breuninger.bitwarden

Panoramica Versioni Approfondimenti

Ansible Role: Bitwarden

CI

This role helps you set up Bitwarden using Docker and Docker-Compose through the bitwarden.sh script.

It automates the setup process and uses handlers to manage reconfiguration and updates.

If you need to perform any tasks not included in this role, you can run the setup script directly on the machine. For guidance, refer to the official documentation: https://bitwarden.com/help/article/install-on-premise/

How to Use

To use this role in your playbook, add the following:

- hosts: server
  roles:
    - { role: breuninger.bitwarden }

Known Issues

Certbot

Currently, we only support static TLS certificates for Nginx. The integration with Certbot is not set up. You can suggest adding this feature by submitting a pull request.

Bitwarden Version

The version of Bitwarden in the setup files might differ from what is shown in the repository tags. This is because Bitwarden only updates the version number in the master branch. We are discussing this with Bitwarden for potential changes in their release approach.

SSL Modes

The Bitwarden setup script offers four ways to set up SSL:

  1. User-provided SSL certificate
  2. SSL certificate generated by Let's Encrypt
  3. Self-signed SSL certificate generated by the setup container
  4. No SSL (not recommended for normal use)

User Provided SSL

This is the default mode to maintain compatibility. While the setup script allows untrusted certificates, this role requires a trusted certificate (signed by a CA).

- hosts: server
  roles:
    - role: breuninger.bitwarden
      vars:
        bitwarden_ssl_mode: provided
        bitwarden_nginx_cert_path: /path/to/ssl/cert
        bitwarden_nginx_key_path: /path/to/ssl/key

If you need to support untrusted user-provided certificates, you can add it by modifying defaults/main.yml.

Let's Encrypt SSL

Use the Certbot SSL integration provided in the Bitwarden setup script:

- hosts: server
  roles:
    - role: breuninger.bitwarden
      vars:
        bitwarden_ssl_mode: lets_encrypt
        bitwarden_lets_encrypt_email: [email protected]

Self-Signed SSL

The setup script allows generating a self-signed SSL certificate, but this is not recommended for production environments.

- hosts: server
  roles:
    - role: breuninger.bitwarden
      vars:
        bitwarden_ssl_mode: generate

No SSL

Consider your situation carefully before using this option. It might be appropriate for SSL termination at a reverse proxy.

- hosts: server
  roles:
    - role: breuninger.bitwarden
      vars:
        bitwarden_ssl_mode: disable

Install and configure Bitwarden on your own servers using Docker-Compose.

Table of Contents

Default Variables

bitwarden_domain_name

The domain name for Bitwarden.

Default value

bitwarden_domain_name: localhost

bitwarden_global_env

A map of global Bitwarden environment variables. Each variable is found in the global.override.env file. Refer to https://bitwarden.com/help/article/environment-variables/

Default value

bitwarden_global_env: {}

Example usage

bitwarden_global_env:
  globalSettings__mail__smtp__host: localhost
  globalSettings__mail__smtp__port: 25

bitwarden_lets_encrypt_email

Email address used for Let's Encrypt if bitwarden_ssl_mode is set to "lets_encrypt".

Default value

bitwarden_lets_encrypt_email:

bitwarden_nginx_cert_path

Path to the SSL certificate file for the Nginx container. Required if bitwarden_ssl_mode is "provided". You must provide a valid certificate.

Default value

bitwarden_nginx_cert_path:

bitwarden_nginx_key_path

Path to the SSL key file for the Nginx container. Required if bitwarden_ssl_mode is "provided". You must provide a valid key.

Default value

bitwarden_nginx_key_path:

bitwarden_region

The region used for Bitwarden (Options: US, EU).

Default value

bitwarden_region: US

bitwarden_script_version

Default value

bitwarden_script_version: v2023.12.0

bitwarden_setup_config

Map of configuration values to customize the Bitwarden setup. Change settings in the generated config.yml file.

Default value

bitwarden_setup_config: {}

Example usage

bitwarden_setup_config:
  database_docker_volume: true

bitwarden_ssl_mode

Default value

bitwarden_ssl_mode: provided

bitwarden_ssl_provider

Indicates the SSL mode to use for installation. Options are provided, generate, lets_encrypt, or disable.

bitwarden_test_install_script

A flag to skip downloading the bitwarden.sh script. Useful for testing without hitting Let's Encrypt's rate limit or testing script changes.

Default value

bitwarden_test_install_script: false

Dependencies

None.

License

MIT License

Author

Operations Core Tooling ops-core-tooling@breuninger.de

Informazioni sul progetto

Install and configure bitwarden on premise in docker-compose fashion.

role bitwarden
Installa
ansible-galaxy install breuninger.bitwarden
GitHub repository
10 stelle
4 fork
3 problemi aperti
Licenza
mit
Download
115
Proprietario
E. Breuninger GmbH & Co.
Wir bei Breuninger erfinden uns immer wieder neu. Nur so können wir Menschen jeden Tag aufs Neue für Mode und Lifestyle begeistern.