You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
174 lines
3.7 KiB
174 lines
3.7 KiB
2 years ago
|
- name: import mail vars if mail is enabled
|
||
|
include_vars:
|
||
|
file: mail.yml
|
||
|
when: (host_mail | d(true) == true) and (mail_account is mapping) and
|
||
|
(mail_account.username is defined) and (mail_account.password is defined)
|
||
|
|
||
|
|
||
|
- name: set vault_cfg
|
||
|
set_fact:
|
||
|
vault_cfg: "{{ vault_default_config | d({}) | combine(vault_mail_config | d({}), recursive=true) | combine(vault_config | d({}), recursive=true) }}"
|
||
|
|
||
|
|
||
|
- name: install curl
|
||
|
include_tasks: tasks/install_packages.yml
|
||
|
vars:
|
||
|
package:
|
||
|
- curl
|
||
|
|
||
|
|
||
|
- name: create user and group
|
||
|
include_tasks: tasks/create_user.yml
|
||
|
vars:
|
||
|
user:
|
||
|
name: "{{ vault_user }}"
|
||
|
group: "{{ vault_group }}"
|
||
|
dir: "{{ vault_dir }}"
|
||
|
comment: "vaultwarden service user"
|
||
|
notify: restart vaultwarden
|
||
|
|
||
|
|
||
|
- name: create data directory
|
||
|
file:
|
||
|
path: "{{ vault_dir }}/data"
|
||
|
state: directory
|
||
|
mode: 0750
|
||
|
owner: "{{ vault_user }}"
|
||
|
group: "{{ vault_group }}"
|
||
|
|
||
|
|
||
|
- name: ensure extract dir exists
|
||
|
file:
|
||
|
path: "{{ vault_extract_dir }}"
|
||
|
state: directory
|
||
|
|
||
|
|
||
|
- name: download docker-image-extract script
|
||
|
get_url:
|
||
|
url: "https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract"
|
||
|
dest: "{{ vault_extract_dir }}"
|
||
|
timeout: 20
|
||
|
mode: "+x"
|
||
|
|
||
|
|
||
|
- name: run docker-image-extract
|
||
|
command:
|
||
|
cmd: "{{ vault_extract_dir }}/docker-image-extract vaultwarden/server:alpine"
|
||
|
chdir: "{{ vault_extract_dir }}"
|
||
|
register: result
|
||
|
changed_when: no
|
||
|
failed_when: result.rc != 0
|
||
|
|
||
|
|
||
|
- name: check if output directory exists
|
||
|
stat:
|
||
|
path: "{{ vault_extract_dir }}/output"
|
||
|
register: result
|
||
|
|
||
|
|
||
|
- name: fail if output directory is missing
|
||
|
fail:
|
||
|
msg: output directory is missing
|
||
|
when: not (result.stat.isdir is defined and result.stat.isdir)
|
||
|
|
||
|
|
||
|
- name: move vaultwarden to vault dir
|
||
|
copy:
|
||
|
src: "{{ vault_extract_dir ~ '/output/vaultwarden' }}"
|
||
|
dest: "{{ vault_dir ~ '/vaultwarden' }}"
|
||
|
force: yes
|
||
|
remote_src: yes
|
||
|
owner: "{{ vault_user }}"
|
||
|
group: "{{ vault_group }}"
|
||
|
notify: restart vaultwarden
|
||
|
|
||
|
|
||
|
- name: remove output directory
|
||
|
file:
|
||
|
path: "{{ vault_extract_dir }}/output"
|
||
|
state: absent
|
||
|
changed_when: no
|
||
|
|
||
|
|
||
|
- name: ensure vaultwarden has executable bit set
|
||
|
file:
|
||
|
path: "{{ vault_dir }}/vaultwarden"
|
||
|
mode: "+x"
|
||
|
|
||
|
|
||
|
- name: get and extract latest version of web-vault
|
||
|
include_tasks: tasks/get_lastversion.yml
|
||
|
vars:
|
||
|
package:
|
||
|
name: dani-garcia/bw_web_builds
|
||
|
location: github
|
||
|
assets: yes
|
||
|
asset_filter: '.tar.gz$'
|
||
|
file: "{{ vault_dir }}/last_version"
|
||
|
extract: "{{ vault_dir }}"
|
||
|
user: "{{ vault_user }}"
|
||
|
group: "{{ vault_group }}"
|
||
|
notify: restart vaultwarden
|
||
|
|
||
|
|
||
|
- name: template .env file
|
||
|
template:
|
||
|
src: env.j2
|
||
|
dest: "{{ vault_dir }}/.env"
|
||
|
force: yes
|
||
|
mode: 0400
|
||
|
owner: "{{ vault_user }}"
|
||
|
group: "{{ vault_group }}"
|
||
|
lstrip_blocks: yes
|
||
|
notify: restart vaultwarden
|
||
|
|
||
|
|
||
|
- name: template init script
|
||
|
template:
|
||
|
src: init.j2
|
||
|
dest: /etc/init.d/vaultwarden
|
||
|
force: yes
|
||
|
mode: "+x"
|
||
|
notify: restart vaultwarden
|
||
|
|
||
|
|
||
|
- name: ensure correct ownership in vault dir
|
||
|
file:
|
||
|
path: "{{ vault_dir }}"
|
||
|
state: directory
|
||
|
follow: no
|
||
|
recurse: yes
|
||
|
owner: "{{ vault_user }}"
|
||
|
group: "{{ vault_group }}"
|
||
|
notify: restart vaultwarden
|
||
|
|
||
|
|
||
|
- name: install and configure nginx
|
||
|
include_role:
|
||
|
name: nginx
|
||
|
vars:
|
||
|
nginx:
|
||
|
servers:
|
||
|
- conf: nginx_server
|
||
|
certs: "{{ host_tls }}"
|
||
|
|
||
|
|
||
|
- name: flush handlers
|
||
|
meta: flush_handlers
|
||
|
|
||
|
|
||
|
- name: add directories to backup plan
|
||
|
include_role:
|
||
|
name: backup
|
||
|
vars:
|
||
|
function: add
|
||
|
backup_items:
|
||
|
- "{{ vault_dir }}"
|
||
|
|
||
|
|
||
|
- name: enable and start vaultwarden
|
||
|
service:
|
||
|
name: vaultwarden
|
||
|
enabled: yes
|
||
|
state: started
|