From 95950283ecb58093f4f79ae827d5c1cb52f8e7dc Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 20 Jun 2020 15:29:36 +0200 Subject: [PATCH 1/4] remove systemd and use native docker-compose --- defaults/main.yml | 106 +++++++++--------- handlers/main.yml | 9 -- molecule/centos7/converge.yml | 6 +- molecule/centos7/requirements.yml | 7 +- molecule/centos7/tests/test_default.py | 6 +- tasks/main.yml | 2 - tasks/post.yml | 10 -- tasks/prepare.yml | 8 -- tasks/setup.yml | 44 +++++--- .../etc/systemd/system/bitwardenrs.service.j2 | 22 ---- ...pose.yml.j2 => bitwardenrs-compose.yml.j2} | 106 ++++++------------ 11 files changed, 117 insertions(+), 209 deletions(-) delete mode 100644 handlers/main.yml delete mode 100644 tasks/post.yml delete mode 100644 tasks/prepare.yml delete mode 100644 templates/etc/systemd/system/bitwardenrs.service.j2 rename templates/services/{compose.yml.j2 => bitwardenrs-compose.yml.j2} (62%) diff --git a/defaults/main.yml b/defaults/main.yml index 564b1c8..a808a68 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,18 +1,57 @@ --- -bitwardenrs_version: 1.13 -bitwardenrs_service_directory: /var/lib/docker/services/bitwardenrs +bitwardenrs_version: latest +bitwardenrs_image: "xoxys/bitwardenrs:{{ bitwardenrs_version }}" +bitwardenrs_base_url: "http://localhost/" +bitwardenrs_service_directory: /var/lib/docker/services/bitwardenrs bitwardenrs_container_name: bitwardenrs -bitwardenrs_image: "xoxys/bitwardenrs:{{ bitwardenrs_version }}" -bitwardenrs_restart_policy: on-failure -bitwardenrs_exposed_port: 80 -bitwardenrs_exposed_ip: 127.0.0.1 -bitwardenrs_extra_hosts: [] -# @var bitwardenrs_volumes_extra:example: > -# bitwardenrs_volumes_extra: -# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z +bitwardenrs_restart_policy: always +bitwardenrs_service_stopped: False + +# @var bitwardenrs_networks:example: > +# bitwardenrs_networks: +# - name: default +# # optional network driver, defaults to 'bride' +# driver: host # @end -bitwardenrs_volumes_extra: [] +bitwardenrs_networks: + - name: default + +bitwardenrs_networks_applied: + - default + +# @var bitwardenrs_volumes:description: > Define required docker volumes. +# @end +# @var bitwardenrs_volumes:example: > +# bitwardenrs_volumes: +# # Instead of the name you could specify a path on the container host system, +# # but you also have to enable bind mount for this volume +# - name: data +# # target location inside the container +# dest: /var/www/app/data +# # enable bind mount, if false volume will be configured as named volume +# # keep in mind you MUST set bind in any case +# bind: True +# @end +bitwardenrs_volumes: + - name: data + dest: /app/data + bind: False + +# @var bitwardenrs_websocket_enabled:description: > +# If you enable websockets you also have to expose port `3012`. +# @end +bitwardenrs_websocket_enabled: False + +# @var bitwardenrs_exposed_ports:example: > +# bitwardenrs_exposed_ports: +# - "127.0.0.1:8080:8080" +# - "127.0.0.1:3012:3012" +# @end +bitwardenrs_exposed_ports: + - "127.0.0.1:8080:8080" + +bitwardenrs_extra_hosts: [] # @var bitwardenrs_memory_limit: $ "_unset_" # @var bitwardenrs_memory_limit:example: $ "512m" @@ -32,12 +71,6 @@ bitwardenrs_healthcheck: timeout: 3s retries: 3 -bitwardenrs_base_url: "http://localhost/" - -bitwardenrs_websocket_enabled: False -bitwardenrs_websocket_exposed_port: 3012 -bitwardenrs_websocket_exposed_ip: 