feat: Implement first version
This commit is contained in:
commit
c2ff591a12
19
.editorconfig
Normal file
19
.editorconfig
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# EditorConfig: http://EditorConfig.org
|
||||||
|
|
||||||
|
# top-most EditorConfig file
|
||||||
|
root = true
|
||||||
|
|
||||||
|
# Defaults for all editor files
|
||||||
|
[*]
|
||||||
|
insert_final_newline = true
|
||||||
|
indent_style = space
|
||||||
|
indent_size = 4
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
|
||||||
|
# Files with a smaller indent
|
||||||
|
[*.yml]
|
||||||
|
indent_size = 2
|
||||||
|
|
||||||
|
# Jinja2 template files
|
||||||
|
[*.j2]
|
||||||
|
end_of_line = lf
|
20
.gitignore
vendored
Normal file
20
.gitignore
vendored
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
local-configure.yml
|
||||||
|
.vagrant/
|
||||||
|
docs/_build/
|
||||||
|
roles/plone.plone_server
|
||||||
|
roles/jnv.unattended-upgrades
|
||||||
|
roles/tersmitten.fail2ban
|
||||||
|
roles/ANXS.hostname
|
||||||
|
roles/ANXS.apt
|
||||||
|
._*
|
||||||
|
bin/
|
||||||
|
lib/
|
||||||
|
include/
|
||||||
|
local/
|
||||||
|
tests.out
|
||||||
|
*.retry
|
||||||
|
*.log
|
||||||
|
vbox_host.cfg
|
||||||
|
.DS_Store
|
||||||
|
*.py[co]
|
||||||
|
.idea/
|
2
ansible.cfg
Normal file
2
ansible.cfg
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
[defaults]
|
||||||
|
roles_path: ./../
|
3
defaults/main.yml
Normal file
3
defaults/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
vaultwarden_version: "1.29.2"
|
||||||
|
vaultwarden_identifier: "default"
|
4
handlers/main.yml
Normal file
4
handlers/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: "Restart Vaultwarden"
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: vaultwarden-{{ vaultwarden_identifier }}
|
||||||
|
state: restarted
|
2
handlers/requirements.yml
Normal file
2
handlers/requirements.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
- name: role-traefik
|
||||||
|
src: https://git.dragse.it/ansible/role-traefik
|
38
meta/main.yml
Normal file
38
meta/main.yml
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
galaxy_info:
|
||||||
|
author: Lennard Brinkhaus
|
||||||
|
description: Install and manage a Traefik
|
||||||
|
company: DragSE
|
||||||
|
|
||||||
|
# If the issue tracker for your role is not on github, uncomment the
|
||||||
|
# next line and provide a value
|
||||||
|
# issue_tracker_url: http://example.com/issue/tracker
|
||||||
|
|
||||||
|
min_ansible_version: "2.1"
|
||||||
|
|
||||||
|
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||||
|
# min_ansible_container_version:
|
||||||
|
|
||||||
|
license: None
|
||||||
|
|
||||||
|
#
|
||||||
|
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||||
|
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||||
|
# To view available platforms and versions (or releases), visit:
|
||||||
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
|
#
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
|
||||||
|
galaxy_tags:
|
||||||
|
- vaultwarden
|
||||||
|
|
||||||
|
dependencies: [
|
||||||
|
role-traefik
|
||||||
|
]
|
||||||
|
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||||
|
# if you add dependencies to this list.
|
35
tasks/main.yml
Normal file
35
tasks/main.yml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
- name: Create podman folder
|
||||||
|
file:
|
||||||
|
path: /etc/containers/systemd
|
||||||
|
state: directory
|
||||||
|
mode: 0775
|
||||||
|
recurse: yes
|
||||||
|
|
||||||
|
- name: Create data folder
|
||||||
|
file:
|
||||||
|
path: "/var/vaultwarden/{{ vaultwarden_identifier }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0775
|
||||||
|
recurse: yes
|
||||||
|
|
||||||
|
- name: Setup Podman quadlet
|
||||||
|
block:
|
||||||
|
- name: Copy vaultwarden.container
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: vaultwarden.quadlet.j2
|
||||||
|
dest: "/etc/containers/systemd/vaultwarden-{{ vaultwarden_identifier }}.container"
|
||||||
|
|
||||||
|
- name: "Reload systemd"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- name: Start Vaultwardne
|
||||||
|
systemd_service:
|
||||||
|
enabled: true
|
||||||
|
name: vaultwarden-{{ vaultwarden_identifier }}
|
||||||
|
state: started
|
||||||
|
notify:
|
||||||
|
- Restart traefik
|
||||||
|
|
40
templates/vaultwarden.quadlet.j2
Normal file
40
templates/vaultwarden.quadlet.j2
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Vaultwarden
|
||||||
|
|
||||||
|
[Container]
|
||||||
|
ContainerName=vaultwarden-{{ vaultwarden_identifier }}
|
||||||
|
Image=docker.io/library/vaultwarden/server:{{ traefik_version }}
|
||||||
|
|
||||||
|
Environment=TZ=Europe/Berlin
|
||||||
|
Environment=DOMAIN=https://{{ vaultwarden_url }}
|
||||||
|
|
||||||
|
Network=traefik.network
|
||||||
|
|
||||||
|
Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data
|
||||||
|
|
||||||
|
|
||||||
|
NoNewPrivileges=true
|
||||||
|
DropCapability=All
|
||||||
|
|
||||||
|
#UserNS=keep-id
|
||||||
|
# Required to access the Podman Socket
|
||||||
|
#SecurityLabelDisable=true
|
||||||
|
PodmanArgs=--userns=keep-id --security-opt label=disable
|
||||||
|
|
||||||
|
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls.certresolver=resolver"
|
||||||
|
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls=true"
|
||||||
|
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)"
|
||||||
|
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.loadbalancer.server.port=80"
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=on-failure
|
||||||
|
# Restart Delay
|
||||||
|
RestartSec=30
|
||||||
|
# Allowed time for the service to start.
|
||||||
|
TimeoutStartSec=90
|
||||||
|
# Allowed time for the service to stop.
|
||||||
|
TimeoutStopSec=90
|
||||||
|
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
Loading…
Reference in New Issue
Block a user