feat: Implement first version

.editorconfig

@@ -0,0 +1,19 @@
+# EditorConfig: http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Defaults for all editor files
+[*]
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+# Files with a smaller indent
+[*.yml]
+indent_size = 2
+
+# Jinja2 template files
+[*.j2]
+end_of_line = lf

.gitignore

@@ -0,0 +1,20 @@
+local-configure.yml
+.vagrant/
+docs/_build/
+roles/plone.plone_server
+roles/jnv.unattended-upgrades
+roles/tersmitten.fail2ban
+roles/ANXS.hostname
+roles/ANXS.apt
+._*
+bin/
+lib/
+include/
+local/
+tests.out
+*.retry
+*.log
+vbox_host.cfg
+.DS_Store
+*.py[co]
+.idea/

ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+roles_path: ./../

defaults/main.yml

@@ -0,0 +1,3 @@
+---
+vaultwarden_version: "1.29.2"
+vaultwarden_identifier: "default"

handlers/main.yml

@@ -0,0 +1,4 @@
+- name: "Restart Vaultwarden"
+  ansible.builtin.service:
+    name: vaultwarden-{{ vaultwarden_identifier }}
+    state: restarted

handlers/requirements.yml

@@ -0,0 +1,2 @@
+- name: role-traefik
+  src: https://git.dragse.it/ansible/role-traefik

meta/main.yml

@@ -0,0 +1,38 @@
+galaxy_info:
+  author: Lennard Brinkhaus
+  description: Install and manage a Traefik
+  company: DragSE
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  min_ansible_version: "2.1"
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  license: None
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: Debian
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+
+  galaxy_tags:
+    - vaultwarden
+
+dependencies: [
+  role-traefik
+]
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.

tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Create podman folder
+  file:
+    path: /etc/containers/systemd
+    state: directory
+    mode: 0775
+    recurse: yes
+
+- name: Create data folder
+  file:
+    path: "/var/vaultwarden/{{ vaultwarden_identifier }}"
+    state: directory
+    mode: 0775
+    recurse: yes
+
+- name: Setup Podman quadlet
+  block:
+    - name: Copy vaultwarden.container
+      ansible.builtin.template:
+        src: vaultwarden.quadlet.j2
+        dest: "/etc/containers/systemd/vaultwarden-{{ vaultwarden_identifier }}.container"
+
+    - name: "Reload systemd"
+      ansible.builtin.systemd:
+        daemon_reload: true
+      when: ansible_service_mgr == "systemd"
+
+    - name: Start Vaultwardne
+      systemd_service:
+        enabled: true
+        name: vaultwarden-{{ vaultwarden_identifier }}
+        state: started
+  notify:
+    - Restart traefik
+

templates/vaultwarden.quadlet.j2

@@ -0,0 +1,40 @@
+[Unit]
+Description=Vaultwarden
+
+[Container]
+ContainerName=vaultwarden-{{ vaultwarden_identifier }}
+Image=docker.io/library/vaultwarden/server:{{ traefik_version }}
+
+Environment=TZ=Europe/Berlin
+Environment=DOMAIN=https://{{ vaultwarden_url }}
+
+Network=traefik.network
+
+Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data
+
+
+NoNewPrivileges=true
+DropCapability=All
+
+#UserNS=keep-id
+# Required to access the Podman Socket
+#SecurityLabelDisable=true
+PodmanArgs=--userns=keep-id --security-opt label=disable
+
+Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls.certresolver=resolver"
+Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls=true"
+Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)"
+Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.loadbalancer.server.port=80"
+
+[Service]
+Restart=on-failure
+# Restart Delay
+RestartSec=30
+# Allowed time for the service to start.
+TimeoutStartSec=90
+# Allowed time for the service to stop.
+TimeoutStopSec=90
+
+
+[Install]
+WantedBy=default.target