You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
180 lines
4.0 KiB
180 lines
4.0 KiB
- name: import mail vars if mail is enabled
|
|
include_vars:
|
|
file: mail.yml
|
|
when: (host_mail | d(true) == true) and (mail_account is mapping) and
|
|
(mail_account.username is defined) and (mail_account.password is defined)
|
|
|
|
|
|
- name: set vault_cfg
|
|
set_fact:
|
|
vault_cfg: "{{ vault_default_config | d({}) |
|
|
combine(vault_mail_config | d({}), recursive=true) |
|
|
combine(vault_config | d({}), recursive=true) }}"
|
|
|
|
|
|
- name: install curl
|
|
include_tasks: tasks/install_packages.yml
|
|
vars:
|
|
package:
|
|
- curl
|
|
|
|
|
|
- name: create user and group
|
|
include_tasks: tasks/create_user.yml
|
|
vars:
|
|
user:
|
|
name: "{{ vault_user }}"
|
|
group: "{{ vault_group }}"
|
|
dir: "{{ vault_dir }}"
|
|
comment: "vaultwarden service user"
|
|
notify: restart vaultwarden
|
|
|
|
|
|
- name: create data directory
|
|
file:
|
|
path: "{{ (vault_dir, 'data') | path_join }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ vault_user }}"
|
|
group: "{{ vault_group }}"
|
|
|
|
|
|
- name: ensure extract dir exists
|
|
file:
|
|
path: "{{ vault_extract_dir }}"
|
|
state: directory
|
|
|
|
|
|
- name: download docker-image-extract script
|
|
get_url:
|
|
url: "https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract"
|
|
dest: "{{ vault_extract_dir }}"
|
|
timeout: 20
|
|
mode: "+x"
|
|
|
|
|
|
- name: run docker-image-extract
|
|
command:
|
|
cmd: "{{ (vault_extract_dir, 'docker-image-extract') | path_join }} vaultwarden/server:alpine"
|
|
chdir: "{{ vault_extract_dir }}"
|
|
register: result
|
|
changed_when: no
|
|
failed_when: result.rc != 0
|
|
|
|
|
|
- name: check if output directory exists
|
|
stat:
|
|
path: "{{ (vault_extract_dir, 'output') | path_join }}"
|
|
register: result
|
|
|
|
|
|
- name: fail if output directory is missing
|
|
fail:
|
|
msg: output directory is missing
|
|
when: not (result.stat.isdir is defined and result.stat.isdir)
|
|
|
|
|
|
- name: move vaultwarden to vault dir
|
|
copy:
|
|
src: "{{ (vault_extract_dir, 'output', 'vaultwarden') | path_join }}"
|
|
dest: "{{ (vault_dir, 'vaultwarden') | path_join }}"
|
|
force: yes
|
|
remote_src: yes
|
|
owner: "{{ vault_user }}"
|
|
group: "{{ vault_group }}"
|
|
notify: restart vaultwarden
|
|
|
|
|
|
- name: remove output directory
|
|
file:
|
|
path: "{{ (vault_extract_dir, 'output') | path_join }}"
|
|
state: absent
|
|
changed_when: no
|
|
|
|
|
|
- name: ensure vaultwarden has executable bit set
|
|
file:
|
|
path: "{{ (vault_dir, 'vaultwarden') | path_join }}"
|
|
mode: "+x"
|
|
|
|
|
|
- name: get and extract latest version of web-vault
|
|
include_tasks: tasks/get_lastversion.yml
|
|
vars:
|
|
package:
|
|
name: dani-garcia/bw_web_builds
|
|
location: github
|
|
assets: yes
|
|
asset_filter: '.tar.gz$'
|
|
file: "{{ (vault_dir, 'last_version') | path_join }}"
|
|
extract: "{{ vault_dir }}"
|
|
user: "{{ vault_user }}"
|
|
group: "{{ vault_group }}"
|
|
notify: restart vaultwarden
|
|
|
|
|
|
- name: template .env file
|
|
template:
|
|
src: env.j2
|
|
dest: "{{ (vault_dir, '.env') | path_join }}"
|
|
force: yes
|
|
mode: 0400
|
|
owner: "{{ vault_user }}"
|
|
group: "{{ vault_group }}"
|
|
lstrip_blocks: yes
|
|
notify: restart vaultwarden
|
|
|
|
|
|
- name: template init script
|
|
template:
|
|
src: init.j2
|
|
dest: /etc/init.d/vaultwarden
|
|
force: yes
|
|
mode: "+x"
|
|
notify: restart vaultwarden
|
|
when: ansible_distribution == 'Alpine'
|
|
|
|
|
|
- name: ensure correct ownership in vault dir
|
|
file:
|
|
path: "{{ vault_dir }}"
|
|
state: directory
|
|
follow: no
|
|
recurse: yes
|
|
owner: "{{ vault_user }}"
|
|
group: "{{ vault_group }}"
|
|
notify: restart vaultwarden
|
|
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
|
|
- name: add reverse proxy config
|
|
include_role:
|
|
name: rproxy
|
|
tasks_from: add.yml
|
|
vars:
|
|
rproxy_config:
|
|
port: "{{ vault_port }}"
|
|
nginx: rproxy_nginx.j2
|
|
caddy_reverse_proxy_handlers:
|
|
- handler: reverse_proxy
|
|
upstreams:
|
|
- dial: "127.0.0.1:{{ vault_port }}"
|
|
|
|
|
|
- name: add directories to backup plan
|
|
include_role:
|
|
name: backup
|
|
tasks_from: add.yml
|
|
vars:
|
|
backup_items:
|
|
- "{{ vault_dir }}"
|
|
|
|
|
|
- name: enable and start vaultwarden
|
|
service:
|
|
name: vaultwarden
|
|
enabled: yes
|
|
state: started
|
|
|