From c2ff591a12bd81ab6dcbca43fe6a42a345663701 Mon Sep 17 00:00:00 2001 From: Lennard Brinkhaus Date: Tue, 19 Sep 2023 23:33:32 +0200 Subject: [PATCH] feat: Implement first version --- .editorconfig | 19 +++++++++++++++ .gitignore | 20 ++++++++++++++++ ansible.cfg | 2 ++ defaults/main.yml | 3 +++ handlers/main.yml | 4 ++++ handlers/requirements.yml | 2 ++ meta/main.yml | 38 ++++++++++++++++++++++++++++++ tasks/main.yml | 35 ++++++++++++++++++++++++++++ templates/vaultwarden.quadlet.j2 | 40 ++++++++++++++++++++++++++++++++ 9 files changed, 163 insertions(+) create mode 100644 .editorconfig create mode 100644 .gitignore create mode 100644 ansible.cfg create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 handlers/requirements.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/vaultwarden.quadlet.j2 diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ab9fdb4 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,19 @@ +# EditorConfig: http://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Defaults for all editor files +[*] +insert_final_newline = true +indent_style = space +indent_size = 4 +trim_trailing_whitespace = true + +# Files with a smaller indent +[*.yml] +indent_size = 2 + +# Jinja2 template files +[*.j2] +end_of_line = lf \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5b396ab --- /dev/null +++ b/.gitignore @@ -0,0 +1,20 @@ +local-configure.yml +.vagrant/ +docs/_build/ +roles/plone.plone_server +roles/jnv.unattended-upgrades +roles/tersmitten.fail2ban +roles/ANXS.hostname +roles/ANXS.apt +._* +bin/ +lib/ +include/ +local/ +tests.out +*.retry +*.log +vbox_host.cfg +.DS_Store +*.py[co] +.idea/ diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..17c134e --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path: ./../ diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..21872f8 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +vaultwarden_version: "1.29.2" +vaultwarden_identifier: "default" \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..be2e28b --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +- name: "Restart Vaultwarden" + ansible.builtin.service: + name: vaultwarden-{{ vaultwarden_identifier }} + state: restarted diff --git a/handlers/requirements.yml b/handlers/requirements.yml new file mode 100644 index 0000000..37553ac --- /dev/null +++ b/handlers/requirements.yml @@ -0,0 +1,2 @@ +- name: role-traefik + src: https://git.dragse.it/ansible/role-traefik diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..bdcb8bd --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,38 @@ +galaxy_info: + author: Lennard Brinkhaus + description: Install and manage a Traefik + company: DragSE + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + min_ansible_version: "2.1" + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + license: None + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + + galaxy_tags: + - vaultwarden + +dependencies: [ + role-traefik +] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..08878f6 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: Create podman folder + file: + path: /etc/containers/systemd + state: directory + mode: 0775 + recurse: yes + +- name: Create data folder + file: + path: "/var/vaultwarden/{{ vaultwarden_identifier }}" + state: directory + mode: 0775 + recurse: yes + +- name: Setup Podman quadlet + block: + - name: Copy vaultwarden.container + ansible.builtin.template: + src: vaultwarden.quadlet.j2 + dest: "/etc/containers/systemd/vaultwarden-{{ vaultwarden_identifier }}.container" + + - name: "Reload systemd" + ansible.builtin.systemd: + daemon_reload: true + when: ansible_service_mgr == "systemd" + + - name: Start Vaultwardne + systemd_service: + enabled: true + name: vaultwarden-{{ vaultwarden_identifier }} + state: started + notify: + - Restart traefik + diff --git a/templates/vaultwarden.quadlet.j2 b/templates/vaultwarden.quadlet.j2 new file mode 100644 index 0000000..d4a5015 --- /dev/null +++ b/templates/vaultwarden.quadlet.j2 @@ -0,0 +1,40 @@ +[Unit] +Description=Vaultwarden + +[Container] +ContainerName=vaultwarden-{{ vaultwarden_identifier }} +Image=docker.io/library/vaultwarden/server:{{ traefik_version }} + +Environment=TZ=Europe/Berlin +Environment=DOMAIN=https://{{ vaultwarden_url }} + +Network=traefik.network + +Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data + + +NoNewPrivileges=true +DropCapability=All + +#UserNS=keep-id +# Required to access the Podman Socket +#SecurityLabelDisable=true +PodmanArgs=--userns=keep-id --security-opt label=disable + +Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls.certresolver=resolver" +Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls=true" +Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)" +Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.loadbalancer.server.port=80" + +[Service] +Restart=on-failure +# Restart Delay +RestartSec=30 +# Allowed time for the service to start. +TimeoutStartSec=90 +# Allowed time for the service to stop. +TimeoutStopSec=90 + + +[Install] +WantedBy=default.target