Vaultwarden Server on Verwaltung

host_vars/verwaltung

@@ -34,6 +34,7 @@ webserver_domains:
   - "verwaltung.warpzone.ms"
   - "verwaltung-git.warpzone.ms"
   - "verwaltung-jameica.warpzone.ms"
+  - "vault.warpzone.ms"
 
 
 #OpenVPN Konfigurationen 
@@ -78,6 +79,8 @@ alert:
     - { name: "nextcloud-redis-1" }
     - { name: "nextcloud-webcron-1" }
     - { name: "traefik-app-1" }
+    - { name: "vaultwarden-app-1" }
+    - { name: "vaultwarden-backup-1" }
     - { name: "watchtower-app-1" }
   disks: 
     - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }

site.yml

@@ -351,9 +351,15 @@
       }
     - { 
         role: verwaltung/docker_nextcloud, tags: nextcloud,
-        servicename: "nextcloud",
+        servicename: "nextcloud",        
         domain: "verwaltung.warpzone.ms" 
       }
+    - { 
+        role: verwaltung/docker_vaultwarden, tags: vaultwarden,
+        servicename: "vaultwarden",
+        basedir: /srv/vaultwarden,
+        domain: "vault.warpzone.ms" 
+      }
     - { 
         role: verwaltung/docker_mysql, tags: mysql 
       }

verwaltung/docker_vaultwarden/tasks/main.yml

+---
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+    - { path: "{{ basedir }}/secrets/vaultwarden_admin_token", length: 40 }
+    - { path: /srv/shared/noreply_email_pass,  length: -1 }
+
+
+- name: "create folder struct for {{ servicename }}"
+  file:
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - "{{ basedir }}"
+    - "{{ basedir }}/secrets"
+    - "{{ basedir }}/data"
+    - "{{ basedir }}/backup"
+
+
+- name: deploy {{ servicename }} config
+  template:
+    dest:  "{{ basedir }}/{{ item }}"
+    src: "{{ item }}"
+  with_items:
+    - docker-compose.yml
+  register: config
+
+
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config.changed
+
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present

verwaltung/docker_vaultwarden/templates/docker-compose.yml

+version: '3'
+
+services:
+
+  app:
+
+    image: vaultwarden/server:latest
+    restart: always
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+    environment:
+      - ADMIN_TOKEN={{ vaultwarden_admin_token }}
+      - DOMAIN=https://{{ domain }}    
+      - INVITATIONS_ALLOWED=false
+      - INVITATION_ORG_NAME=warpzone
+      - LOG_LEVEL=warn
+      - SENDS_ALLOWED=true
+      - SIGNUPS_ALLOWED=false
+      - SMTP_HOST={{ smtp_host }}
+      - SMTP_FROM={{ noreply_email_user }}
+      - SMTP_PORT=587
+      - SMTP_SECURITY=starttls
+      - SMTP_USERNAME={{ noreply_email_user }}
+      - SMTP_PASSWORD={{ noreply_email_pass }}
+      - SIGNUPS_VERIFY=true
+      - SHOW_PASSWORD_HINT=false
+      - TZ=Europe/Berlin
+      - WEBSOCKET_ENABLED=false
+    volumes:
+      - {{ basedir }}/data:/data
+    networks:
+      - web
+      - default
+
+  backup:
+    image: bruceforce/vaultwarden-backup:latest
+    restart: always
+    init: true
+    depends_on:
+      - app
+    volumes:
+      - {{ basedir }}/data:/data/
+      - {{ basedir }}/backup:/backup/
+    environment:
+      - TZ=Europe/Berlin
+      - DELETE_AFTER=30
+      - TIMESTAMP=true
+      - GID=1000
+      - UID=1000
+
+networks:
+  web:
+    external: true