--- - name: run only if 'install' or 'upgrade' is specified meta: end_host when: - "install not in ansible_run_tags" - "upgrade not in ansible_run_tags" tags: always - name: Create bitwarden users ansible.builtin.user: name: "{{ item.name }}" home: "{{ item.home }}" shell: "/bin/false" loop: "{{ bitwarden }}" tags: - install - name: Get bitwarden_rs version uri: url: https://api.github.com/repos/dani-garcia/bitwarden_rs/releases/latest method: GET return_content: yes status_code: 200 body_format: json register: bitwarden_rs_github_repo tags: - install - upgrade - name: Get rustup installer get_url: url: https://sh.rustup.rs dest: "{{ item.home}}/rustup.sh" owner: "{{ item.name }}" group: "{{ item.name }}" mode: '0700' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Install rust nightly shell: "{{ item.home }}/rustup.sh --no-modify-path --default-toolchain nightly -y" args: executable: /bin/bash register: _bitwardenrs_install_rust_nightly changed_when: "'nightly installed' in _bitwardenrs_install_rust_nightly.stdout" become: yes become_user : "{{ item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Remove bitwarden file: path: "{{ item.home }}/bitwarden_rs" state: absent loop: "{{ bitwarden }}" tags: - upgrade - name: Remove web-vault file: path: "{{ item.home }}/web-vault" state: absent loop: "{{ bitwarden }}" tags: - upgrade - name: Remove patches file: path: "{{ item.home }}/bw_web_builds" state: absent loop: "{{ bitwarden }}" tags: - upgrade - name: Stop bitwarden ansible.builtin.systemd: state: stopped name: "{{ item.name }}_bitwarden.service" loop: "{{ bitwarden }}" tags: - upgrade - name: "Clone bitwarden_rs" git: repo: https://github.com/dani-garcia/bitwarden_rs.git dest: "{{ item.home }}/bitwarden_rs" version: "{{ bitwarden_rs_github_repo.json.tag_name }}" become: yes become_user : "{{ item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: "Clone bitwarden patch" git: repo: https://github.com/dani-garcia/bw_web_builds.git dest: "{{ item.home }}/bw_web_builds" become: yes become_user : "{{ item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: "Get last patch" shell: ls | sort --version-sort | tail -n 1 | sed "s/.patch//" args: chdir: "{{ item.home }}/bw_web_builds/patches" register: webvault_version loop: "{{ bitwarden }}" tags: - install - upgrade - name: "Clone bitwarden web" git: repo: https://github.com/bitwarden/web.git dest: "{{ item.item.home }}/web-vault" version: "{{ item.stdout }}" become: yes become_user : "{{ item.item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ webvault_version.results }}" tags: - install - upgrade - name: Compile bitwarden_rs shell: "{{ item.home }}/.cargo/bin/cargo build --release --features {{ item.backend }}" args: chdir: "{{ item.home }}/bitwarden_rs" become: yes become_user : "{{ item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Patch web-vault shell: "git apply {{ item.item.home }}/bw_web_builds/patches/{{ item.stdout }}.patch" args: chdir: "{{ item.item.home }}/web-vault" become: yes become_user : "{{ item.item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ webvault_version.results }}" tags: - install - upgrade - name: Build web-vault shell: "npm run sub:init" args: chdir: "{{ item.home }}/web-vault" become: yes become_user : "{{ item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Build web-vault shell: "npm install" args: chdir: "{{ item.home }}/web-vault" become: yes become_user : "{{ item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Build web-vault shell: "npm run dist" args: chdir: "{{ item.home }}/web-vault" become: yes become_user : "{{ item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Copy web-vault shell: "cp -a {{ item.home }}/web-vault/build/ {{ item.home }}/bitwarden_rs/target/release/web-vault/" become: yes become_user : "{{ item.name }}" become_method: su become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Create bitwarden app folder ansible.builtin.file: path: "{{ item.app_folder }}" state: directory owner: "{{ item.name }}" group: "{{ item.name }}" mode: '0750' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Create bitwarden data folder ansible.builtin.file: path: "{{ item.app_folder }}/data" state: directory owner: "{{ item.name }}" group: "{{ item.name }}" mode: '0750' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Install bitwarden shell: "rsync -a --info=progress2 {{ item.home }}/bitwarden_rs/target/release/ {{ item.app_folder }}" become: yes become_user : "{{ item.name }}" become_method: su become_flags: '-s /bin/bash' loop: "{{ bitwarden }}" tags: - install - upgrade - name: Add service ansible.builtin.template: src: bitwarden.service.j2 dest: "/etc/systemd/system/{{ item.name }}_bitwarden.service" owner: root group: root mode: '0644' loop: "{{ bitwarden }}" tags: - install - name: Add configuration ansible.builtin.template: src: env.j2 dest: "/etc/{{ item.name }}_bitwarden_rs.env" owner: bitwarden group: bitwarden mode: '0600' loop: "{{ bitwarden }}" tags: - install - name: Reload systemd ansible.builtin.systemd: daemon_reload: yes name: "{{ item.name }}_bitwarden.service" loop: "{{ bitwarden }}" tags: - install - name: Enable bitwarden ansible.builtin.systemd: enabled: yes name: "{{ item.name }}_bitwarden.service" loop: "{{ bitwarden }}" tags: - install - name: Restarted bitwarden ansible.builtin.systemd: state: started name: "{{ item.name }}_bitwarden.service" loop: "{{ bitwarden }}" tags: - upgrade