diff --git a/defaults/main.yml b/defaults/main.yml index 564b1c8..a808a68 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,18 +1,57 @@ --- -bitwardenrs_version: 1.13 -bitwardenrs_service_directory: /var/lib/docker/services/bitwardenrs - -bitwardenrs_container_name: bitwardenrs +bitwardenrs_version: latest bitwardenrs_image: "xoxys/bitwardenrs:{{ bitwardenrs_version }}" -bitwardenrs_restart_policy: on-failure -bitwardenrs_exposed_port: 80 -bitwardenrs_exposed_ip: 127.0.0.1 -bitwardenrs_extra_hosts: [] -# @var bitwardenrs_volumes_extra:example: > -# bitwardenrs_volumes_extra: -# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z +bitwardenrs_base_url: "http://localhost/" + +bitwardenrs_service_directory: /var/lib/docker/services/bitwardenrs +bitwardenrs_container_name: bitwardenrs +bitwardenrs_restart_policy: always +bitwardenrs_service_stopped: False + +# @var bitwardenrs_networks:example: > +# bitwardenrs_networks: +# - name: default +# # optional network driver, defaults to 'bride' +# driver: host # @end -bitwardenrs_volumes_extra: [] +bitwardenrs_networks: + - name: default + +bitwardenrs_networks_applied: + - default + +# @var bitwardenrs_volumes:description: > Define required docker volumes. +# @end +# @var bitwardenrs_volumes:example: > +# bitwardenrs_volumes: +# # Instead of the name you could specify a path on the container host system, +# # but you also have to enable bind mount for this volume +# - name: data +# # target location inside the container +# dest: /var/www/app/data +# # enable bind mount, if false volume will be configured as named volume +# # keep in mind you MUST set bind in any case +# bind: True +# @end +bitwardenrs_volumes: + - name: data + dest: /app/data + bind: False + +# @var bitwardenrs_websocket_enabled:description: > +# If you enable websockets you also have to expose port `3012`. +# @end +bitwardenrs_websocket_enabled: False + +# @var bitwardenrs_exposed_ports:example: > +# bitwardenrs_exposed_ports: +# - "127.0.0.1:8080:8080" +# - "127.0.0.1:3012:3012" +# @end +bitwardenrs_exposed_ports: + - "127.0.0.1:8080:8080" + +bitwardenrs_extra_hosts: [] # @var bitwardenrs_memory_limit: $ "_unset_" # @var bitwardenrs_memory_limit:example: $ "512m" @@ -32,12 +71,6 @@ bitwardenrs_healthcheck: timeout: 3s retries: 3 -bitwardenrs_base_url: "http://localhost/" - -bitwardenrs_websocket_enabled: False -bitwardenrs_websocket_exposed_port: 3012 -bitwardenrs_websocket_exposed_ip: 127.0.0.1 - # @var bitwardenrs_templates_folder: $ "_unset_" bitwardenrs_reload_templates: False @@ -96,42 +129,3 @@ bitwardenrs_db_user: pgbitwardenrs bitwardenrs_db_password: secure bitwardenrs_db_ssl_mode: disable bitwardenrs_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt - -bitwardenrs_ldap_sync_enabled: False -bitwardenrs_ldap_container_name: bitwardenrs_ldap -bitwardenrs_ldap_version: latest -bitwardenrs_ldap_image: "xoxys/bitwardenrs_ldap:{{ bitwardenrs_ldap_version }}" -bitwardenrs_ldap_restart_policy: on-failure -# @var bitwardenrs_ldap_volumes_extra:example: > -# bitwardenrs_ldap_volumes_extra: -# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z -# @end -bitwardenrs_ldap_volumes_extra: [] - -# @var bitwardenrs_ldap_memory_limit: $ "_unset_" -# @var bitwardenrs_ldap_memory_limit:example: $ "512m" -# @var bitwardenrs_ldap_memory_reservation: $ "_unset_" -# @var bitwardenrs_ldap_memory_reservation:example: $ "256m" -# @var bitwardenrs_ldap_cpu_shares: $ "_unset_" -# @var bitwardenrs_ldap_cpu_shares:example: $ "1024" - -bitwardenrs_ldap_cap_add: [] -bitwardenrs_ldap_cap_drop: [] -bitwardenrs_ldap_security_opt: [] -# @var bitwardenrs_ldap_pids_limit: $ "_unset_" - -bitwardenrs_ldap_bitwarden_url: "{{ bitwardenrs_base_url }}" -bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_admin_token | default('') }}" -# @var bitwardenrs_ldap_host: $ "_unset_" -# @var bitwardenrs_ldap_scheme: $ "_unset_" -bitwardenrs_ldap_ssl: True -# @var bitwardenrs_ldap_port: $ "_unset_" -# @var bitwardenrs_ldap_bind_dn: $ "_unset_" -# @var bitwardenrs_ldap_bind_password: $ "_unset_" -# @var bitwardenrs_ldap_search_base_dn: $ "_unset_" -bitwardenrs_ldap_search_filter: "(&(objectclass=*)(uid=*))" -bitwardenrs_ldap_mail_field: "mail" -bitwardenrs_ldap_sync_interval_seconds: 60 -bitwardenrs_ldap_sync_loop: True - -bitwardenrs_docker_compose_bin: /usr/local/bin/docker-compose diff --git a/handlers/main.yml b/handlers/main.yml deleted file mode 100644 index 7af3a5a..0000000 --- a/handlers/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Restart container - systemd: - state: restarted - daemon_reload: yes - name: bitwardenrs - listen: __bitwardenrs_restart - become: True - become_user: root diff --git a/molecule/centos7/converge.yml b/molecule/centos7/converge.yml index 4427622..10f209d 100644 --- a/molecule/centos7/converge.yml +++ b/molecule/centos7/converge.yml @@ -1,8 +1,12 @@ --- - name: Converge (Stage 1) hosts: all + vars: + dockerengine_packages_extra: + - epel-release + - python-pip + roles: - - role: xoxys.python3 - role: xoxys.docker_engine - name: Converge (Stage 2) diff --git a/molecule/centos7/requirements.yml b/molecule/centos7/requirements.yml index 4c0386e..0ab8852 100644 --- a/molecule/centos7/requirements.yml +++ b/molecule/centos7/requirements.yml @@ -1,13 +1,8 @@ --- -- src: https://gitea.rknet.org/ansible/xoxys.python3.git - name: xoxys.python3 - scm: git - version: master - - src: https://gitea.rknet.org/ansible/xoxys.docker_engine.git name: xoxys.docker_engine scm: git - version: master + version: refactoring - src: https://gitea.rknet.org/ansible/xoxys.postgres.git name: xoxys.postgres diff --git a/molecule/centos7/tests/test_default.py b/molecule/centos7/tests/test_default.py index 076c17c..765e4d5 100644 --- a/molecule/centos7/tests/test_default.py +++ b/molecule/centos7/tests/test_default.py @@ -17,12 +17,12 @@ def test_bitwardenrs_running(host): def test_bitwardenrs_socket(host): # Verify the socket is listening for HTTP traffic - assert host.socket("tcp://127.0.0.1:80").is_listening + assert host.socket("tcp://127.0.0.1:8080").is_listening def test_bitwardenrs_conn_error(host): - code = int(host.run("curl -s -w '%{http_code}' http://localhost/alive -o /dev/null").stdout) - body = host.run("curl -sX GET http://localhost/").stdout + code = int(host.run("curl -s -w '%{http_code}' http://127.0.0.1:8080/alive -o /dev/null").stdout) + body = host.run("curl -sX GET http://127.0.0.1:8080/").stdout assert code == 200 assert "Bitwarden Web Vault" in body diff --git a/tasks/main.yml b/tasks/main.yml index 504dbc7..1f69f7a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,2 @@ --- -- include_tasks: prepare.yml - include_tasks: setup.yml -- include_tasks: post.yml diff --git a/tasks/post.yml b/tasks/post.yml deleted file mode 100644 index 4b2f3c0..0000000 --- a/tasks/post.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- block: - - name: Ensure bitwardenrs service is up and running - systemd: - state: started - daemon_reload: yes - enabled: yes - name: bitwardenrs - become: True - become_user: root diff --git a/tasks/prepare.yml b/tasks/prepare.yml deleted file mode 100644 index b486aa8..0000000 --- a/tasks/prepare.