Compare commits
No commits in common. "main" and "docs" have entirely different histories.
159
.drone.jsonnet
159
.drone.jsonnet
|
@ -1,159 +0,0 @@
|
|||
local PipelineLinting = {
|
||||
kind: 'pipeline',
|
||||
name: 'linting',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'ansible-later',
|
||||
image: 'thegeeklab/ansible-later',
|
||||
commands: [
|
||||
'ansible-later',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'python-format',
|
||||
image: 'python:3.11',
|
||||
environment: {
|
||||
PY_COLORS: 1,
|
||||
},
|
||||
commands: [
|
||||
'pip install -qq yapf',
|
||||
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'python-flake8',
|
||||
image: 'python:3.11',
|
||||
environment: {
|
||||
PY_COLORS: 1,
|
||||
},
|
||||
commands: [
|
||||
'pip install -qq flake8',
|
||||
'flake8',
|
||||
],
|
||||
},
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
};
|
||||
|
||||
local PipelineDeployment(scenario='centos7') = {
|
||||
kind: 'pipeline',
|
||||
name: 'testing-' + scenario,
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
concurrency: {
|
||||
limit: 1,
|
||||
},
|
||||
workspace: {
|
||||
base: '/drone/src',
|
||||
path: '${DRONE_REPO_NAME}',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'ansible-molecule',
|
||||
image: 'thegeeklab/molecule:4',
|
||||
environment: {
|
||||
HCLOUD_TOKEN: { from_secret: 'hcloud_token' },
|
||||
},
|
||||
commands: [
|
||||
'molecule test -s ' + scenario,
|
||||
],
|
||||
},
|
||||
],
|
||||
depends_on: [
|
||||
'linting',
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**'],
|
||||
},
|
||||
};
|
||||
|
||||
local PipelineDocumentation = {
|
||||
kind: 'pipeline',
|
||||
name: 'documentation',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'generate',
|
||||
image: 'thegeeklab/ansible-doctor',
|
||||
environment: {
|
||||
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
|
||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
|
||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
|
||||
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
|
||||
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
|
||||
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'publish',
|
||||
image: 'plugins/gh-pages',
|
||||
settings: {
|
||||
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
|
||||
netrc_machine: 'gitea.rknet.org',
|
||||
username: { from_secret: 'gitea_username' },
|
||||
password: { from_secret: 'gitea_token' },
|
||||
pages_directory: '_docs/',
|
||||
target_branch: 'docs',
|
||||
},
|
||||
when: {
|
||||
ref: ['refs/heads/main'],
|
||||
},
|
||||
},
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
depends_on: [
|
||||
'testing-centos7',
|
||||
],
|
||||
};
|
||||
|
||||
local PipelineNotification = {
|
||||
kind: 'pipeline',
|
||||
name: 'notification',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
clone: {
|
||||
disable: true,
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'matrix',
|
||||
image: 'thegeeklab/drone-matrix',
|
||||
settings: {
|
||||
homeserver: { from_secret: 'matrix_homeserver' },
|
||||
roomid: { from_secret: 'matrix_roomid' },
|
||||
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
|
||||
username: { from_secret: 'matrix_username' },
|
||||
password: { from_secret: 'matrix_password' },
|
||||
},
|
||||
},
|
||||
],
|
||||
depends_on: [
|
||||
'documentation',
|
||||
],
|
||||
trigger: {
|
||||
status: ['success', 'failure'],
|
||||
ref: ['refs/heads/main', 'refs/tags/**'],
|
||||
},
|
||||
};
|
||||
|
||||
[
|
||||
PipelineLinting,
|
||||
PipelineDeployment(scenario='centos7'),
|
||||
PipelineDocumentation,
|
||||
PipelineNotification,
|
||||
]
|
152
.drone.yml
152
.drone.yml
|
@ -1,152 +0,0 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: linting
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: ansible-later
|
||||
image: thegeeklab/ansible-later
|
||||
commands:
|
||||
- ansible-later
|
||||
|
||||
- name: python-format
|
||||
image: python:3.11
|
||||
commands:
|
||||
- pip install -qq yapf
|
||||
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
|
||||
environment:
|
||||
PY_COLORS: 1
|
||||
|
||||
- name: python-flake8
