3 changed files with 283 additions and 0 deletions
@ -0,0 +1,241 @@
|
||||
--- |
||||
- name: Create bitwarden users |
||||
ansible.builtin.user: |
||||
name: "{{ item.name }}" |
||||
home: "{{ item.home }}" |
||||
shell: "/bin/false" |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
|
||||
- name: Get rustup installer |
||||
get_url: |
||||
url: https://sh.rustup.rs |
||||
dest: "{{ item.home}}/rustup.sh" |
||||
owner: "{{ item.name }}" |
||||
group: "{{ item.name }}" |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Install rust nightly |
||||
shell: "{{ item.home }}/rustup.sh --no-modify-path --default-toolchain nightly -y" |
||||
args: |
||||
executable: /bin/bash |
||||
register: _bitwardenrs_install_rust_nightly |
||||
changed_when: "'nightly installed' in _bitwardenrs_install_rust_nightly.stdout" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Remove bitwarden |
||||
file: |
||||
path: "{{ item.home }}/bitwarden_rs" |
||||
state: absent |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- upgrade |
||||
|
||||
- name: Remove web-vault |
||||
file: |
||||
path: "{{ item.home }}/web-vault" |
||||
state: absent |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- upgrade |
||||
|
||||
- name: Remove patches |
||||
file: |
||||
path: "{{ item.home }}/bw_web_builds" |
||||
state: absent |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- upgrade |
||||
|
||||
- name: Stop bitwarden |
||||
ansible.builtin.systemd: |
||||
state: stopped |
||||
name: "{{ item.name }}_bitwarden.service" |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- upgrade |
||||
|
||||
- name: "Clone bitwarden_rs" |
||||
git: |
||||
repo: https://github.com/dani-garcia/bitwarden_rs.git |
||||
dest: "{{ item.home }}/bitwarden_rs" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: "Clone bitwarden patch" |
||||
git: |
||||
repo: https://github.com/dani-garcia/bw_web_builds.git |
||||
dest: "{{ item.home }}/bw_web_builds" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: "Get last patch" |
||||
shell: ls | sort --version-sort | tail -n 1 | sed "s/.patch//" |
||||
args: |
||||
chdir: "{{ item.home }}/bw_web_builds/patches" |
||||
register: webvault_version |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: "Clone bitwarden web" |
||||
git: |
||||
repo: https://github.com/bitwarden/web.git |
||||
dest: "{{ item.home }}/web-vault" |
||||
version: "{{ webvault_version.stdout }}" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Compile bitwarden_rs |
||||
shell: "{{ item.home }}/.cargo/bin/cargo build --release --features postgresql" |
||||
args: |
||||
chdir: "{{ item.home }}/bitwarden_rs" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Patch web-vault |
||||
shell: "git apply {{ item.home }}/bw_web_builds/patches/{{ webvault_version.stdout }}.patch" |
||||
args: |
||||
chdir: "{{ item.home }}/web-vault" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Build web-vault |
||||
shell: "npm run sub:init" |
||||
args: |
||||
chdir: "{{ item.home }}/web-vault" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Build web-vault |
||||
shell: "npm install" |
||||
args: |
||||
chdir: "{{ item.home }}/web-vault" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Build web-vault |
||||
shell: "npm run dist" |
||||
args: |
||||
chdir: "{{ item.home }}/web-vault" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Copy web-vault |
||||
shell: "cp -a {{ item.home }}/web-vault/build/ {{ item.home }}/bitwarden_rs/target/release/web-vault/" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Install bitwarden |
||||
shell: "rsync -a --info=progress2 {{ item.home }}/bitwarden_rs/target/release/ {{ item.app_folder }}" |
||||
become: yes |
||||
become_user : "{{ item.name }}" |
||||
become_method: su |
||||
become_flags: '-s /bin/bash' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
- upgrade |
||||
|
||||
- name: Add service |
||||
ansible.builtin.template: |
||||
src: bitwarden.service.j2 |
||||
dest: "/etc/{{ item.name }}_bitwarden.service" |
||||
owner: root |
||||
group: root |
||||
mode: '0644' |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
|
||||
- name: Reload systemd |
||||
ansible.builtin.systemd: |
||||
daemon_reload: yes |
||||
name: "{{ item.name }}_bitwarden.service" |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
|
||||
- name: Enable bitwarden |
||||
ansible.builtin.systemd: |
||||
enabled: yes |
||||
name: "{{ item.name }}_bitwarden.service" |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- install |
||||
|
||||
- name: Restarted bitwarden |
||||
ansible.builtin.systemd: |
||||
state: started |
||||
name: "{{ item.name }}_bitwarden.service" |
||||
loop: "{{ bitwarden }}" |
||||
tags: |
||||
- upgrade |
||||
|
@ -0,0 +1,27 @@
|
||||
[Unit] |
||||
Description=Bitwarden Server (Rust Edition) |
||||
Documentation=https://github.com/dani-garcia/bitwarden_rs |
||||
After=network.target |
||||
|
||||
[Service] |
||||
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group |
||||
User={{ item.name }} |
||||
Group={{ item.name }} |
||||
# The location of the .env file for configuration |
||||
EnvironmentFile=/etc/{{ item.name }}_bitwarden_rs.env |
||||
# The location of the compiled binary |
||||
ExecStart={{ item.app_folder }}/bitwarden_rs |
||||
# Set reasonable connection and process limits |
||||
LimitNOFILE=1048576 |
||||
LimitNPROC=64 |
||||
# Isolate bitwarden_rs from the rest of the system |
||||
PrivateTmp=true |
||||
PrivateDevices=true |
||||
ProtectHome=true |
||||
ProtectSystem=strict |
||||
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here) |
||||
WorkingDirectory={{ item.app_folder }} |
||||
ReadWriteDirectories={{ item.app_folder }} |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,15 @@
|
||||
# DATABASE_URL=data/db.sqlite3 |
||||
DATABASE_URL= |
||||
SIGNUPS_ALLOWED=false |
||||
WEBSOCKET_ENABLED=true |
||||
ADMIN_TOKEN= |
||||
ROCKET_ADDRESS=0.0.0.0 |
||||
WEBSOCKET_ADDRESS=0.0.0.0 |
||||
SMTP_HOST= |
||||
SMTP_FROM= |
||||
SMTP_PORT= |
||||
SMTP_SSL=true |
||||
SMTP_USERNAME= |
||||
SMTP_PASSWORD= |
||||
DISABLE_2FA_REMEMBER=true |
||||
SIGNUPS_VERIFY=true |
Loading…
Reference in new issue