move bitwardenrs to vaultwarden

This commit is contained in:
vincent 2021-05-08 09:59:30 +02:00
parent e669b2458a
commit 78725a317b
12 changed files with 85 additions and 83 deletions

View File

@ -1,16 +1,16 @@
--- ---
# defaults file for ansible-bitwardenrs # defaults file for ansible-vaultwarden
bitwardenrs_web_vault_enable: True vaultwarden_web_vault_enable: true
bitwarden_baseURL: http://localhost vaultwarden_baseURL: http://localhost
bitwardenrs_port: 8080 vaultwarden_port: 8080
bitwardenrs_websocket_port: 3012 vaultwarden_websocket_port: 3012
bitwarden_rs_websocket_enabler: true vaultwarden_websocket_enabler: true
bitwardenrs_logfile: /var/log/bitwarden_rs.log vaultwarden_logfile: /var/log/vaultwarden.log
# dbtype mange postgresql and mysql # dbtype mange postgresql and mysql
bitwardenrs_db_type: vaultwarden_db_type:
bitwardenrs_db_user: bitwardenrs vaultwarden_db_user: vaultwarden
bitwardenrs_db_name: bitwardenrs vaultwarden_db_name: vaultwarden
bitwardenrs_db_password: bitwardenrs vaultwarden_db_password: vaultwarden
bitwarden_db_host: localhost vaultwarden_db_host: localhost
bitwardenrs_SQl_target_file: vaultwarden_SQl_target_file:
vaultwarden_serviceName: vaultwarden

View File

@ -1,7 +1,7 @@
--- ---
# handlers file for ansible-bitwardenrs # handlers file for ansible-vaultwarden
- name: restart bitwardenrs - name: restart vaultwarden
service: service:
name: "{{ bitwardenrs_serviceName }}" name: "{{ vaultwarden_serviceName }}"
state: restarted state: restarted
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"

View File

@ -0,0 +1,2 @@
install_date: Mon Apr 19 11:34:59 2021
version: ''

View File

@ -1,3 +1,4 @@
---
galaxy_info: galaxy_info:
author: VincentDcmps author: VincentDcmps
description: description:

View File

@ -1,25 +1,26 @@
---
- name: "Ensure database is present" - name: "Ensure database is present"
become: yes become: true
mysql_db: mysql_db:
name: "{{ bitwardenrs_db_name }}" name: "{{ vaultwarden_db_name }}"
collation: utf8mb4_unicode_ci collation: utf8mb4_unicode_ci
encoding: utf8mb4 encoding: utf8mb4
state: present state: present
register: bitwardenrs_database_creation register: vaultwarden_database_creation
- name: import DATA in database in case of creation - name: import DATA in database in case of creation
become: yes become: true
mysql_db: mysql_db:
name: "{{ bitwardenrs_db_name }}" name: "{{ vaultwarden_db_name }}"
state: import state: import
target: "{{bitwardenrs_SQl_target_file}}" target: "{{vaultwarden_SQl_target_file}}"
when: bitwardenrs_database_creation.changed == true and bitwarden_rs_SQl_target_file is defined when: vaultwarden_database_creation.changed == true and vaultwarden_SQl_target_file is defined
- name: "Ensure db user is present" - name: "Ensure db user is present"
become: yes become: true
mysql_user: mysql_user:
name: "{{ bitwardenrs_db_user }}" name: "{{ vaultwarden_db_user }}"
host: localhost host: localhost
password: "{{ bitwardenrs_db_password }}" password: "{{ vaultwarden_db_password }}"
priv: "{{ bitwardenrs_db_name }}.*:ALL" priv: "{{ vaultwarden_db_name }}.*:ALL"
state: present state: present

View File

@ -1,30 +1,30 @@
---
- name: "Ensure db user is present" - name: "Ensure db user is present"
become: yes become: true
become_user: postgres become_user: postgres
postgresql_user: postgresql_user:
name: "{{ bitwardenrs_db_user }}" name: "{{ vaultwarden_db_user }}"
password: "{{ bitwardenrs_db_password }}" password: "{{ vaultwarden_db_password }}"
state: present state: present
- name: "Ensure database is present" - name: "Ensure database is present"
become: yes become: true
become_user: postgres become_user: postgres
postgresql_db: postgresql_db:
name: "{{ bitwardenrs_db_name }}" name: "{{ vaultwarden_db_name }}"
lc_collate: fr_FR.UTF-8 lc_collate: fr_FR.UTF-8
encoding: utf8 encoding: utf8
template: template0 template: template0
owner: "{{ bitwardenrs_db_user }}" owner: "{{ vaultwarden_db_user }}"
state: present state: present
register: bitwardenrs_database_creation register: vaultwarden_database_creation
- name: import DATA in database in case of creation - name: import DATA in database in case of creation
become: yes become: true
become_user: postgres become_user: postgres
postgresql_db: postgresql_db:
name: "{{ bitwardenrs_db_name }}" name: "{{ vaultwarden_db_name }}"
state: restore state: restore
target: "{{ bitwardenrs_SQl_target_file }}" target: "{{ vaultwarden_SQl_target_file }}"
register: bitwardenrs_database_import register: vaultwarden_database_import
when: bitwardenrs_database_creation.changed == true and bitwardenrs_SQl_target_file is defined when: vaultwarden_database_creation.changed == true and vaultwarden_SQl_target_file is defined

