move bitwardenrs to vaultwarden
This commit is contained in:
parent
e669b2458a
commit
78725a317b
@ -1,16 +1,16 @@
|
||||
---
|
||||
# defaults file for ansible-bitwardenrs
|
||||
bitwardenrs_web_vault_enable: True
|
||||
bitwarden_baseURL: http://localhost
|
||||
bitwardenrs_port: 8080
|
||||
bitwardenrs_websocket_port: 3012
|
||||
bitwarden_rs_websocket_enabler: true
|
||||
bitwardenrs_logfile: /var/log/bitwarden_rs.log
|
||||
#dbtype mange postgresql and mysql
|
||||
bitwardenrs_db_type:
|
||||
bitwardenrs_db_user: bitwardenrs
|
||||
bitwardenrs_db_name: bitwardenrs
|
||||
bitwardenrs_db_password: bitwardenrs
|
||||
bitwarden_db_host: localhost
|
||||
bitwardenrs_SQl_target_file:
|
||||
|
||||
# defaults file for ansible-vaultwarden
|
||||
vaultwarden_web_vault_enable: true
|
||||
vaultwarden_baseURL: http://localhost
|
||||
vaultwarden_port: 8080
|
||||
vaultwarden_websocket_port: 3012
|
||||
vaultwarden_websocket_enabler: true
|
||||
vaultwarden_logfile: /var/log/vaultwarden.log
|
||||
# dbtype mange postgresql and mysql
|
||||
vaultwarden_db_type:
|
||||
vaultwarden_db_user: vaultwarden
|
||||
vaultwarden_db_name: vaultwarden
|
||||
vaultwarden_db_password: vaultwarden
|
||||
vaultwarden_db_host: localhost
|
||||
vaultwarden_SQl_target_file:
|
||||
vaultwarden_serviceName: vaultwarden
|
||||
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
# handlers file for ansible-bitwardenrs
|
||||
- name: restart bitwardenrs
|
||||
# handlers file for ansible-vaultwarden
|
||||
- name: restart vaultwarden
|
||||
service:
|
||||
name: "{{ bitwardenrs_serviceName }}"
|
||||
name: "{{ vaultwarden_serviceName }}"
|
||||
state: restarted
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
2
meta/.galaxy_install_info
Normal file
2
meta/.galaxy_install_info
Normal file
@ -0,0 +1,2 @@
|
||||
install_date: Mon Apr 19 11:34:59 2021
|
||||
version: ''
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: VincentDcmps
|
||||
description:
|
||||
|
@ -1,25 +1,26 @@
|
||||
---
|
||||
- name: "Ensure database is present"
|
||||
become: yes
|
||||
become: true
|
||||
mysql_db:
|
||||
name: "{{ bitwardenrs_db_name }}"
|
||||
name: "{{ vaultwarden_db_name }}"
|
||||
collation: utf8mb4_unicode_ci
|
||||
encoding: utf8mb4
|
||||
state: present
|
||||
register: bitwardenrs_database_creation
|
||||
register: vaultwarden_database_creation
|
||||
|
||||
- name: import DATA in database in case of creation
|
||||
become: yes
|
||||
become: true
|
||||
mysql_db:
|
||||
name: "{{ bitwardenrs_db_name }}"
|
||||
name: "{{ vaultwarden_db_name }}"
|
||||
state: import
|
||||
target: "{{bitwardenrs_SQl_target_file}}"
|
||||
when: bitwardenrs_database_creation.changed == true and bitwarden_rs_SQl_target_file is defined
|
||||
target: "{{vaultwarden_SQl_target_file}}"
|
||||
when: vaultwarden_database_creation.changed == true and vaultwarden_SQl_target_file is defined
|
||||
|
||||
- name: "Ensure db user is present"
|
||||
become: yes
|
||||
become: true
|
||||
mysql_user:
|
||||
name: "{{ bitwardenrs_db_user }}"
|
||||
name: "{{ vaultwarden_db_user }}"
|
||||
host: localhost
|
||||
password: "{{ bitwardenrs_db_password }}"
|
||||
priv: "{{ bitwardenrs_db_name }}.*:ALL"
|
||||
password: "{{ vaultwarden_db_password }}"
|
||||
priv: "{{ vaultwarden_db_name }}.*:ALL"
|
||||
state: present
|
||||
|
@ -1,30 +1,30 @@
|
||||
---
|
||||
- name: "Ensure db user is present"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: postgres
|
||||
postgresql_user:
|
||||
name: "{{ bitwardenrs_db_user }}"
|
||||
password: "{{ bitwardenrs_db_password }}"
|
||||
name: "{{ vaultwarden_db_user }}"
|
||||
password: "{{ vaultwarden_db_password }}"
|
||||
state: present
|
||||
|
||||
- name: "Ensure database is present"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: postgres
|
||||
postgresql_db:
|
||||
name: "{{ bitwardenrs_db_name }}"
