systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 17 Activity Actions

Update bitwarden_rs to vaultwarden

Browse source 
I'll do the full rename of everything another time
This commit is contained in:
Jake Howard 2021-05-01 23:00:37 +01:00
parent f2d3cb0835
commit a669e34f57
Signed by: jake
GPG key ID: 57AFB45680EDD477
7 changed files with 56 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ansible/main.yml
View file

@ -63,7 +63,7 @@
- yourls - yourls
- pve_nebula_route - pve_nebula_route
- privatebin - privatebin
- bitwarden_rs - vaultwarden
- hosts: ingress - hosts: ingress
roles: roles:

48
ansible/roles/bitwarden_rs/files/docker-compose.yml
View file

@ -1,48 +0,0 @@
version: "2.3"
services:
bitwarden:
image: bitwardenrs/server:1.20.0-alpine
restart: unless-stopped
user: "{{ docker_user.id }}:{{ docker_user.id }}"
volumes:
- "{{ app_data_dir }}/bitwarden_rs/:/data"
depends_on:
- db
dns: 1.1.1.1
labels:
- traefik.enable=true
- traefik.http.routers.bitwarden-ui.rule=Host(`bw.jakehoward.tech`)
- traefik.http.routers.bitwarden-ui.service=bitwarden-ui
- traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
- traefik.http.routers.bitwarden-ui.tls.certresolver=le
- traefik.http.routers.bitwarden-websocket.rule=Host(`bw.jakehoward.tech`) && Path(`/notifications/hub`)
- traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket
- traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
- traefik.http.routers.bitwarden-websocket.tls.certresolver=le
- traefik.http.middlewares.bw-ratelimit.ratelimit.average=5
- traefik.http.middlewares.bw-ratelimit.ratelimit.burst=1000
- traefik.http.middlewares.bw-compress.compress=true
- traefik.http.routers.bitwarden-ui.middlewares=bw-ratelimit,bw-compress
- traefik.http.routers.bitwarden-websocket.middlewares=bw-ratelimit,bw-compress
environment:
- SIGNUPS_ALLOWED=false
- DOMAIN=https://bw.jakehoward.tech
- SHOW_PASSWORD_HINT=false
- DATABASE_URL=postgres://bitwarden:{{ bitwarden_database_password }}@db/bitwarden
- INVITATIONS_ALLOWED=false
- ROCKET_WORKERS={{ ansible_processor_nproc }}
- WEBSOCKET_ENABLED=true
db:
image: postgres:12-alpine
restart: unless-stopped
volumes:
- /mnt/tank/dbs/postgres/bitwarden_rs/:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD={{ bitwarden_database_password }}
- POSTGRES_USER=bitwarden

4
ansible/roles/bitwarden_rs/handlers/main.yml
View file

@ -1,4 +0,0 @@
- name: restart bitwarden_rs
shell:
chdir: /opt/bitwarden_rs
cmd: "{{ docker_update_command }}"

48
ansible/roles/vaultwarden/files/docker-compose.yml Normal file
View file

@ -0,0 +1,48 @@
version: "2.3"
services:
vaultwarden:
image: vaultwarden/server:1.21.0-alpine
restart: unless-stopped
user: "{{ docker_user.id }}:{{ docker_user.id }}"
volumes:
- "{{ app_data_dir }}/vaultwarden/:/data"
depends_on:
- db
dns: 1.1.1.1
labels:
- traefik.enable=true
- traefik.http.routers.vaultwarden-ui.rule=Host(`bw.jakehoward.tech`)
- traefik.http.routers.vaultwarden-ui.service=vaultwarden-ui
- traefik.http.services.vaultwarden-ui.loadbalancer.server.port=80
- traefik.http.routers.vaultwarden-ui.tls.certresolver=le
- traefik.http.routers.vaultwarden-websocket.rule=Host(`bw.jakehoward.tech`) && Path(`/notifications/hub`)
- traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket
- traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012
- traefik.http.routers.vaultwarden-websocket.tls.certresolver=le
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=1000
- traefik.http.middlewares.vaultwarden-compress.compress=true
- traefik.http.routers.vaultwarden-ui.middlewares=vaultwarden-ratelimit,vaultwarden-compress
- traefik.http.routers.vaultwarden-websocket.middlewares=vaultwarden-ratelimit,vaultwarden-compress
environment:
- SIGNUPS_ALLOWED=false
- DOMAIN=https://bw.jakehoward.tech
- SHOW_PASSWORD_HINT=false
- DATABASE_URL=postgres://bitwarden:{{ bitwarden_database_password }}@db/bitwarden
- INVITATIONS_ALLOWED=false
- ROCKET_WORKERS={{ ansible_processor_nproc }}
- WEBSOCKET_ENABLED=true
db:
image: postgres:12-alpine
restart: unless-stopped
volumes:
- /mnt/tank/dbs/postgres/vaultwarden/:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD={{ bitwarden_database_password }}
- POSTGRES_USER=bitwarden

4
ansible/roles/vaultwarden/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
- name: restart vaultwarden
shell:
chdir: /opt/vaultwarden
cmd: "{{ docker_update_command }}"

6
ansible/roles/bitwarden_rs/tasks/main.yml → ansible/roles/vaultwarden/tasks/main.yml
View file

@ -1,6 +1,6 @@
- name: Create install directory - name: Create install directory
file: file:
path: /opt/bitwarden_rs path: /opt/vaultwarden
state: directory state: directory
owner: "{{ docker_user.name }}" owner: "{{ docker_user.name }}"
mode: "{{ docker_compose_directory_mask }}" mode: "{{ docker_compose_directory_mask }}"
@ -9,9 +9,9 @@
- name: Install compose file - name: Install compose file
template: template:
src: files/docker-compose.yml src: files/docker-compose.yml
dest: /opt/bitwarden_rs/docker-compose.yml dest: /opt/vaultwarden/docker-compose.yml
mode: "{{ docker_compose_file_mask }}" mode: "{{ docker_compose_file_mask }}"
owner: "{{ docker_user.name }}" owner: "{{ docker_user.name }}"
validate: docker-compose -f %s config validate: docker-compose -f %s config
notify: restart bitwarden_rs notify: restart vaultwarden
become: true become: true

0
ansible/roles/bitwarden_rs/vars/main.yml → ansible/roles/vaultwarden/vars/main.yml
View file