|
||||
image: python:3.11
|
||||
commands:
|
||||
- pip install -qq flake8
|
||||
- flake8
|
||||
environment:
|
||||
PY_COLORS: 1
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: testing-centos7
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
concurrency:
|
||||
limit: 1
|
||||
|
||||
workspace:
|
||||
base: /drone/src
|
||||
path: ${DRONE_REPO_NAME}
|
||||
|
||||
steps:
|
||||
- name: ansible-molecule
|
||||
image: thegeeklab/molecule:4
|
||||
commands:
|
||||
- molecule test -s centos7
|
||||
environment:
|
||||
HCLOUD_TOKEN:
|
||||
from_secret: hcloud_token
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
|
||||
depends_on:
|
||||
- linting
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: documentation
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: generate
|
||||
image: thegeeklab/ansible-doctor
|
||||
environment:
|
||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
|
||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
|
||||
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
|
||||
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
|
||||
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
|
||||
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
|
||||
|
||||
- name: publish
|
||||
image: plugins/gh-pages
|
||||
settings:
|
||||
netrc_machine: gitea.rknet.org
|
||||
pages_directory: _docs/
|
||||
password:
|
||||
from_secret: gitea_token
|
||||
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
|
||||
target_branch: docs
|
||||
username:
|
||||
from_secret: gitea_username
|
||||
when:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- testing-centos7
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: notification
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
clone:
|
||||
disable: true
|
||||
|
||||
steps:
|
||||
- name: matrix
|
||||
image: thegeeklab/drone-matrix
|
||||
settings:
|
||||
homeserver:
|
||||
from_secret: matrix_homeserver
|
||||
password:
|
||||
from_secret: matrix_password
|
||||
roomid:
|
||||
from_secret: matrix_roomid
|
||||
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
|
||||
username:
|
||||
from_secret: matrix_username
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
status:
|
||||
- success
|
||||
- failure
|
||||
|
||||
depends_on:
|
||||
- documentation
|
||||
|
||||
---
|
||||
kind: signature
|
||||
hmac: 31eb9a4c185a37b7847160b41128317fdc3b34a05c2c30acf2b54d50d35d40c6
|
||||
|
||||
...
|
|
@ -1,13 +0,0 @@
|
|||
# ---> Ansible
|
||||
*.retry
|
||||
plugins
|
||||
library
|
||||
|
||||
# ---> Python
|
||||
# Byte-compiled / optimized / DLL files
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
*$py.class
|
||||
|
||||
# ---> Docs
|
||||
/_docs
|
19
.later.yml
19
.later.yml
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
ansible:
|
||||
custom_modules:
|
||||
- iptables_raw
|
||||
- openssl_pkcs12
|
||||
- proxmox_kvm
|
||||
- ucr
|
||||
- corenetworks_dns
|
||||
- corenetworks_token
|
||||
|
||||
rules:
|
||||
exclude_files:
|
||||
- molecule/
|
||||
- "LICENSE*"
|
||||
- "**/*.md"
|
||||
- "**/*.ini"
|
||||
|
||||
exclude_filter:
|
||||
- LINT0009
|
21
LICENSE
21
LICENSE
|
@ -1,21 +0,0 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is furnished
|
||||
to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice (including the next
|
||||
paragraph) shall be included in all copies or substantial portions of the
|
||||
Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
||||
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
||||
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
12
README.md
12
README.md
|
@ -1,12 +0,0 @@
|
|||
# xoxys.vaultwarden_docker
|
||||
|
||||
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.vaultwarden_docker?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.vaultwarden_docker)
|
||||
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
|
||||
|
||||
Role to setup a [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password safe. Vaultwarden is a community Bitwarden API server implementation written in Rust.
|
||||
|
||||
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/vaultwarden_docker/).
