytes for an organization attachments, once the limit is exceeded it won't be possible to upload more @@ -193,7 +193,7 @@ LOG_FILE= {{ bitwardenrs_logfile }} ## It's recommended to configure this value, otherwise certain functionality might not work, ## like attachment downloads, email links and U2F. ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs -DOMAIN= {{ bitwarden_baseURL }} +DOMAIN= {{ vaultwarden_baseURL }} ## Allowed iframe ancestors (Know the risks!) ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors @@ -236,7 +236,7 @@ DOMAIN= {{ bitwarden_baseURL }} ## Rocket specific settings, check Rocket documentation to learn more # ROCKET_ENV=staging # ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app -ROCKET_PORT= {{bitwardenrs_port}} +ROCKET_PORT= {{vaultwarden_port}} # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} ROCKET_LIMITS={json=10485760} @@ -244,8 +244,8 @@ ROCKET_LIMITS={json=10485760} ## To make sure the email links are pointing to the correct host, set the DOMAIN variable. ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory # SMTP_HOST=smtp.domain.tld -# SMTP_FROM=bitwarden-rs@domain.tld -# SMTP_FROM_NAME=Bitwarden_RS +# SMTP_FROM=vaultwarden@domain.tld +# SMTP_FROM_NAME=vaultwarden # SMTP_PORT=587 # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and used with Implicit TLS. # SMTP_SSL=true # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true. Either port 587 or 25 are default. # SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. Usually port 465 is used here. diff --git a/tests/test.yml b/tests/test.yml index fa18112..6ff6d38 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - ansible-bitwardenrs + - ../ansible-vaultwarden diff --git a/vars/Archlinux.yml b/vars/Archlinux.yml index b0edaee..50f63ba 100644 --- a/vars/Archlinux.yml +++ b/vars/Archlinux.yml @@ -1,6 +1,6 @@ --- -bitwardenrs_packages: - - bitwarden_rs - - bitwarden_rs-web +vaultwarden_packages: + - vaultwarden + - vaultwarden-web -bitwardenrs_serviceName: bitwarden_rs +vaultwarden_serviceName: vaultwarden