127.0.0.1 - # @var bitwardenrs_templates_folder: $ "_unset_" bitwardenrs_reload_templates: False @@ -96,42 +129,3 @@ bitwardenrs_db_user: pgbitwardenrs bitwardenrs_db_password: secure bitwardenrs_db_ssl_mode: disable bitwardenrs_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt - -bitwardenrs_ldap_sync_enabled: False -bitwardenrs_ldap_container_name: bitwardenrs_ldap -bitwardenrs_ldap_version: latest -bitwardenrs_ldap_image: "xoxys/bitwardenrs_ldap:{{ bitwardenrs_ldap_version }}" -bitwardenrs_ldap_restart_policy: on-failure -# @var bitwardenrs_ldap_volumes_extra:example: > -# bitwardenrs_ldap_volumes_extra: -# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z -# @end -bitwardenrs_ldap_volumes_extra: [] - -# @var bitwardenrs_ldap_memory_limit: $ "_unset_" -# @var bitwardenrs_ldap_memory_limit:example: $ "512m" -# @var bitwardenrs_ldap_memory_reservation: $ "_unset_" -# @var bitwardenrs_ldap_memory_reservation:example: $ "256m" -# @var bitwardenrs_ldap_cpu_shares: $ "_unset_" -# @var bitwardenrs_ldap_cpu_shares:example: $ "1024" - -bitwardenrs_ldap_cap_add: [] -bitwardenrs_ldap_cap_drop: [] -bitwardenrs_ldap_security_opt: [] -# @var bitwardenrs_ldap_pids_limit: $ "_unset_" - -bitwardenrs_ldap_bitwarden_url: "{{ bitwardenrs_base_url }}" -bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_admin_token | default('') }}" -# @var bitwardenrs_ldap_host: $ "_unset_" -# @var bitwardenrs_ldap_scheme: $ "_unset_" -bitwardenrs_ldap_ssl: True -# @var bitwardenrs_ldap_port: $ "_unset_" -# @var bitwardenrs_ldap_bind_dn: $ "_unset_" -# @var bitwardenrs_ldap_bind_password: $ "_unset_" -# @var bitwardenrs_ldap_search_base_dn: $ "_unset_" -bitwardenrs_ldap_search_filter: "(&(objectclass=*)(uid=*))" -bitwardenrs_ldap_mail_field: "mail" -bitwardenrs_ldap_sync_interval_seconds: 60 -bitwardenrs_ldap_sync_loop: True - -bitwardenrs_docker_compose_bin: /usr/local/bin/docker-compose diff --git a/handlers/main.yml b/handlers/main.yml deleted file mode 100644 index 7af3a5a..0000000 --- a/handlers/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Restart container - systemd: - state: restarted - daemon_reload: yes - name: bitwardenrs - listen: __bitwardenrs_restart - become: True - become_user: root diff --git a/molecule/centos7/converge.yml b/molecule/centos7/converge.yml index 4427622..10f209d 100644 --- a/molecule/centos7/converge.yml +++ b/molecule/centos7/converge.yml @@ -1,8 +1,12 @@ --- - name: Converge (Stage 1) hosts: all + vars: + dockerengine_packages_extra: + - epel-release + - python-pip + roles: - - role: xoxys.python3 - role: xoxys.docker_engine - name: Converge (Stage 2) diff --git a/molecule/centos7/requirements.yml b/molecule/centos7/requirements.yml index 4c0386e..0ab8852 100644 --- a/molecule/centos7/requirements.yml +++ b/molecule/centos7/requirements.yml @@ -1,13 +1,8 @@ --- -- src: https://gitea.rknet.org/ansible/xoxys.python3.git - name: xoxys.python3 - scm: git - version: master - - src: https://gitea.rknet.org/ansible/xoxys.docker_engine.git name: xoxys.docker_engine scm: git - version: master + version: refactoring - src: https://gitea.rknet.org/ansible/xoxys.postgres.git name: xoxys.postgres diff --git a/molecule/centos7/tests/test_default.py b/molecule/centos7/tests/test_default.py index 076c17c..765e4d5 100644 --- a/molecule/centos7/tests/test_default.py +++ b/molecule/centos7/tests/test_default.py @@ -17,12 +17,12 @@ def test_bitwardenrs_running(host): def test_bitwardenrs_socket(host): # Verify the socket is listening for HTTP traffic - assert host.socket("tcp://127.0.0.1:80").is_listening + assert host.socket("tcp://127.0.0.1:8080").is_listening def test_bitwardenrs_conn_error(host): - code = int(host.run("curl -s -w '%{http_code}' http://localhost/alive -o /dev/null").stdout) - body = host.run("curl -sX GET http://localhost/").stdout + code = int(host.run("curl -s -w '%{http_code}' http://127.0.0.1:8080/alive -o /dev/null").stdout) + body = host.run("curl -sX GET http://127.0.0.1:8080/").stdout assert code == 200 assert "Bitwarden Web Vault" in body diff --git a/tasks/main.yml b/tasks/main.yml index 504dbc7..1f69f7a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,2 @@ --- -- include_tasks: prepare.yml - include_tasks: setup.yml -- include_tasks: post.yml diff --git a/tasks/post.yml b/tasks/post.yml deleted file mode 100644 index 4b2f3c0..0000000 --- a/tasks/post.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- block: - - name: Ensure bitwardenrs service is up and running - systemd: - state: started - daemon_reload: yes - enabled: yes - name: bitwardenrs - become: True - become_user: root diff --git a/tasks/prepare.yml b/tasks/prepare.yml deleted file mode 100644 index b486aa8..0000000 --- a/tasks/prepare.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Ensure service directory exists - file: - path: "{{ bitwardenrs_service_directory }}" - state: directory - mode: 0755 - become: True - become_user: root diff --git a/tasks/setup.yml b/tasks/setup.yml index ad3fb16..f8245d8 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,20 +1,28 @@ --- -- block: - - name: Deploy compose file to '{{ bitwardenrs_service_directory }}' - template: - src: "services/compose.yml.j2" - dest: "{{ bitwardenrs_service_directory }}/docker-compose.yml" - owner: root - group: root - mode: 0644 - validate: "{{ bitwardenrs_docker_compose_bin }} -f %s config -q" - notify: __bitwardenrs_restart + - block: + - name: Ensure service directory exists + file: + path: "{{ bitwardenrs_service_directory }}" + state: directory + mode: 0755 - - name: Create systemd unit files - template: - src: "etc/systemd/system/bitwardenrs.service.j2" - dest: "/etc/systemd/system/bitwardenrs.service" - mode: 0644 - notify: __bitwardenrs_restart - become: True - become_user: root + - name: Deploy compose file to '{{ bitwardenrs_service_directory }}' + template: + src: "services/bitwardenrs-compose.yml.j2" + dest: "{{ bitwardenrs_service_directory }}/docker-compose.yml" + owner: root + group: root + mode: 0640 + validate: "docker-compose -f %s config -q" + + - name: Ensure service is up and running + docker_compose: + project_src: "{{ bitwardenrs_service_directory }}" + pull: yes + remove_orphans: yes + stopped: "{{ bitwardenrs_service_stopped }}" + state: present + # temp. disable changes; breaks idempotency for whatever reason + changed_when: False + become: True + become_user: root diff --git a/templates/etc/systemd/system/bitwardenrs.service.j2 b/templates/etc/systemd/system/bitwardenrs.service.j2 deleted file mode 100644 index 5195c30..0000000 --- a/templates/etc/systemd/system/bitwardenrs.service.j2 +++ /dev/null @@ -1,22 +0,0 @@ -#jinja2:lstrip_blocks: True -{{ ansible_managed | comment }} -[Unit] -Description=Bitwarden API server