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
|
@ -1,131 +0,0 @@
|
|||
---
|
||||
vaultwarden_version: latest
|
||||
vaultwarden_image: "thegeeklab/vaultwarden:{{ vaultwarden_version }}"
|
||||
vaultwarden_base_url: "http://localhost/"
|
||||
|
||||
vaultwarden_service_directory: /var/lib/docker/services/vaultwarden
|
||||
vaultwarden_container_name: vaultwarden
|
||||
vaultwarden_restart_policy: always
|
||||
vaultwarden_service_stopped: False
|
||||
|
||||
# @var vaultwarden_networks:example: >
|
||||
# vaultwarden_networks:
|
||||
# - name: default
|
||||
# # optional network driver, defaults to 'bride'
|
||||
# driver: host
|
||||
# @end
|
||||
vaultwarden_networks:
|
||||
- name: default
|
||||
|
||||
vaultwarden_networks_applied:
|
||||
- default
|
||||
|
||||
# @var vaultwarden_volumes:description: > Define required docker volumes.
|
||||
# @end
|
||||
# @var vaultwarden_volumes:example: >
|
||||
# vaultwarden_volumes:
|
||||
# # Instead of the name you could specify a path on the container host system,
|
||||
# # but you also have to enable bind mount for this volume
|
||||
# - name: data
|
||||
# # target location inside the container
|
||||
# dest: /var/www/app/data
|
||||
# # enable bind mount, if false volume will be configured as named volume
|
||||
# # keep in mind you MUST set bind in any case
|
||||
# bind: True
|
||||
# @end
|
||||
vaultwarden_volumes:
|
||||
- name: data
|
||||
dest: /app/data
|
||||
bind: False
|
||||
|
||||
# @var vaultwarden_websocket_enabled:description: >
|
||||
# If you enable websockets you also have to expose port `3012`.
|
||||
# @end
|
||||
vaultwarden_websocket_enabled: False
|
||||
|
||||
# @var vaultwarden_exposed_ports:example: >
|
||||
# vaultwarden_exposed_ports:
|
||||
# - "127.0.0.1:8080:8080"
|
||||
# - "127.0.0.1:3012:3012"
|
||||
# @end
|
||||
vaultwarden_exposed_ports:
|
||||
- "127.0.0.1:8080:8080"
|
||||
|
||||
vaultwarden_extra_hosts: []
|
||||
|
||||
# @var vaultwarden_memory_limit: $ "_unset_"
|
||||
# @var vaultwarden_memory_limit:example: $ "512m"
|
||||
# @var vaultwarden_memory_reservation: $ "_unset_"
|
||||
# @var vaultwarden_memory_reservation:example: $ "256m"
|
||||
# @var vaultwarden_cpu_shares: $ "_unset_"
|
||||
# @var vaultwarden_cpu_shares:example: $ "1024"
|
||||
|
||||
vaultwarden_cap_add: []
|
||||
vaultwarden_cap_drop: []
|
||||
vaultwarden_security_opt: []
|
||||
# @var vaultwarden_pids_limit: $ "_unset_"
|
||||
|
||||
vaultwarden_healthcheck:
|
||||
test: '["CMD", "/usr/local/bin/healthcheck"]'
|
||||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 3
|
||||
|
||||
# @var vaultwarden_templates_folder: $ "_unset_"
|
||||
vaultwarden_reload_templates: False
|
||||
|
||||
vaultwarden_ip_header: X-Forwarded-For
|
||||
|
||||
vaultwarden_icon_cache_ttl: 2592000
|
||||
vaultwarden_icon_cache_negttl: "{{ vaultwarden_icon_cache_ttl }}"
|
||||
|
||||
vaultwarden_web_vault_enabled: True
|
||||
|
||||
vaultwarden_extended_logging: True
|
||||
vaultwarden_log_level: Info
|
||||
|
||||
vaultwarden_disable_icon_download: False
