vaultwarden/tasks/main.yml

243 lines
5.3 KiB
YAML

---
- name: Create bitwarden users
ansible.builtin.user:
name: "{{ item.name }}"
home: "{{ item.home }}"
shell: "/bin/false"
loop: "{{ bitwarden }}"
tags:
- install
- name: Get rustup installer
get_url:
url: https://sh.rustup.rs
dest: "{{ item.home}}/rustup.sh"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: '0700'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: Install rust nightly
shell: "{{ item.home }}/rustup.sh --no-modify-path --default-toolchain nightly -y"
args:
executable: /bin/bash
register: _bitwardenrs_install_rust_nightly
changed_when: "'nightly installed' in _bitwardenrs_install_rust_nightly.stdout"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: Remove bitwarden
file:
path: "{{ item.home }}/bitwarden_rs"
state: absent
loop: "{{ bitwarden }}"
tags:
- upgrade
- name: Remove web-vault
file:
path: "{{ item.home }}/web-vault"
state: absent
loop: "{{ bitwarden }}"
tags:
- upgrade
- name: Remove patches
file:
path: "{{ item.home }}/bw_web_builds"
state: absent
loop: "{{ bitwarden }}"
tags:
- upgrade
- name: Stop bitwarden
ansible.builtin.systemd:
state: stopped
name: "{{ item.name }}_bitwarden.service"
loop: "{{ bitwarden }}"
tags:
- upgrade
- name: "Clone bitwarden_rs"
git:
repo: https://github.com/dani-garcia/bitwarden_rs.git
dest: "{{ item.home }}/bitwarden_rs"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: "Clone bitwarden patch"
git:
repo: https://github.com/dani-garcia/bw_web_builds.git
dest: "{{ item.home }}/bw_web_builds"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: "Get last patch"
shell: ls | sort --version-sort | tail -n 1 | sed "s/.patch//"
args:
chdir: "{{ item.home }}/bw_web_builds/patches"
register: webvault_version
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: "Clone bitwarden web"
git:
repo: https://github.com/bitwarden/web.git
dest: "{{ item.item.home }}/web-vault"
version: "{{ item.stdout }}"
become: yes
become_user : "{{ item.item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ webvault_version.results }}"
tags:
- install
- upgrade
- name: Compile bitwarden_rs
shell: "{{ item.home }}/.cargo/bin/cargo build --release --features postgresql"
args:
chdir: "{{ item.home }}/bitwarden_rs"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: Patch web-vault
shell: "git apply {{ item.item.home }}/bw_web_builds/patches/{{ item.stdout }}.patch"
args:
chdir: "{{ item.item.home }}/web-vault"
become: yes
become_user : "{{ item.item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ webvault_version.results }}"
tags:
- install
- upgrade
- name: Build web-vault
shell: "npm run sub:init"
args:
chdir: "{{ item.home }}/web-vault"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: Build web-vault
shell: "npm install"
args:
chdir: "{{ item.home }}/web-vault"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: Build web-vault
shell: "npm run dist"
args:
chdir: "{{ item.home }}/web-vault"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: Copy web-vault
shell: "cp -a {{ item.home }}/web-vault/build/ {{ item.home }}/bitwarden_rs/target/release/web-vault/"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: Install bitwarden
shell: "rsync -a --info=progress2 {{ item.home }}/bitwarden_rs/target/release/ {{ item.app_folder }}"
become: yes
become_user : "{{ item.name }}"
become_method: su
become_flags: '-s /bin/bash'
loop: "{{ bitwarden }}"
tags:
- install
- upgrade
- name: Add service
ansible.builtin.template:
src: bitwarden.service.j2
dest: "/etc/{{ item.name }}_bitwarden.service"
owner: root
group: root
mode: '0644'
loop: "{{ bitwarden }}"
tags:
- install
- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: yes
name: "{{ item.name }}_bitwarden.service"
loop: "{{ bitwarden }}"
tags:
- install
- name: Enable bitwarden
ansible.builtin.systemd:
enabled: yes
name: "{{ item.name }}_bitwarden.service"
loop: "{{ bitwarden }}"
tags:
- install
- name: Restarted bitwarden
ansible.builtin.systemd:
state: started
name: "{{ item.name }}_bitwarden.service"
loop: "{{ bitwarden }}"
tags:
- upgrade