in Rust -Requires=docker.service network-online.target -After=docker.service network-online.target - -[Service] -WorkingDirectory={{ bitwardenrs_service_directory }} -Type=simple -TimeoutStartSec=15min -Restart={{ bitwardenrs_restart_policy }} - -ExecStartPre={{ bitwardenrs_docker_compose_bin }} pull --quiet --ignore-pull-failures -ExecStart={{ bitwardenrs_docker_compose_bin }} up --remove-orphans - -ExecStop={{ bitwardenrs_docker_compose_bin }} down --remove-orphans - -ExecReload={{ bitwardenrs_docker_compose_bin }} pull --quiet --ignore-pull-failures - -[Install] -WantedBy=multi-user.target diff --git a/templates/services/compose.yml.j2 b/templates/services/bitwardenrs-compose.yml.j2 similarity index 62% rename from templates/services/compose.yml.j2 rename to templates/services/bitwardenrs-compose.yml.j2 index 067d5d6..8260b5e 100644 --- a/templates/services/compose.yml.j2 +++ b/templates/services/bitwardenrs-compose.yml.j2 @@ -1,27 +1,35 @@ #jinja2:lstrip_blocks: True {{ ansible_managed | comment }} -version: '2.1' +version: "2.4" services: bitwardenrs: container_name: {{ bitwardenrs_container_name }} image: {{ bitwardenrs_image }} restart: {{ bitwardenrs_restart_policy }} + {% if bitwardenrs_exposed_ports | default([]) %} ports: - - {{ bitwardenrs_exposed_ip + ':' if bitwardenrs_exposed_ip is defined else '' }}{{ bitwardenrs_exposed_port }}:8080 - {% if bitwardenrs_websocket_enabled %} - - {{ bitwardenrs_websocket_exposed_ip + ':' if bitwardenrs_websocket_exposed_ip is defined else '' }}{{ bitwardenrs_websocket_exposed_port }}:3012 + {% for port in bitwardenrs_exposed_ports %} + - {{ port | quote }} + {% endfor %} {% endif %} + {% if bitwardenrs_volumes | default([]) %} volumes: - - data:/app/data - {% for volume in bitwardenrs_volumes_extra %} - - {{ volume }} - {% endfor %} + {% for volume in bitwardenrs_volumes %} + - "{{ volume.name }}:{{ volume.dest }}" + {% endfor %} + {% endif %} + {% if bitwardenrs_networks_applied | default([]) %} + networks: + {% for network in bitwardenrs_networks_applied %} + - {{ network }} + {% endfor %} + {% endif %} {% if bitwardenrs_extra_hosts | default([]) %} extra_hosts: - {% for host in bitwardenrs_extra_hosts %} - - {{ '"' + host + '"' }} - {% endfor %} + {% for host in bitwardenrs_extra_hosts %} + - {{ host | quote }} + {% endfor %} {% endif %} environment: - BITWARDENRS_DOMAIN={{ bitwardenrs_base_url }} @@ -107,68 +115,18 @@ services: {% if bitwardenrs_pids_limit is defined %} pids_limit: {{ bitwardenrs_pids_limit }} {% endif %} - {% if bitwardenrs_ldap_sync_enabled %} - - bitwardenrs_ldap: - container_name: {{ bitwardenrs_ldap_container_name }} - image: {{ bitwardenrs_ldap_image }} - restart: {{ bitwardenrs_ldap_restart_policy }} - {% if bitwardenrs_ldap_volumes_extra %} - volumes: - {% for volume in bitwardenrs_ldap_volumes_extra %} - - {{ volume }} - {% endfor %} - {% endif %} - environment: - - BITWARDENRS_LDAP_BITWARDEN_URL={{ bitwardenrs_ldap_bitwarden_url }} - - BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN={{ bitwardenrs_ldap_bitwarden_admin_token }} - - BITWARDENRS_LDAP_HOST={{ bitwardenrs_ldap_host }} - {% if bitwardenrs_ldap_scheme is defined and bitwardenrs_ldap_scheme %} - - BITWARDENRS_LDAP_SCHEME={{ bitwardenrs_ldap_scheme }} - {% endif %} - - BITWARDENRS_LDAP_SSL={{ bitwardenrs_ldap_ssl }} - {% if bitwardenrs_ldap_port is defined and