View File

@ -1,9 +1,8 @@
--- ---
# tasks file for ansible-bitwardenrs # tasks file for ansible-vaultwarden
- name: select specific Database tasks - name: select specific Database tasks
include_tasks: "database_{{bitwardenrs_db_type}}.yml" include_tasks: "database_{{vaultwarden_db_type}}.yml"
- name: Include OS-specific variables. - name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml" include_vars: "{{ ansible_os_family }}.yml"
@ -13,16 +12,14 @@
- name: apply config file - name: apply config file
template: template:
dest: /etc/bitwarden_rs.env dest: /etc/vaultwarden.env
src: bitwarden_rs.env.j2 src: vaultwarden.env.j2
notify: "restart bitwardenrs" notify: "restart vaultwarden"
- name: apply fail2ban jail - name: apply fail2ban jail
template: template:
src: fail2ban/bitwarden_rs.local.j2 src: fail2ban/vaultwarden.local.j2
dest: /etc/fail2ban/jail.d/bitwarden_rs.local dest: /etc/fail2ban/jail.d/vaultwarden.local
- name: enable systemd services - name: enable systemd services
systemd: systemd:
name: "{{ bitwardenrs_serviceName }}" name: "{{ vaultwarden_serviceName }}"
enabled: True enabled: true

View File

@ -1,4 +1,5 @@
---
- name: install arch packages - name: install arch packages
package: package:
name: "{{ bitwardenrs_packages}}" name: "{{ vaultwarden_packages}}"
state: present state: present

View File

@ -1,9 +1,9 @@
[bitwarden_rs] [vaultwarden]
enabled = true enabled = true
port = 80,443,8081 port = 80,443,8081
filter = bitwarden_rs filter = vaultwarden
banaction = %(banaction_allports)s banaction = %(banaction_allports)s
logpath = {{ bitwardenrs_logfile }} logpath = {{ vaultwarden_logfile }}
maxretry = 3 maxretry = 3
bantime = 14400 bantime = 14400
findtime = 14400 findtime = 14400

