Add the first iteration of bitwarden playbook
This commit is contained in:
parent
b470a85d28
commit
d2bbf7802a
|
@ -0,0 +1,241 @@
|
||||||
|
---
|
||||||
|
- name: Create bitwarden users
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
home: "{{ item.home }}"
|
||||||
|
shell: "/bin/false"
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
|
||||||
|
- name: Get rustup installer
|
||||||
|
get_url:
|
||||||
|
url: https://sh.rustup.rs
|
||||||
|
dest: "{{ item.home}}/rustup.sh"
|
||||||
|
owner: "{{ item.name }}"
|
||||||
|
group: "{{ item.name }}"
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Install rust nightly
|
||||||
|
shell: "{{ item.home }}/rustup.sh --no-modify-path --default-toolchain nightly -y"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
register: _bitwardenrs_install_rust_nightly
|
||||||
|
changed_when: "'nightly installed' in _bitwardenrs_install_rust_nightly.stdout"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Remove bitwarden
|
||||||
|
file:
|
||||||
|
path: "{{ item.home }}/bitwarden_rs"
|
||||||
|
state: absent
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Remove web-vault
|
||||||
|
file:
|
||||||
|
path: "{{ item.home }}/web-vault"
|
||||||
|
state: absent
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Remove patches
|
||||||
|
file:
|
||||||
|
path: "{{ item.home }}/bw_web_builds"
|
||||||
|
state: absent
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Stop bitwarden
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
state: stopped
|
||||||
|
name: "{{ item.name }}_bitwarden.service"
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: "Clone bitwarden_rs"
|
||||||
|
git:
|
||||||
|
repo: https://github.com/dani-garcia/bitwarden_rs.git
|
||||||
|
dest: "{{ item.home }}/bitwarden_rs"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: "Clone bitwarden patch"
|
||||||
|
git:
|
||||||
|
repo: https://github.com/dani-garcia/bw_web_builds.git
|
||||||
|
dest: "{{ item.home }}/bw_web_builds"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: "Get last patch"
|
||||||
|
shell: ls | sort --version-sort | tail -n 1 | sed "s/.patch//"
|
||||||
|
args:
|
||||||
|
chdir: "{{ item.home }}/bw_web_builds/patches"
|
||||||
|
register: webvault_version
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: "Clone bitwarden web"
|
||||||
|
git:
|
||||||
|
repo: https://github.com/bitwarden/web.git
|
||||||
|
dest: "{{ item.home }}/web-vault"
|
||||||
|
version: "{{ webvault_version.stdout }}"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Compile bitwarden_rs
|
||||||
|
shell: "{{ item.home }}/.cargo/bin/cargo build --release --features postgresql"
|
||||||
|
args:
|
||||||
|
chdir: "{{ item.home }}/bitwarden_rs"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Patch web-vault
|
||||||
|
shell: "git apply {{ item.home }}/bw_web_builds/patches/{{ webvault_version.stdout }}.patch"
|
||||||
|
args:
|
||||||
|
chdir: "{{ item.home }}/web-vault"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Build web-vault
|
||||||
|
shell: "npm run sub:init"
|
||||||
|
args:
|
||||||
|
chdir: "{{ item.home }}/web-vault"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Build web-vault
|
||||||
|
shell: "npm install"
|
||||||
|
args:
|
||||||
|
chdir: "{{ item.home }}/web-vault"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Build web-vault
|
||||||
|
shell: "npm run dist"
|
||||||
|
args:
|
||||||
|
chdir: "{{ item.home }}/web-vault"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Copy web-vault
|
||||||
|
shell: "cp -a {{ item.home }}/web-vault/build/ {{ item.home }}/bitwarden_rs/target/release/web-vault/"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Install bitwarden
|
||||||
|
shell: "rsync -a --info=progress2 {{ item.home }}/bitwarden_rs/target/release/ {{ item.app_folder }}"
|
||||||
|
become: yes
|
||||||
|
become_user : "{{ item.name }}"
|
||||||
|
become_method: su
|
||||||
|
become_flags: '-s /bin/bash'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: Add service
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: bitwarden.service.j2
|
||||||
|
dest: "/etc/{{ item.name }}_bitwarden.service"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
|
||||||
|
- name: Reload systemd
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
name: "{{ item.name }}_bitwarden.service"
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
|
||||||
|
- name: Enable bitwarden
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
enabled: yes
|
||||||
|
name: "{{ item.name }}_bitwarden.service"
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
|
||||||
|
- name: Restarted bitwarden
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
state: started
|
||||||
|
name: "{{ item.name }}_bitwarden.service"
|
||||||
|
loop: "{{ bitwarden }}"
|
||||||
|
tags:
|
||||||
|
- upgrade
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Bitwarden Server (Rust Edition)
|
||||||
|
Documentation=https://github.com/dani-garcia/bitwarden_rs
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
|
||||||
|
User={{ item.name }}
|
||||||
|
Group={{ item.name }}
|
||||||
|
# The location of the .env file for configuration
|
||||||
|
EnvironmentFile=/etc/{{ item.name }}_bitwarden_rs.env
|
||||||
|
# The location of the compiled binary
|
||||||
|
ExecStart={{ item.app_folder }}/bitwarden_rs
|
||||||
|
# Set reasonable connection and process limits
|
||||||
|
LimitNOFILE=1048576
|
||||||
|
LimitNPROC=64
|
||||||
|
# Isolate bitwarden_rs from the rest of the system
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
ProtectHome=true
|
||||||
|
ProtectSystem=strict
|
||||||
|
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
|
||||||
|
WorkingDirectory={{ item.app_folder }}
|
||||||
|
ReadWriteDirectories={{ item.app_folder }}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,15 @@
|
||||||
|
# DATABASE_URL=data/db.sqlite3
|
||||||
|
DATABASE_URL=
|
||||||
|
SIGNUPS_ALLOWED=false
|
||||||
|
WEBSOCKET_ENABLED=true
|
||||||
|
ADMIN_TOKEN=
|
||||||
|
ROCKET_ADDRESS=0.0.0.0
|
||||||
|
WEBSOCKET_ADDRESS=0.0.0.0
|
||||||
|
SMTP_HOST=
|
||||||
|
SMTP_FROM=
|
||||||
|
SMTP_PORT=
|
||||||
|
SMTP_SSL=true
|
||||||
|
SMTP_USERNAME=
|
||||||
|
SMTP_PASSWORD=
|
||||||
|
DISABLE_2FA_REMEMBER=true
|
||||||
|
SIGNUPS_VERIFY=true
|
Loading…
Reference in New Issue