Add the first iteration of bitwarden playbook
This commit is contained in:
parent
b470a85d28
commit
d2bbf7802a
|
@ -0,0 +1,241 @@
|
|||
---
|
||||
- name: Create bitwarden users
|
||||
ansible.builtin.user:
|
||||
name: "{{ item.name }}"
|
||||
home: "{{ item.home }}"
|
||||
shell: "/bin/false"
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: Get rustup installer
|
||||
get_url:
|
||||
url: https://sh.rustup.rs
|
||||
dest: "{{ item.home}}/rustup.sh"
|
||||
owner: "{{ item.name }}"
|
||||
group: "{{ item.name }}"
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Install rust nightly
|
||||
shell: "{{ item.home }}/rustup.sh --no-modify-path --default-toolchain nightly -y"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: _bitwardenrs_install_rust_nightly
|
||||
changed_when: "'nightly installed' in _bitwardenrs_install_rust_nightly.stdout"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Remove bitwarden
|
||||
file:
|
||||
path: "{{ item.home }}/bitwarden_rs"
|
||||
state: absent
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: Remove web-vault
|
||||
file:
|
||||
path: "{{ item.home }}/web-vault"
|
||||
state: absent
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: Remove patches
|
||||
file:
|
||||
path: "{{ item.home }}/bw_web_builds"
|
||||
state: absent
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: Stop bitwarden
|
||||
ansible.builtin.systemd:
|
||||
state: stopped
|
||||
name: "{{ item.name }}_bitwarden.service"
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: "Clone bitwarden_rs"
|
||||
git:
|
||||
repo: https://github.com/dani-garcia/bitwarden_rs.git
|
||||
dest: "{{ item.home }}/bitwarden_rs"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: "Clone bitwarden patch"
|
||||
git:
|
||||
repo: https://github.com/dani-garcia/bw_web_builds.git
|
||||
dest: "{{ item.home }}/bw_web_builds"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: "Get last patch"
|
||||
shell: ls | sort --version-sort | tail -n 1 | sed "s/.patch//"
|
||||
args:
|
||||
chdir: "{{ item.home }}/bw_web_builds/patches"
|
||||
register: webvault_version
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: "Clone bitwarden web"
|
||||
git:
|
||||
repo: https://github.com/bitwarden/web.git
|
||||
dest: "{{ item.home }}/web-vault"
|
||||
version: "{{ webvault_version.stdout }}"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Compile bitwarden_rs
|
||||
shell: "{{ item.home }}/.cargo/bin/cargo build --release --features postgresql"
|
||||
args:
|
||||
chdir: "{{ item.home }}/bitwarden_rs"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Patch web-vault
|
||||
shell: "git apply {{ item.home }}/bw_web_builds/patches/{{ webvault_version.stdout }}.patch"
|
||||
args:
|
||||
chdir: "{{ item.home }}/web-vault"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Build web-vault
|
||||
shell: "npm run sub:init"
|
||||
args:
|
||||
chdir: "{{ item.home }}/web-vault"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Build web-vault
|
||||
shell: "npm install"
|
||||
args:
|
||||
chdir: "{{ item.home }}/web-vault"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Build web-vault
|
||||
shell: "npm run dist"
|
||||
args:
|
||||
chdir: "{{ item.home }}/web-vault"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Copy web-vault
|
||||
shell: "cp -a {{ item.home }}/web-vault/build/ {{ item.home }}/bitwarden_rs/target/release/web-vault/"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Install bitwarden
|
||||
shell: "rsync -a --info=progress2 {{ item.home }}/bitwarden_rs/target/release/ {{ item.app_folder }}"
|
||||
become: yes
|
||||
become_user : "{{ item.name }}"
|
||||
become_method: su
|
||||
become_flags: '-s /bin/bash'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
- upgrade
|
||||
|
||||
- name: Add service
|
||||
ansible.builtin.template:
|
||||
src: bitwarden.service.j2
|
||||
dest: "/etc/{{ item.name }}_bitwarden.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: Reload systemd
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: yes
|
||||
name: "{{ item.name }}_bitwarden.service"
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: Enable bitwarden
|
||||
ansible.builtin.systemd:
|
||||
enabled: yes
|
||||
name: "{{ item.name }}_bitwarden.service"
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: Restarted bitwarden
|
||||
ansible.builtin.systemd:
|
||||
state: started
|
||||
name: "{{ item.name }}_bitwarden.service"
|
||||
loop: "{{ bitwarden }}"
|
||||
tags:
|
||||
- upgrade
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
[Unit]
|
||||
Description=Bitwarden Server (Rust Edition)
|
||||
Documentation=https://github.com/dani-garcia/bitwarden_rs
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
|
||||
User={{ item.name }}
|
||||
Group={{ item.name }}
|
||||
# The location of the .env file for configuration
|
||||
EnvironmentFile=/etc/{{ item.name }}_bitwarden_rs.env
|
||||
# The location of the compiled binary
|
||||
ExecStart={{ item.app_folder }}/bitwarden_rs
|
||||
# Set reasonable connection and process limits
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=64
|
||||
# Isolate bitwarden_rs from the rest of the system
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=strict
|
||||
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
|
||||
WorkingDirectory={{ item.app_folder }}
|
||||
ReadWriteDirectories={{ item.app_folder }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,15 @@
|
|||
# DATABASE_URL=data/db.sqlite3
|
||||
DATABASE_URL=
|
||||
SIGNUPS_ALLOWED=false
|
||||
WEBSOCKET_ENABLED=true
|
||||
ADMIN_TOKEN=
|
||||
ROCKET_ADDRESS=0.0.0.0
|
||||
WEBSOCKET_ADDRESS=0.0.0.0
|
||||
SMTP_HOST=
|
||||
SMTP_FROM=
|
||||
SMTP_PORT=
|
||||
SMTP_SSL=true
|
||||
SMTP_USERNAME=
|
||||
SMTP_PASSWORD=
|
||||
DISABLE_2FA_REMEMBER=true
|
||||
SIGNUPS_VERIFY=true
|
Loading…
Reference in New Issue