View File

@ -1,11 +1,11 @@
## Bitwarden_RS Configuration File ## vaultwarden Configuration File
## Uncomment any of the following lines to change the defaults ## Uncomment any of the following lines to change the defaults
## ##
## Be aware that most of these settings will be overridden if they were changed ## Be aware that most of these settings will be overridden if they were changed
## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json . ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
## Main data folder ## Main data folder
DATA_FOLDER=/var/lib/bitwarden_rs DATA_FOLDER=/var/lib/vaultwarden
## Database URL ## Database URL
## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3 ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
@ -19,8 +19,8 @@ DATA_FOLDER=/var/lib/bitwarden_rs
## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html ## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html
## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
# DATABASE_URL=postgresql://user:password@host[:port]/database_name # DATABASE_URL=postgresql://user:password@host[:port]/database_name
{% if bitwardenrs_db_type %} {% if vaultwarden_db_type %}
DATABASE_URL={{bitwardenrs_db_type}}://{{bitwardenrs_db_user}}:{{bitwardenrs_db_password}}@{{bitwarden_db_host}}/{{bitwardenrs_db_name}} DATABASE_URL={{vaultwarden_db_type}}://{{vaultwarden_db_user}}:{{vaultwarden_db_password}}@{{vaultwarden_db_host}}/{{vaultwarden_db_name}}
{% endif %} {% endif %}
## Database max connections ## Database max connections
## Define the size of the connection pool used for connecting to the database. ## Define the size of the connection pool used for connecting to the database.
@ -47,15 +47,15 @@ DATA_FOLDER=/var/lib/bitwarden_rs
# ICON_CACHE_NEGTTL=259200 # ICON_CACHE_NEGTTL=259200
## Web vault settings ## Web vault settings
WEB_VAULT_FOLDER=/usr/share/bitwarden_rs-web WEB_VAULT_FOLDER=/usr/share/webapps/vaultwarden-web
WEB_VAULT_ENABLED={{ bitwardenrs_web_vault_enable }} WEB_VAULT_ENABLED={{ vaultwarden_web_vault_enable }}
## Enables websocket notifications ## Enables websocket notifications
WEBSOCKET_ENABLED= {{bitwarden_rs_websocket_enabler}} WEBSOCKET_ENABLED= {{vaultwarden_websocket_enabler}}
## Controls the WebSocket server address and port ## Controls the WebSocket server address and port
# WEBSOCKET_ADDRESS=0.0.0.0 # WEBSOCKET_ADDRESS=0.0.0.0
WEBSOCKET_PORT= {{ bitwardenrs_websocket_port }} WEBSOCKET_PORT= {{ vaultwarden_websocket_port }}
## Enable extended logging, which shows timestamps and targets in the logs ## Enable extended logging, which shows timestamps and targets in the logs
# EXTENDED_LOGGING=true # EXTENDED_LOGGING=true
@ -66,7 +66,7 @@ WEBSOCKET_ENABLED= {{bitwarden_rs_websocket_enabler}}
## Logging to file ## Logging to file
## It's recommended to also set 'ROCKET_CLI_COLORS=off' ## It's recommended to also set 'ROCKET_CLI_COLORS=off'
LOG_FILE= {{ bitwardenrs_logfile }} LOG_FILE= {{ vaultwarden_logfile }}
## Logging to Syslog ## Logging to Syslog
## This requires extended logging ## This requires extended logging
@ -83,7 +83,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
## Enable WAL for the DB ## Enable WAL for the DB
## Set to false to avoid enabling WAL during startup. ## Set to false to avoid enabling WAL during startup.
## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB, ## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
## this setting only prevents bitwarden_rs from automatically enabling it on start. ## this setting only prevents vaultwarden from automatically enabling it on start.
## Please read project wiki page about this setting first before changing the value as it can ## Please read project wiki page about this setting first before changing the value as it can
## cause performance degradation or might render the service unable to start. ## cause performance degradation or might render the service unable to start.
# ENABLE_DB_WAL=true # ENABLE_DB_WAL=true
@ -171,7 +171,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
## Invitations org admins to invite users, even when signups are disabled ## Invitations org admins to invite users, even when signups are disabled
# INVITATIONS_ALLOWED=true # INVITATIONS_ALLOWED=true
## Name shown in the invitation emails that don't come from a specific organization ## Name shown in the invitation emails that don't come from a specific organization
# INVITATION_ORG_NAME=Bitwarden_RS # INVITATION_ORG_NAME=vaultwarden
## Per-organization attachment limit (KB) ## Per-organization attachment limit (KB)
## Limit in kilobytes for an organization attachments, once the limit is exceeded it won't be possible to upload more ## Limit in kilobytes for an organization attachments, once the limit is exceeded it won't be possible to upload more
@ -193,7 +193,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
## It's recommended to configure this value, otherwise certain functionality might not work, ## It's recommended to configure this value, otherwise certain functionality might not work,
## like attachment downloads, email links and U2F. ## like attachment downloads, email links and U2F.
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
DOMAIN= {{ bitwarden_baseURL }} DOMAIN= {{ vaultwarden_baseURL }}
## Allowed iframe ancestors (Know the risks!) ## Allowed iframe ancestors (Know the risks!)
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
@ -236,7 +236,7 @@ DOMAIN= {{ bitwarden_baseURL }}
## Rocket specific settings, check Rocket documentation to learn more ## Rocket specific settings, check Rocket documentation to learn more
# ROCKET_ENV=staging # ROCKET_ENV=staging
# ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app # ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app
ROCKET_PORT= {{bitwardenrs_port}} ROCKET_PORT= {{vaultwarden_port}}
# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
ROCKET_LIMITS={json=10485760} ROCKET_LIMITS={json=10485760}
@ -244,8 +244,8 @@ ROCKET_LIMITS={json=10485760}
## To make sure the email links are pointing to the correct host, set the DOMAIN variable. ## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
# SMTP_HOST=smtp.domain.tld # SMTP_HOST=smtp.domain.tld
# SMTP_FROM=bitwarden-rs@domain.tld # SMTP_FROM=vaultwarden@domain.tld
# SMTP_FROM_NAME=Bitwarden_RS # SMTP_FROM_NAME=vaultwarden
# SMTP_PORT=587 # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and used with Implicit TLS. # SMTP_PORT=587 # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and used with Implicit TLS.
# SMTP_SSL=true # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true. Either port 587 or 25 are default. # SMTP_SSL=true # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true. Either port 587 or 25 are default.
# SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. Usually port 465 is used here. # SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. Usually port 465 is used here.

View File

@ -2,4 +2,4 @@
- hosts: localhost - hosts: localhost
remote_user: root remote_user: root
roles: roles:
- ansible-bitwardenrs - ../ansible-vaultwarden

View File

@ -1,6 +1,6 @@
--- ---
bitwardenrs_packages: vaultwarden_packages:
- bitwarden_rs - vaultwarden
- bitwarden_rs-web - vaultwarden-web
bitwardenrs_serviceName: bitwarden_rs vaultwarden_serviceName: vaultwarden