bitwardenrs_ldap_port %} - - BITWARDENRS_LDAP_PORT={{ bitwardenrs_ldap_port }} - {% endif %} - - BITWARDENRS_LDAP_BIND_DN={{ bitwardenrs_ldap_bind_dn }} - - BITWARDENRS_LDAP_BIND_PASSWORD={{ bitwardenrs_ldap_bind_password }} - - BITWARDENRS_LDAP_SEARCH_BASE_DN={{ bitwardenrs_ldap_search_base_dn }} - - BITWARDENRS_LDAP_SEARCH_FILTER={{ bitwardenrs_ldap_search_filter }} - - BITWARDENRS_LDAP_MAIL_FIELD={{ bitwardenrs_ldap_mail_field }} - - BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS={{ bitwardenrs_ldap_sync_interval_seconds }} - - BITWARDENRS_LDAP_SYNC_LOOP={{ bitwardenrs_ldap_sync_loop }} - {% if bitwardenrs_ldap_memory_limit is defined %} - mem_limit: {{ bitwardenrs_ldap_memory_limit }} - {% endif %} - {% if bitwardenrs_ldap_memory_reservation is defined %} - mem_reservation: {{ bitwardenrs_ldap_memory_reservation }} - {% endif %} - {% if bitwardenrs_ldap_cpu_shares is defined %} - cpu_shares: {{ bitwardenrs_ldap_cpu_shares }} - {% endif %} - {% if not bitwardenrs_ldap_cap_add | length == 0 %} - cap_add: - {% for item in bitwardenrs_ldap_cap_add %} - - {{ item }} - {% endfor %} - {% endif %} - {% if not bitwardenrs_ldap_cap_drop | length == 0 %} - cap_drop: - {% for item in bitwardenrs_ldap_cap_drop %} - - {{ item }} - {% endfor %} - {% endif %} - {% if not bitwardenrs_ldap_security_opt | length == 0 %} - security_opt: - {% for item in bitwardenrs_ldap_security_opt %} - - {{ item }} - {% endfor %} - {% endif %} - {% if bitwardenrs_ldap_pids_limit is defined %} - pids_limit: {{ bitwardenrs_ldap_pids_limit }} - {% endif %} - {% endif %} +{% if bitwardenrs_volumes | default([]) | rejectattr("bind") | list | length > 0 %} volumes: - data: - driver: local + {% for volume in bitwardenrs_volumes | rejectattr("bind") %} + {{ volume.name }}: + {% endfor %} +{% endif %} +{% if bitwardenrs_networks | default([]) | length > 0 %} + +networks: + {% for network in bitwardenrs_networks %} + {{ network.name }}: + driver: {{ network.backend | default("bridge") }} + {% endfor %} +{% endif %} From 9dd0329855f9b78bd28898f12557b38b86d74051 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 20 Jun 2020 15:31:03 +0200 Subject: [PATCH 2/4] fix indentation --- tasks/setup.yml | 50 ++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/tasks/setup.yml b/tasks/setup.yml index f8245d8..eed4204 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,28 +1,28 @@ --- - - block: - - name: Ensure service directory exists - file: - path: "{{ bitwardenrs_service_directory }}" - state: directory - mode: 0755 +- block: + - name: Ensure service directory exists + file: + path: "{{ bitwardenrs_service_directory }}" + state: directory + mode: 0755 - - name: Deploy compose file to '{{ bitwardenrs_service_directory }}' - template: - src: "services/bitwardenrs-compose.yml.j2" - dest: "{{ bitwardenrs_service_directory }}/docker-compose.yml" - owner: root - group: root - mode: 0640 - validate: "docker-compose -f %s config -q" + - name: Deploy compose file to '{{ bitwardenrs_service_directory }}' + template: + src: "services/bitwardenrs-compose.yml.j2" + dest: "{{ bitwardenrs_service_directory }}/docker-compose.yml" + owner: root + group: root + mode: 0640 + validate: "docker-compose -f %s config -q" - - name: Ensure service is up and running - docker_compose: - project_src: "{{ bitwardenrs_service_directory }}" - pull: yes - remove_orphans: yes - stopped: "{{ bitwardenrs_service_stopped }}" - state: present - # temp. disable changes; breaks idempotency for whatever reason - changed_when: False - become: True - become_user: root + - name: Ensure service is up and running + docker_compose: + project_src: "{{ bitwardenrs_service_directory }}" + pull: yes + remove_orphans: yes + stopped: "{{ bitwardenrs_service_stopped }}" + state: present + # temp. disable changes; breaks idempotency for whatever reason + changed_when: False + become: True + become_user: root From bfef2fa4180f48f8c8cc61674533e2c08e63d619 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 20 Jun 2020 17:00:37 +0200 Subject: [PATCH 3/4] rename compose template file --- tasks/setup.yml | 2 +- .../{bitwardenrs-compose.yml.j2 => bitwardenrs_compose.yml.j2} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename templates/services/{bitwardenrs-compose.yml.j2 => bitwardenrs_compose.yml.j2} (100%) diff --git a/tasks/setup.yml b/tasks/setup.yml index eed4204..c8ac1c1 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -8,7 +8,7 @@ - name: Deploy compose file to '{{ bitwardenrs_service_directory }}' template: - src: "services/bitwardenrs-compose.yml.j2" + src: "services/bitwardenrs_compose.yml.j2" dest: "{{ bitwardenrs_service_directory }}/docker-compose.yml" owner: root group: root diff --git a/templates/services/bitwardenrs-compose.yml.j2 b/templates/services/bitwardenrs_compose.yml.j2 similarity index 100% rename from templates/services/bitwardenrs-compose.yml.j2 rename to templates/services/bitwardenrs_compose.yml.j2 From 1da447b1f8b9ed4f53930cb27cf381079959bd0b Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sun, 21 Jun 2020 15:35:01 +0200 Subject: [PATCH 4/4] remove LDAP sync service from documentation --- README.md | 2 +- meta/main.yml | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 14dcfaf..3ac7139 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.bitwardenrs_docker?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.bitwardenrs_docker) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) -Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) password safe. Bitwarden_RS is a community Bitwarden API server implementation written in Rust. This Role use Docker to setup [Bitwarden](https://gitea.rknet.org/docker/bitwarden_rs) and a [Bitwarden LDAP](https://gitea.rknet.org/docker/bitwarden_rs_ldap) Sync Service (optional). +Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) password safe. Bitwarden_RS is a community Bitwarden API server implementation written in Rust. You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/bitwardenrs_docker/). diff --git a/meta/main.yml b/meta/main.yml index 546fba3..b0d11d6 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -9,9 +9,7 @@ galaxy_info: # [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.bitwardenrs_docker/src/branch/master/LICENSE) # # Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) password safe. -# Bitwarden_RS is a community Bitwarden API server implementation written in Rust. This Role -# use Docker to setup [Bitwarden](https://gitea.rknet.org/docker/bitwarden_rs) and a -# [Bitwarden LDAP](https://gitea.rknet.org/docker/bitwarden_rs_ldap) Sync Service (optional). +# Bitwarden_RS is a community Bitwarden API server implementation written in Rust. # @end description: Role to setup Bitwarden passsword safe license: MIT