feat: Implement first version
This commit is contained in:
commit
c2ff591a12
GPG Key ID:
286421EC53998B22
19
.editorconfig
Normal file
19
.editorconfig
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
# EditorConfig: http://EditorConfig.org
|
||||
|
||||
# top-most EditorConfig file
|
||||
root = true
|
||||
|
||||
# Defaults for all editor files
|
||||
[*]
|
||||
insert_final_newline = true
|
||||
indent_style = space
|
||||
indent_size = 4
|
||||
trim_trailing_whitespace = true
|
||||
|
||||
# Files with a smaller indent
|
||||
[*.yml]
|
||||
indent_size = 2
|
||||
|
||||
# Jinja2 template files
|
||||
[*.j2]
|
||||
end_of_line = lf
|
||||
20
.gitignore
vendored
Normal file
20
.gitignore
vendored
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
local-configure.yml
|
||||
.vagrant/
|
||||
docs/_build/
|
||||
roles/plone.plone_server
|
||||
roles/jnv.unattended-upgrades
|
||||
roles/tersmitten.fail2ban
|
||||
roles/ANXS.hostname
|
||||
roles/ANXS.apt
|
||||
._*
|
||||
bin/
|
||||
lib/
|
||||
include/
|
||||
local/
|
||||
tests.out
|
||||
*.retry
|
||||
*.log
|
||||
vbox_host.cfg
|
||||
.DS_Store
|
||||
*.py[co]
|
||||
.idea/
|
||||
2
ansible.cfg
Normal file
2
ansible.cfg
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[defaults]
|
||||
roles_path: ./../
|
||||
3
defaults/main.yml
Normal file
3
defaults/main.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
vaultwarden_version: "1.29.2"
|
||||
vaultwarden_identifier: "default"
|
||||
4
handlers/main.yml
Normal file
4
handlers/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
- name: "Restart Vaultwarden"
|
||||
ansible.builtin.service:
|
||||
name: vaultwarden-{{ vaultwarden_identifier }}
|
||||
state: restarted
|
||||
2
handlers/requirements.yml
Normal file
2
handlers/requirements.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
- name: role-traefik
|
||||
src: https://git.dragse.it/ansible/role-traefik
|
||||
38
meta/main.yml
Normal file
38
meta/main.yml
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
galaxy_info:
|
||||
author: Lennard Brinkhaus
|
||||
description: Install and manage a Traefik
|
||||
company: DragSE
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
min_ansible_version: "2.1"
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
license: None
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- all
|
||||
|
||||
galaxy_tags:
|
||||
- vaultwarden
|
||||
|
||||
dependencies: [
|
||||
role-traefik
|
||||
]
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
35
tasks/main.yml
Normal file
35
tasks/main.yml
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
- name: Create podman folder
|
||||
file:
|
||||
path: /etc/containers/systemd
|
||||
state: directory
|
||||
mode: 0775
|
||||
recurse: yes
|
||||
|
||||
- name: Create data folder
|
||||
file:
|
||||
path: "/var/vaultwarden/{{ vaultwarden_identifier }}"
|
||||
state: directory
|
||||
mode: 0775
|
||||
recurse: yes
|
||||
|
||||
- name: Setup Podman quadlet
|
||||
block:
|
||||
- name: Copy vaultwarden.container
|
||||
ansible.builtin.template:
|
||||
src: vaultwarden.quadlet.j2
|
||||
dest: "/etc/containers/systemd/vaultwarden-{{ vaultwarden_identifier }}.container"
|
||||
|
||||
- name: "Reload systemd"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: Start Vaultwardne
|
||||
systemd_service:
|
||||
enabled: true
|
||||
name: vaultwarden-{{ vaultwarden_identifier }}
|
||||
state: started
|
||||
notify:
|
||||
- Restart traefik
|
||||
|
||||
40
templates/vaultwarden.quadlet.j2
Normal file
40
templates/vaultwarden.quadlet.j2
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
[Unit]
|
||||
Description=Vaultwarden
|
||||
|
||||
[Container]
|
||||
ContainerName=vaultwarden-{{ vaultwarden_identifier }}
|
||||
Image=docker.io/library/vaultwarden/server:{{ traefik_version }}
|
||||
|
||||
Environment=TZ=Europe/Berlin
|
||||
Environment=DOMAIN=https://{{ vaultwarden_url }}
|
||||
|
||||
Network=traefik.network
|
||||
|
||||
Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data
|
||||
|
||||
|
||||
NoNewPrivileges=true
|
||||
DropCapability=All
|
||||
|
||||
#UserNS=keep-id
|
||||
# Required to access the Podman Socket
|
||||
#SecurityLabelDisable=true
|
||||
PodmanArgs=--userns=keep-id --security-opt label=disable
|
||||
|
||||
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls.certresolver=resolver"
|
||||
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls=true"
|
||||
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)"
|
||||
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.loadbalancer.server.port=80"
|
||||
|
||||
[Service]
|
||||
Restart=on-failure
|
||||
# Restart Delay
|
||||
RestartSec=30
|
||||
# Allowed time for the service to start.
|
||||
TimeoutStartSec=90
|
||||
# Allowed time for the service to stop.
|
||||
TimeoutStopSec=90
|
||||
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
Loading…
Reference in New Issue
Block a user