From ebc686392e8325ec7833d859f5eb8bf291bd10c5 Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <6413499+elberfeld@users.noreply.github.com>
Date: Thu, 14 Mar 2024 00:07:45 +0100
Subject: [PATCH] Vaultwarden Server on Verwaltung
---
host_vars/verwaltung | 3 +
site.yml | 8 ++-
verwaltung/docker_vaultwarden/tasks/main.yml | 39 +++++++++++++
.../templates/docker-compose.yml | 56 +++++++++++++++++++
4 files changed, 105 insertions(+), 1 deletion(-)
create mode 100644 verwaltung/docker_vaultwarden/tasks/main.yml
create mode 100644 verwaltung/docker_vaultwarden/templates/docker-compose.yml
diff --git a/host_vars/verwaltung b/host_vars/verwaltung
index a72fe32b..f29794ba 100644
--- a/host_vars/verwaltung
+++ b/host_vars/verwaltung
@@ -34,6 +34,7 @@ webserver_domains:
- "verwaltung.warpzone.ms"
- "verwaltung-git.warpzone.ms"
- "verwaltung-jameica.warpzone.ms"
+ - "vault.warpzone.ms"
#OpenVPN Konfigurationen
@@ -78,6 +79,8 @@ alert:
- { name: "nextcloud-redis-1" }
- { name: "nextcloud-webcron-1" }
- { name: "traefik-app-1" }
+ - { name: "vaultwarden-app-1" }
+ - { name: "vaultwarden-backup-1" }
- { name: "watchtower-app-1" }
disks:
- { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
diff --git a/site.yml b/site.yml
index 656163a7..2371c05a 100644
--- a/site.yml
+++ b/site.yml
@@ -351,9 +351,15 @@
}
- {
role: verwaltung/docker_nextcloud, tags: nextcloud,
- servicename: "nextcloud",
+ servicename: "nextcloud",
domain: "verwaltung.warpzone.ms"
}
+ - {
+ role: verwaltung/docker_vaultwarden, tags: vaultwarden,
+ servicename: "vaultwarden",
+ basedir: /srv/vaultwarden,
+ domain: "vault.warpzone.ms"
+ }
- {
role: verwaltung/docker_mysql, tags: mysql
}
diff --git a/verwaltung/docker_vaultwarden/tasks/main.yml b/verwaltung/docker_vaultwarden/tasks/main.yml
new file mode 100644
index 00000000..8d398186
--- /dev/null
+++ b/verwaltung/docker_vaultwarden/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+
+- include_tasks: ../functions/get_secret.yml
+ with_items:
+ - { path: "{{ basedir }}/secrets/vaultwarden_admin_token", length: 40 }
+ - { path: /srv/shared/noreply_email_pass, length: -1 }
+
+
+- name: "create folder struct for {{ servicename }}"
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - "{{ basedir }}"
+ - "{{ basedir }}/secrets"
+ - "{{ basedir }}/data"
+ - "{{ basedir }}/backup"
+
+
+- name: deploy {{ servicename }} config
+ template:
+ dest: "{{ basedir }}/{{ item }}"
+ src: "{{ item }}"
+ with_items:
+ - docker-compose.yml
+ register: config
+
+
+- name: "stop {{ servicename }} docker"
+ community.docker.docker_compose_v2:
+ project_src: "{{ basedir }}"
+ state: absent
+ when: config.changed
+
+
+- name: "start {{ servicename }} docker"
+ community.docker.docker_compose_v2:
+ project_src: "{{ basedir }}"
+ state: present
diff --git a/verwaltung/docker_vaultwarden/templates/docker-compose.yml b/verwaltung/docker_vaultwarden/templates/docker-compose.yml
new file mode 100644
index 00000000..19daa0d2
--- /dev/null
+++ b/verwaltung/docker_vaultwarden/templates/docker-compose.yml
@@ -0,0 +1,56 @@
+version: '3'
+
+services:
+
+ app:
+
+ image: vaultwarden/server:latest
+ restart: always
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+ - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+ - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+ environment:
+ - ADMIN_TOKEN={{ vaultwarden_admin_token }}
+ - DOMAIN=https://{{ domain }}
+ - INVITATIONS_ALLOWED=false
+ - INVITATION_ORG_NAME=warpzone
+ - LOG_LEVEL=warn
+ - SENDS_ALLOWED=true
+ - SIGNUPS_ALLOWED=false
+ - SMTP_HOST={{ smtp_host }}
+ - SMTP_FROM={{ noreply_email_user }}
+ - SMTP_PORT=587
+ - SMTP_SECURITY=starttls
+ - SMTP_USERNAME={{ noreply_email_user }}
+ - SMTP_PASSWORD={{ noreply_email_pass }}
+ - SIGNUPS_VERIFY=true
+ - SHOW_PASSWORD_HINT=false
+ - TZ=Europe/Berlin
+ - WEBSOCKET_ENABLED=false
+ volumes:
+ - {{ basedir }}/data:/data
+ networks:
+ - web
+ - default
+
+ backup:
+ image: bruceforce/vaultwarden-backup:latest
+ restart: always
+ init: true
+ depends_on:
+ - app
+ volumes:
+ - {{ basedir }}/data:/data/
+ - {{ basedir }}/backup:/backup/
+ environment:
+ - TZ=Europe/Berlin
+ - DELETE_AFTER=30
+ - TIMESTAMP=true
+ - GID=1000
+ - UID=1000
+
+networks:
+ web:
+ external: true
--
GitLab