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Ensure service directory exists - file: - path: "{{ bitwardenrs_service_directory }}" - state: directory - mode: 0755 - become: True - become_user: root diff --git a/tasks/setup.yml b/tasks/setup.yml index ad3fb16..f8245d8 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,20 +1,28 @@ --- -- block: - - name: Deploy compose file to '{{ bitwardenrs_service_directory }}' - template: - src: "services/compose.yml.j2" - dest: "{{ bitwardenrs_service_directory }}/docker-compose.yml" - owner: root - group: root - mode: 0644 - validate: "{{ bitwardenrs_docker_compose_bin }} -f %s config -q" - notify: __bitwardenrs_restart + - block: + - name: Ensure service directory exists + file: + path: "{{ bitwardenrs_service_directory }}" + state: directory + mode: 0755 - - name: Create systemd unit files - template: - src: "etc/systemd/system/bitwardenrs.service.j2" - dest: "/etc/systemd/system/bitwardenrs.service" - mode: 0644 - notify: __bitwardenrs_restart - become: True - become_user: root + - name: Deploy compose file to '{{ bitwardenrs_service_directory }}' + template: + src: "services/bitwardenrs-compose.yml.j2" + dest: "{{ bitwardenrs_service_directory }}/docker-compose.yml" + owner: root + group: root + mode: 0640 + validate: "docker-compose -f %s config -q" + + - name: Ensure service is up and running + docker_compose: + project_src: "{{ bitwardenrs_service_directory }}" + pull: yes + remove_orphans: yes + stopped: "{{ bitwardenrs_service_stopped }}" + state: present + # temp. disable changes; breaks idempotency for whatever reason + changed_when: False + become: True + become_user: root diff --git a/templates/etc/systemd/system/bitwardenrs.service.j2 b/templates/etc/systemd/system/bitwardenrs.service.j2 deleted file mode 100644 index 5195c30..0000000 --- a/templates/etc/systemd/system/bitwardenrs.service.j2 +++ /dev/null @@ -1,22 +0,0 @@ -#jinja2:lstrip_blocks: True -{{ ansible_managed | comment }} -[Unit] -Description=Bitwarden API server in Rust -Requires=docker.service network-online.target -After=docker.service network-online.target - -[Service] -WorkingDirectory={{ bitwardenrs_service_directory }} -Type=simple -TimeoutStartSec=15min -Restart={{ bitwardenrs_restart_policy }} - -ExecStartPre={{ bitwardenrs_docker_compose_bin }} pull --quiet --ignore-pull-failures -ExecStart={{ bitwardenrs_docker_compose_bin }} up --remove-orphans - -ExecStop={{ bitwardenrs_docker_compose_bin }} down --remove-orphans - -ExecReload={{ bitwardenrs_docker_compose_bin }} pull --quiet --ignore-pull-failures - -[Install] -WantedBy=multi-user.target diff --git a/templates/services/compose.yml.j2 b/templates/services/bitwardenrs-compose.yml.j2 similarity index 62% rename from templates/services/compose.yml.j2 rename to templates/services/bitwardenrs-compose.yml.j2 index 067d5d6..8260b5e 100644 --- a/templates/services/compose.yml.j2 +++ b/templates/services/bitwardenrs-compose.yml.j2 @@ -1,27 +1,35 @@ #jinja2:lstrip_blocks: True {{ ansible_managed | comment }} -version: '2.1' +version: "2.4" services: bitwardenrs: container_name: {{ bitwardenrs_container_name }} image: {{ bitwardenrs_image }} restart: {{ bitwardenrs_restart_policy }} + {% if bitwardenrs_exposed_ports | default([]) %} ports: - - {{ bitwardenrs_exposed_ip + ':' if bitwardenrs_exposed_ip is defined else '' }}{{ bitwardenrs_exposed_port }}:8080 - {% if bitwardenrs_websocket_enabled %} - - {{ bitwardenrs_websocket_exposed_ip + ':' if bitwardenrs_websocket_exposed_ip is defined else '' }}{{ bitwardenrs_websocket_exposed_port }}:3012 + {% for port in bitwardenrs_exposed_ports %} + - {{ port | quote }} + {% endfor %} {% endif %} + {% if bitwardenrs_volumes | default([]) %} volumes: - - data:/app/data - {% for