|
||||
vaultwarden_icon_download_timeout: 10
|
||||
# @var vaultwarden_icon_blacklist_regexl: $ "_unset_"
|
||||
vaultwarden_icon_blacklist_non_global_ips: True
|
||||
|
||||
vaultwarden_disable_2fa_remember: False
|
||||
|
||||
vaultwarden_signups_allowed: False
|
||||
vaultwarden_signups_verify: False
|
||||
vaultwarden_signups_verify_resend_time: 3600
|
||||
vaultwarden_signups_verify_resend_limit: 6
|
||||
# @var vaultwarden_signups_domains_whitelist: $ "_unset_"
|
||||
|
||||
vaultwarden_invitations_allowed: True
|
||||
|
||||
# @var vaultwarden_admin_token: $ "_unset_"
|
||||
|
||||
vaultwarden_password_iterations: 100000
|
||||
vaultwarden_show_password_hint: True
|
||||
|
||||
vaultwarden_authenticator_disable_time_drift: False
|
||||
|
||||
vaultwarden_user_attachment_limit: 1024
|
||||
vaultwarden_org_attachment_limit: 1024
|
||||
|
||||
# @var vaultwarden_smtp_host: $ "_unset_"
|
||||
vaultwarden_smtp_from: "vaultwarden@localhost"
|
||||
vaultwarden_smtp_from_name: "Vaultwarden"
|
||||
vaultwarden_smtp_port: 465
|
||||
vaultwarden_smtp_security: force_tls
|
||||
# @var vaultwarden_smtp_username: $ "_unset_"
|
||||
# @var vaultwarden_smtp_password: $ "_unset_"
|
||||
vaultwarden_smtp_auth_mechanism: plain
|
||||
vaultwarden_smtp_timeout: 15
|
||||
|
||||
# @var vaultwarden_db_server:description: >
|
||||
# This ansible roles does only support postgresql as database"
|
||||
# @end
|
||||
vaultwarden_db_server: localhost
|
||||
vaultwarden_db_port: 5432
|
||||
vaultwarden_db_name: vaultwarden
|
||||
vaultwarden_db_user: pgvaultwarden
|
||||
vaultwarden_db_password: secure
|
||||
vaultwarden_db_ssl_mode: disable
|
||||
vaultwarden_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
|
|
@ -0,0 +1,646 @@
|
|||
---
|
||||
title: vaultwarden_docker
|
||||
type: docs
|
||||
---
|
||||
|
||||
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.vaultwarden_docker) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.vaultwarden_docker?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.vaultwarden_docker) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.vaultwarden_docker/src/branch/main/LICENSE)
|
||||
|
||||
Role to setup a [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password safe. Vaultwarden is a community Bitwarden API server implementation written in Rust.
|
||||
|
||||
<!--more-->
|
||||
|
||||
- [Default Variables](#default-variables)
|
||||
- [vaultwarden_admin_token](#vaultwarden_admin_token)
|
||||
- [vaultwarden_authenticator_disable_time_drift](#vaultwarden_authenticator_disable_time_drift)
|
||||
- [vaultwarden_base_url](#vaultwarden_base_url)
|
||||
- [vaultwarden_cap_add](#vaultwarden_cap_add)
|
||||
- [vaultwarden_cap_drop](#vaultwarden_cap_drop)
|
||||
- [vaultwarden_container_name](#vaultwarden_container_name)
|
||||
- [vaultwarden_cpu_shares](#vaultwarden_cpu_shares)
|
||||
- [vaultwarden_db_name](#vaultwarden_db_name)
|
||||
- [vaultwarden_db_password](#vaultwarden_db_password)
|
||||
- [vaultwarden_db_port](#vaultwarden_db_port)
|
||||