|
||||
name: "{{ vaultwarden_db_name }}"
|
||||
lc_collate: fr_FR.UTF-8
|
||||
encoding: utf8
|
||||
template: template0
|
||||
owner: "{{ bitwardenrs_db_user }}"
|
||||
owner: "{{ vaultwarden_db_user }}"
|
||||
state: present
|
||||
register: bitwardenrs_database_creation
|
||||
|
||||
register: vaultwarden_database_creation
|
||||
|
||||
- name: import DATA in database in case of creation
|
||||
become: yes
|
||||
become: true
|
||||
become_user: postgres
|
||||
postgresql_db:
|
||||
name: "{{ bitwardenrs_db_name }}"
|
||||
name: "{{ vaultwarden_db_name }}"
|
||||
state: restore
|
||||
target: "{{ bitwardenrs_SQl_target_file }}"
|
||||
register: bitwardenrs_database_import
|
||||
when: bitwardenrs_database_creation.changed == true and bitwardenrs_SQl_target_file is defined
|
||||
target: "{{ vaultwarden_SQl_target_file }}"
|
||||
register: vaultwarden_database_import
|
||||
when: vaultwarden_database_creation.changed == true and vaultwarden_SQl_target_file is defined
|
||||
|
@ -1,9 +1,8 @@
|
||||
---
|
||||
# tasks file for ansible-bitwardenrs
|
||||
# tasks file for ansible-vaultwarden
|
||||
|
||||
- name: select specific Database tasks
|
||||
include_tasks: "database_{{bitwardenrs_db_type}}.yml"
|
||||
|
||||
include_tasks: "database_{{vaultwarden_db_type}}.yml"
|
||||
|
||||
- name: Include OS-specific variables.
|
||||
include_vars: "{{ ansible_os_family }}.yml"
|
||||
@ -13,16 +12,14 @@
|
||||
|
||||
- name: apply config file
|
||||
template:
|
||||
dest: /etc/bitwarden_rs.env
|
||||
src: bitwarden_rs.env.j2
|
||||
notify: "restart bitwardenrs"
|
||||
dest: /etc/vaultwarden.env
|
||||
src: vaultwarden.env.j2
|
||||
notify: "restart vaultwarden"
|
||||
- name: apply fail2ban jail
|
||||
template:
|
||||
src: fail2ban/bitwarden_rs.local.j2
|
||||
dest: /etc/fail2ban/jail.d/bitwarden_rs.local
|
||||
src: fail2ban/vaultwarden.local.j2
|
||||
dest: /etc/fail2ban/jail.d/vaultwarden.local
|
||||
- name: enable systemd services
|
||||
systemd:
|
||||
name: "{{ bitwardenrs_serviceName }}"
|
||||
enabled: True
|
||||
|
||||
|
||||
name: "{{ vaultwarden_serviceName }}"
|
||||
enabled: true
|
||||
|
@ -1,4 +1,5 @@
|
||||
---
|
||||
- name: install arch packages
|
||||
package:
|
||||
name: "{{ bitwardenrs_packages}}"
|
||||
name: "{{ vaultwarden_packages}}"
|
||||
state: present
|
||||
|
@ -1,9 +1,9 @@
|
||||
[bitwarden_rs]
|
||||
[vaultwarden]
|
||||
enabled = true
|
||||
port = 80,443,8081
|
||||
filter = bitwarden_rs
|
||||
filter = vaultwarden
|
||||
banaction = %(banaction_allports)s
|
||||
logpath = {{ bitwardenrs_logfile }}
|
||||
logpath = {{ vaultwarden_logfile }}
|
||||
maxretry = 3
|
||||
bantime = 14400
|
||||
findtime = 14400
|
@ -1,11 +1,11 @@
|
||||
## Bitwarden_RS Configuration File
|
||||
## vaultwarden Configuration File
|
||||
## Uncomment any of the following lines to change the defaults
|
||||
##
|
||||
## Be aware that most of these settings will be overridden if they were changed
|
||||
## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
|
||||
|
||||
## Main data folder
|
||||
DATA_FOLDER=/var/lib/bitwarden_rs
|
||||
DATA_FOLDER=/var/lib/vaultwarden
|
||||
|
||||
## Database URL
|
||||
## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
|
||||
@ -19,8 +19,8 @@ DATA_FOLDER=/var/lib/bitwarden_rs
|
||||
## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html
|
||||
## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|
||||
# DATABASE_URL=postgresql://user:password@host[:port]/database_name
|
||||
{% if bitwardenrs_db_type %}
|
||||
DATABASE_URL={{bitwardenrs_db_type}}://{{bitwardenrs_db_user}}:{{bitwardenrs_db_password}}@{{bitwarden_db_host}}/{{bitwardenrs_db_name}}
|
||||
{% if vaultwarden_db_type %}
|
||||
DATABASE_URL={{vaultwarden_db_type}}://{{vaultwarden_db_user}}:{{vaultwarden_db_password}}@{{vaultwarden_db_host}}/{{vaultwarden_db_name}}
