feat: Implement first version

This commit is contained in:
Lennard Brinkhaus 2023-09-19 23:33:32 +02:00
commit c2ff591a12
Signed by: lennard.brinkhaus
GPG Key ID: 286421EC53998B22
9 changed files with 163 additions and 0 deletions

19
.editorconfig Normal file
View File

@ -0,0 +1,19 @@
# EditorConfig: http://EditorConfig.org
# top-most EditorConfig file
root = true
# Defaults for all editor files
[*]
insert_final_newline = true
indent_style = space
indent_size = 4
trim_trailing_whitespace = true
# Files with a smaller indent
[*.yml]
indent_size = 2
# Jinja2 template files
[*.j2]
end_of_line = lf

20
.gitignore vendored Normal file
View File

@ -0,0 +1,20 @@
local-configure.yml
.vagrant/
docs/_build/
roles/plone.plone_server
roles/jnv.unattended-upgrades
roles/tersmitten.fail2ban
roles/ANXS.hostname
roles/ANXS.apt
._*
bin/
lib/
include/
local/
tests.out
*.retry
*.log
vbox_host.cfg
.DS_Store
*.py[co]
.idea/

2
ansible.cfg Normal file
View File

@ -0,0 +1,2 @@
[defaults]
roles_path: ./../

3
defaults/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
vaultwarden_version: "1.29.2"
vaultwarden_identifier: "default"

4
handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: "Restart Vaultwarden"
ansible.builtin.service:
name: vaultwarden-{{ vaultwarden_identifier }}
state: restarted

View File

@ -0,0 +1,2 @@
- name: role-traefik
src: https://git.dragse.it/ansible/role-traefik

38
meta/main.yml Normal file
View File

@ -0,0 +1,38 @@
galaxy_info:
author: Lennard Brinkhaus
description: Install and manage a Traefik
company: DragSE
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
min_ansible_version: "2.1"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
license: None
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- vaultwarden
dependencies: [
role-traefik
]
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

35
tasks/main.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Create podman folder
file:
path: /etc/containers/systemd
state: directory
mode: 0775
recurse: yes
- name: Create data folder
file:
path: "/var/vaultwarden/{{ vaultwarden_identifier }}"
state: directory
mode: 0775
recurse: yes
- name: Setup Podman quadlet
block:
- name: Copy vaultwarden.container
ansible.builtin.template:
src: vaultwarden.quadlet.j2
dest: "/etc/containers/systemd/vaultwarden-{{ vaultwarden_identifier }}.container"
- name: "Reload systemd"
ansible.builtin.systemd:
daemon_reload: true
when: ansible_service_mgr == "systemd"
- name: Start Vaultwardne
systemd_service:
enabled: true
name: vaultwarden-{{ vaultwarden_identifier }}
state: started
notify:
- Restart traefik

View File

@ -0,0 +1,40 @@
[Unit]
Description=Vaultwarden
[Container]
ContainerName=vaultwarden-{{ vaultwarden_identifier }}
Image=docker.io/library/vaultwarden/server:{{ traefik_version }}
Environment=TZ=Europe/Berlin
Environment=DOMAIN=https://{{ vaultwarden_url }}
Network=traefik.network
Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data
NoNewPrivileges=true
DropCapability=All
#UserNS=keep-id
# Required to access the Podman Socket
#SecurityLabelDisable=true
PodmanArgs=--userns=keep-id --security-opt label=disable
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls.certresolver=resolver"
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls=true"
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)"
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.loadbalancer.server.port=80"
[Service]
Restart=on-failure
# Restart Delay
RestartSec=30
# Allowed time for the service to start.
TimeoutStartSec=90
# Allowed time for the service to stop.
TimeoutStopSec=90
[Install]
WantedBy=default.target