Add bitwarden_rs

This commit is contained in:
Jake Howard 2021-03-21 18:47:20 +00:00
parent 65f9206b95
commit d4477c4bea
Signed by: jake
GPG key ID: 57AFB45680EDD477
5 changed files with 77 additions and 0 deletions

View file

@ -61,6 +61,7 @@
- yourls - yourls
- pve_nebula_route - pve_nebula_route
- privatebin - privatebin
- bitwarden_rs
- hosts: ingress - hosts: ingress
roles: roles:

View file

@ -0,0 +1,47 @@
version: '3'
services:
bitwarden:
image: bitwardenrs/server:1.19.0-alpine
restart: unless-stopped
user: "{{ docker_user.id }}:{{ docker_user.id }}"
volumes:
- "{{ app_data_dir }}/bitwarden_rs/:/data"
depends_on:
- db
labels:
- traefik.enable=true
- traefik.http.routers.bitwarden-ui.rule=Host(`bw.jakehoward.tech`)
- traefik.http.routers.bitwarden-ui.service=bitwarden-ui
- traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
- traefik.http.routers.bitwarden-ui.tls.certresolver=le
- traefik.http.routers.bitwarden-websocket.rule=Host(`bw.jakehoward.tech`) && Path(`/notifications/hub`)
- traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket
- traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
- traefik.http.routers.bitwarden-websocket.tls.certresolver=le
- traefik.http.middlewares.bw-ratelimit.ratelimit.average=5
- traefik.http.middlewares.bw-ratelimit.ratelimit.burst=1000
- traefik.http.middlewares.bw-compress.compress=true
- traefik.http.routers.bitwarden-ui.middlewares=bw-ratelimit,bw-compress
- traefik.http.routers.bitwarden-websocket.middlewares=bw-ratelimit,bw-compress
environment:
- SIGNUPS_ALLOWED=false
- DOMAIN=https://bw.jakehoward.tech
- SHOW_PASSWORD_HINT=false
- DATABASE_URL=postgres://bitwarden:{{ bitwarden_database_password }}@db/bitwarden
- INVITATIONS_ALLOWED=false
- ROCKET_WORKERS=2
- WEBSOCKET_ENABLED=true
db:
image: postgres:12-alpine
restart: unless-stopped
volumes:
- /mnt/tank/dbs/postgres/bitwarden_rs/:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD={{ bitwarden_database_password }}
- POSTGRES_USER=bitwarden

View file

@ -0,0 +1,4 @@
- name: restart bitwarden_rs
shell:
chdir: /opt/bitwarden_rs
cmd: "{{ docker_update_command }}"

View file

@ -0,0 +1,17 @@
- name: Create install directory
file:
path: /opt/bitwarden_rs
state: directory
owner: "{{ docker_user.name }}"
mode: "{{ docker_compose_directory_mask }}"
become: true
- name: Install compose file
template:
src: files/docker-compose.yml
dest: /opt/bitwarden_rs/docker-compose.yml
mode: "{{ docker_compose_file_mask }}"
owner: "{{ docker_user.name }}"
validate: docker-compose -f %s config
notify: restart bitwarden_rs
become: true

View file

@ -0,0 +1,8 @@
bitwarden_database_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
37666163343038663763633038323938383665386463666239313431626334613432346462656366
3937363766396236326333353332393564623736336535630a333930613864396536366330633438
37376637646561636238646636356533343837376336636637646434383731316264353462383039
3138666164623437360a306538323263313966633631653739313435646435363236303066663938
34336366313439356434353333373963633666306463323662353033393832356462666163613161
3031623933363563343163376564373066613634356237643663