dmaes.vaultwarden

Panoramica Versioni Approfondimenti

Vaultwarden

UNMAINTAINED

This role is no longer maintained because I don't use it anymore. (I switched to different tools entirely).

I recommend using https://github.com/JensTimmerman/ansible-role-vaultwarden/ instead!

IMPORTANT: This role was previously known as dmaes.bitwardenrs

Since the Bitwarden_RS project changed its name to Vaultwarden, this role has been updated to reflect that (see #12 for more details). We changed all instances of bitwardenrs to vaultwarden in the ansible code, including variables, directories, user, and systemd service.

When making the switch:

  • Stop the old bitwarden_rs service
  • Back up both files and database for safety
  • Update your ansible code to work with the new role
  • Point vaultwarden_directory to the old directory or move files to the new default (/opt/vaultwarden). Also, check vaultwarden_datadir if you're using a custom one.
  • The new vaultwarden user should have the same database permissions as your previous bitwardenrs user.
    • For postgres:
      • su - postgres
      • psql
      • postgres-# GRANT bitwardenrs TO vaultwarden;
  • Run ansible; this will create everything under the new name (user and service, but not directory)
  • Remove the old user and service (and possibly (data)directory)

Build Status

This role builds, installs, and configures Vaultwarden (without Docker).

Only tested on Debian 10 and CentOS 8

Requirements

  • Requirements for the unarchive-module
  • Requirements for the package-module
  • wget or curl
  • jinja => v2.11
  • Systemd (optional)

Role Variables

Variable Description Default value
vaultwarden_directory Where to install Vaultwarden /opt/vaultwarden
vaultwarden_version Which version to install 1.17.0
vaultwarden_webvault Install the patched web vault true
vaultwarden_webvault_version Version of the web vault to install 2.16.1
vaultwarden_build_backend The database type to compile for vaultwarden_version-specific(*)
vaultwarden_force_recompile Force recompile the binary (e.g., if you switched backends on the same server) false
vaultwarden_config Key-value environment variables for the Vaultwarden .env file { DOMAIN: "https://{{ ansible_fqdn }}/" }
vaultwarden_datadir Vaultwarden data directory (does not configure, only creates and is used for things like keys) {{ vaultwarden_directory }}/data
vaultwarden_encryption_key RSA key for encryption (content, not file); use an empty string to not copy, Vaultwarden should generate one if it doesn't exist ""
vaultwarden_force_encryption_key Force changing the encryption key if it already exists (DANGEROUS!) false
vaultwarden_systemd Manage the systemd service {{ ansible_service_mgr == 'systemd' }}
(*) Starting from vaultwarden_version: 1.17.0: defaults to sqlite,mysql,postgresql, before that: defaults to sqlite

Example Playbook

- hosts: servers
  vars:
    vaultwarden_configure: yes
    vaultwarden_port: "443"
    vaultwarden_build_backend: "sqlite,postgresql"
    admin_token: !vault | 
      $ANSIBLE_VAULT;1.1;AES256
      ...
    vaultwarden_config:
      DOMAIN: "https://example.com/"
      DOMAIN_PATH: "/vaultwarden"  # results in a domain of https://example.com/vaultwarden/, needs to start with a '/'
      ADMIN_TOKEN: "{{ admin_token }}"
      DATABASE_URL: "postgresql:///vaultwarden?host=/run/postgresql/"
      SIGNUPS_ALLOWED: 'false'
      SIGNUPS_VERIFY: 'true'
      SIGNUPS_DOMAINS_WHITELIST: 'example.com'
      INVITATIONS_ALLOWED: 'true'
      SMTP_HOST: 'mail.example.com'
      SMTP_FROM: '[email protected]'
      SMTP_FROM_NAME: 'vaultwarden'
  roles:
    - dmaes.vaultwarden

License

MIT

Informazioni sul progetto

Builds, installs and configures Vaultwarden (https://github.com/dani-garcia/vaultwarden) (without Docker)

role password security vaultwarden
Installa
ansible-galaxy install dmaes.vaultwarden
GitHub repository
9 stelle
8 fork
2 problemi aperti
Licenza
mit
Download
101
Proprietario