volume in bitwardenrs_volumes_extra %} - - {{ volume }} - {% endfor %} + {% for volume in bitwardenrs_volumes %} + - "{{ volume.name }}:{{ volume.dest }}" + {% endfor %} + {% endif %} + {% if bitwardenrs_networks_applied | default([]) %} + networks: + {% for network in bitwardenrs_networks_applied %} + - {{ network }} + {% endfor %} + {% endif %} {% if bitwardenrs_extra_hosts | default([]) %} extra_hosts: - {% for host in bitwardenrs_extra_hosts %} - - {{ '"' + host + '"' }} - {% endfor %} + {% for host in bitwardenrs_extra_hosts %} + - {{ host | quote }} + {% endfor %} {% endif %} environment: - BITWARDENRS_DOMAIN={{ bitwardenrs_base_url }} @@ -107,68 +115,18 @@ services: {% if bitwardenrs_pids_limit is defined %} pids_limit: {{ bitwardenrs_pids_limit }} {% endif %} - {% if bitwardenrs_ldap_sync_enabled %} - - bitwardenrs_ldap: - container_name: {{ bitwardenrs_ldap_container_name }} - image: {{ bitwardenrs_ldap_image }} - restart: {{ bitwardenrs_ldap_restart_policy }} - {% if bitwardenrs_ldap_volumes_extra %} - volumes: - {% for volume in bitwardenrs_ldap_volumes_extra %} - - {{ volume }} - {% endfor %} - {% endif %} - environment: - - BITWARDENRS_LDAP_BITWARDEN_URL={{ bitwardenrs_ldap_bitwarden_url }} - - BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN={{ bitwardenrs_ldap_bitwarden_admin_token }} - - BITWARDENRS_LDAP_HOST={{ bitwardenrs_ldap_host }} - {% if bitwardenrs_ldap_scheme is defined and bitwardenrs_ldap_scheme %} - - BITWARDENRS_LDAP_SCHEME={{ bitwardenrs_ldap_scheme }} - {% endif %} - - BITWARDENRS_LDAP_SSL={{ bitwardenrs_ldap_ssl }} - {% if bitwardenrs_ldap_port is defined and bitwardenrs_ldap_port %} - - BITWARDENRS_LDAP_PORT={{ bitwardenrs_ldap_port }} - {% endif %} - - BITWARDENRS_LDAP_BIND_DN={{ bitwardenrs_ldap_bind_dn }} - - BITWARDENRS_LDAP_BIND_PASSWORD={{ bitwardenrs_ldap_bind_password }} - - BITWARDENRS_LDAP_SEARCH_BASE_DN={{ bitwardenrs_ldap_search_base_dn }} - - BITWARDENRS_LDAP_SEARCH_FILTER={{ bitwardenrs_ldap_search_filter }} - - BITWARDENRS_LDAP_MAIL_FIELD={{ bitwardenrs_ldap_mail_field }} - - BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS={{ bitwardenrs_ldap_sync_interval_seconds }} - - BITWARDENRS_LDAP_SYNC_LOOP={{ bitwardenrs_ldap_sync_loop }} - {% if bitwardenrs_ldap_memory_limit is defined %} - mem_limit: {{ bitwardenrs_ldap_memory_limit }} - {% endif %} - {% if bitwardenrs_ldap_memory_reservation is defined %} - mem_reservation: {{ bitwardenrs_ldap_memory_reservation }} - {% endif %} - {% if bitwardenrs_ldap_cpu_shares is defined %} - cpu_shares: {{ bitwardenrs_ldap_cpu_shares }} - {% endif %} - {% if not bitwardenrs_ldap_cap_add | length == 0 %} - cap_add: - {% for item in bitwardenrs_ldap_cap_add %} - - {{ item }} - {% endfor %} - {% endif %} - {% if not bitwardenrs_ldap_cap_drop | length == 0 %} - cap_drop: - {% for item in bitwardenrs_ldap_cap_drop %} - - {{ item }} - {% endfor %} - {% endif %} - {% if not bitwardenrs_ldap_security_opt | length == 0 %} - security_opt: - {% for item in bitwardenrs_ldap_security_opt %} - - {{ item }} - {% endfor %} - {% endif %} - {% if bitwardenrs_ldap_pids_limit is defined %} - pids_limit: {{ bitwardenrs_ldap_pids_limit }} - {% endif %} - {% endif %} +{% if bitwardenrs_volumes | default([]) | rejectattr("bind") | list | length > 0 %} volumes: - data: - driver: local + {% for volume in bitwardenrs_volumes | rejectattr("bind") %} + {{ volume.name }}: + {% endfor %} +{% endif %} +{% if bitwardenrs_networks | default([]) | length > 0 %} + +networks: + {% for network in bitwardenrs_networks %} + {{ network.name }}: + driver: {{ network.backend | default("bridge") }} + {% endfor %} +{% endif %}