|
||||
{% endif %}
|
||||
## Database max connections
|
||||
## Define the size of the connection pool used for connecting to the database.
|
||||
@ -47,15 +47,15 @@ DATA_FOLDER=/var/lib/bitwarden_rs
|
||||
# ICON_CACHE_NEGTTL=259200
|
||||
|
||||
## Web vault settings
|
||||
WEB_VAULT_FOLDER=/usr/share/bitwarden_rs-web
|
||||
WEB_VAULT_ENABLED={{ bitwardenrs_web_vault_enable }}
|
||||
WEB_VAULT_FOLDER=/usr/share/webapps/vaultwarden-web
|
||||
WEB_VAULT_ENABLED={{ vaultwarden_web_vault_enable }}
|
||||
|
||||
## Enables websocket notifications
|
||||
WEBSOCKET_ENABLED= {{bitwarden_rs_websocket_enabler}}
|
||||
WEBSOCKET_ENABLED= {{vaultwarden_websocket_enabler}}
|
||||
|
||||
## Controls the WebSocket server address and port
|
||||
# WEBSOCKET_ADDRESS=0.0.0.0
|
||||
WEBSOCKET_PORT= {{ bitwardenrs_websocket_port }}
|
||||
WEBSOCKET_PORT= {{ vaultwarden_websocket_port }}
|
||||
|
||||
## Enable extended logging, which shows timestamps and targets in the logs
|
||||
# EXTENDED_LOGGING=true
|
||||
@ -66,7 +66,7 @@ WEBSOCKET_ENABLED= {{bitwarden_rs_websocket_enabler}}
|
||||
|
||||
## Logging to file
|
||||
## It's recommended to also set 'ROCKET_CLI_COLORS=off'
|
||||
LOG_FILE= {{ bitwardenrs_logfile }}
|
||||
LOG_FILE= {{ vaultwarden_logfile }}
|
||||
|
||||
## Logging to Syslog
|
||||
## This requires extended logging
|
||||
@ -83,7 +83,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
|
||||
## Enable WAL for the DB
|
||||
## Set to false to avoid enabling WAL during startup.
|
||||
## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
|
||||
## this setting only prevents bitwarden_rs from automatically enabling it on start.
|
||||
## this setting only prevents vaultwarden from automatically enabling it on start.
|
||||
## Please read project wiki page about this setting first before changing the value as it can
|
||||
## cause performance degradation or might render the service unable to start.
|
||||
# ENABLE_DB_WAL=true
|
||||
@ -171,7 +171,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
|
||||
## Invitations org admins to invite users, even when signups are disabled
|
||||
# INVITATIONS_ALLOWED=true
|
||||
## Name shown in the invitation emails that don't come from a specific organization
|
||||
# INVITATION_ORG_NAME=Bitwarden_RS
|
||||
# INVITATION_ORG_NAME=vaultwarden
|
||||
|
||||
## Per-organization attachment limit (KB)
|
||||
## Limit in kilobytes for an organization attachments, once the limit is exceeded it won't be possible to upload more
|
||||
@ -193,7 +193,7 @@ LOG_FILE= {{ bitwardenrs_logfile }}
|
||||
## It's recommended to configure this value, otherwise certain functionality might not work,
|
||||
## like attachment downloads, email links and U2F.
|
||||
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
|
||||
DOMAIN= {{ bitwarden_baseURL }}
|
||||
DOMAIN= {{ vaultwarden_baseURL }}
|
||||
|
||||
## Allowed iframe ancestors (Know the risks!)
|
||||
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
|
||||
@ -236,7 +236,7 @@ DOMAIN= {{ bitwarden_baseURL }}
|
||||
## Rocket specific settings, check Rocket documentation to learn more
|
||||
# ROCKET_ENV=staging
|
||||
# ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app
|
||||
ROCKET_PORT= {{bitwardenrs_port}}
|
||||
ROCKET_PORT= {{vaultwarden_port}}
|
||||
# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
|
||||
ROCKET_LIMITS={json=10485760}
|
||||
|
||||
@ -244,8 +244,8 @@ ROCKET_LIMITS={json=10485760}
|
||||
## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
|
||||
## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
|
||||
# SMTP_HOST=smtp.domain.tld
|
||||
# SMTP_FROM=bitwarden-rs@domain.tld
|
||||
# SMTP_FROM_NAME=Bitwarden_RS
|
||||
# SMTP_FROM=vaultwarden@domain.tld
|
||||
# SMTP_FROM_NAME=vaultwarden
|
||||
# SMTP_PORT=587 # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and used with Implicit TLS.
|
||||
# SMTP_SSL=true # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true. Either port 587 or 25 are default.
|
||||
# SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. Usually port 465 is used here.
|
@ -2,4 +2,4 @@
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- ansible-bitwardenrs
|
||||
- ../ansible-vaultwarden
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
bitwardenrs_packages:
|
||||
- bitwarden_rs
|
||||
- bitwarden_rs-web
|
||||
vaultwarden_packages:
|
||||
- vaultwarden
|
||||
- vaultwarden-web
|
||||
|
||||
bitwardenrs_serviceName: bitwarden_rs
|
||||
vaultwarden_serviceName: vaultwarden
|
||||
|
Loading…
Reference in New Issue
Block a user