dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
2 Branches
0 Tags
425 KiB
 
 
Tag: Branch: Tree: ac4de942ba
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ac4de942ba'
${ noResults }
ansible-playbooks/roles/vault/tasks/main.yml

180 lines
4.0 KiB
Raw Blame History

- name: import mail vars if mail is enabled
include_vars:
file: mail.yml
when: (host_mail | d(true) == true) and (mail_account is mapping) and
(mail_account.username is defined) and (mail_account.password is defined)
- name: set vault_cfg
set_fact:
vault_cfg: "{{ vault_default_config | d({}) |
combine(vault_mail_config | d({}), recursive=true) |
combine(vault_config | d({}), recursive=true) }}"
- name: install curl
include_tasks: tasks/install_packages.yml
vars:
package:
- curl
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ vault_user }}"
group: "{{ vault_group }}"
dir: "{{ vault_dir }}"
comment: "vaultwarden service user"
notify: restart vaultwarden
- name: create data directory
file:
path: "{{ (vault_dir, 'data') | path_join }}"
state: directory
mode: 0750
owner: "{{ vault_user }}"
group: "{{ vault_group }}"
- name: ensure extract dir exists
file:
path: "{{ vault_extract_dir }}"
state: directory
- name: download docker-image-extract script
get_url:
url: "https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract"
dest: "{{ vault_extract_dir }}"
timeout: 20
mode: "+x"
- name: run docker-image-extract
command:
cmd: "{{ (vault_extract_dir, 'docker-image-extract') | path_join }} vaultwarden/server:alpine"
chdir: "{{ vault_extract_dir }}"
register: result
changed_when: no
failed_when: result.rc != 0
- name: check if output directory exists
stat:
path: "{{ (vault_extract_dir, 'output') | path_join }}"
register: result
- name: fail if output directory is missing
fail:
msg: output directory is missing
when: not (result.stat.isdir is defined and result.stat.isdir)
- name: move vaultwarden to vault dir
copy:
src: "{{ (vault_extract_dir, 'output', 'vaultwarden') | path_join }}"
dest: "{{ (vault_dir, 'vaultwarden') | path_join }}"
force: yes
remote_src: yes
owner: "{{ vault_user }}"
group: "{{ vault_group }}"
notify: restart vaultwarden
- name: remove output directory
file:
path: "{{ (vault_extract_dir, 'output') | path_join }}"
state: absent
changed_when: no
- name: ensure vaultwarden has executable bit set
file:
path: "{{ (vault_dir, 'vaultwarden') | path_join }}"
mode: "+x"
- name: get and extract latest version of web-vault
include_tasks: tasks/get_lastversion.yml
vars:
package:
name: dani-garcia/bw_web_builds
location: github
assets: yes
asset_filter: '.tar.gz$'
file: "{{ (vault_dir, 'last_version') | path_join }}"
extract: "{{ vault_dir }}"
user: "{{ vault_user }}"
group: "{{ vault_group }}"
notify: restart vaultwarden
- name: template .env file
template:
src: env.j2
dest: "{{ (vault_dir, '.env') | path_join }}"
force: yes
mode: 0400
owner: "{{ vault_user }}"
group: "{{ vault_group }}"
lstrip_blocks: yes
notify: restart vaultwarden
- name: template init script
template:
src: init.j2
dest: /etc/init.d/vaultwarden
force: yes
mode: "+x"
notify: restart vaultwarden
when: ansible_distribution == 'Alpine'
- name: ensure correct ownership in vault dir
file:
path: "{{ vault_dir }}"
state: directory
follow: no
recurse: yes
owner: "{{ vault_user }}"
group: "{{ vault_group }}"
notify: restart vaultwarden
- name: flush handlers
meta: flush_handlers
- name: add reverse proxy config
include_role:
name: rproxy
tasks_from: add.yml
vars:
rproxy_config:
port: "{{ vault_port }}"
nginx: rproxy_nginx.j2
caddy_reverse_proxy_handlers:
- handler: reverse_proxy
upstreams:
- dial: "127.0.0.1:{{ vault_port }}"
- name: add directories to backup plan
include_role:
name: backup
tasks_from: add.yml
vars:
backup_items:
- "{{ vault_dir }}"
- name: enable and start vaultwarden
service:
name: vaultwarden
enabled: yes
state: started