- [vaultwarden_db_server](#vaultwarden_db_server)
|
||||
- [vaultwarden_db_ssl_mode](#vaultwarden_db_ssl_mode)
|
||||
- [vaultwarden_db_ssl_rootcert](#vaultwarden_db_ssl_rootcert)
|
||||
- [vaultwarden_db_user](#vaultwarden_db_user)
|
||||
- [vaultwarden_disable_2fa_remember](#vaultwarden_disable_2fa_remember)
|
||||
- [vaultwarden_disable_icon_download](#vaultwarden_disable_icon_download)
|
||||
- [vaultwarden_exposed_ports](#vaultwarden_exposed_ports)
|
||||
- [vaultwarden_extended_logging](#vaultwarden_extended_logging)
|
||||
- [vaultwarden_extra_hosts](#vaultwarden_extra_hosts)
|
||||
- [vaultwarden_healthcheck](#vaultwarden_healthcheck)
|
||||
- [vaultwarden_icon_blacklist_non_global_ips](#vaultwarden_icon_blacklist_non_global_ips)
|
||||
- [vaultwarden_icon_blacklist_regexl](#vaultwarden_icon_blacklist_regexl)
|
||||
- [vaultwarden_icon_cache_negttl](#vaultwarden_icon_cache_negttl)
|
||||
- [vaultwarden_icon_cache_ttl](#vaultwarden_icon_cache_ttl)
|
||||
- [vaultwarden_icon_download_timeout](#vaultwarden_icon_download_timeout)
|
||||
- [vaultwarden_image](#vaultwarden_image)
|
||||
- [vaultwarden_invitations_allowed](#vaultwarden_invitations_allowed)
|
||||
- [vaultwarden_ip_header](#vaultwarden_ip_header)
|
||||
- [vaultwarden_log_level](#vaultwarden_log_level)
|
||||
- [vaultwarden_memory_limit](#vaultwarden_memory_limit)
|
||||
- [vaultwarden_memory_reservation](#vaultwarden_memory_reservation)
|
||||
- [vaultwarden_networks](#vaultwarden_networks)
|
||||
- [vaultwarden_networks_applied](#vaultwarden_networks_applied)
|
||||
- [vaultwarden_org_attachment_limit](#vaultwarden_org_attachment_limit)
|
||||
- [vaultwarden_password_iterations](#vaultwarden_password_iterations)
|
||||
- [vaultwarden_pids_limit](#vaultwarden_pids_limit)
|
||||
- [vaultwarden_reload_templates](#vaultwarden_reload_templates)
|
||||
- [vaultwarden_restart_policy](#vaultwarden_restart_policy)
|
||||
- [vaultwarden_security_opt](#vaultwarden_security_opt)
|
||||
- [vaultwarden_service_directory](#vaultwarden_service_directory)
|
||||
- [vaultwarden_service_stopped](#vaultwarden_service_stopped)
|
||||
- [vaultwarden_show_password_hint](#vaultwarden_show_password_hint)
|
||||
- [vaultwarden_signups_allowed](#vaultwarden_signups_allowed)
|
||||
- [vaultwarden_signups_domains_whitelist](#vaultwarden_signups_domains_whitelist)
|
||||
- [vaultwarden_signups_verify](#vaultwarden_signups_verify)
|
||||
- [vaultwarden_signups_verify_resend_limit](#vaultwarden_signups_verify_resend_limit)
|
||||
- [vaultwarden_signups_verify_resend_time](#vaultwarden_signups_verify_resend_time)
|
||||
- [vaultwarden_smtp_auth_mechanism](#vaultwarden_smtp_auth_mechanism)
|
||||
- [vaultwarden_smtp_from](#vaultwarden_smtp_from)
|
||||
- [vaultwarden_smtp_from_name](#vaultwarden_smtp_from_name)
|
||||
- [vaultwarden_smtp_host](#vaultwarden_smtp_host)
|
||||
- [vaultwarden_smtp_password](#vaultwarden_smtp_password)
|
||||
- [vaultwarden_smtp_port](#vaultwarden_smtp_port)
|
||||
- [vaultwarden_smtp_security](#vaultwarden_smtp_security)
|
||||
- [vaultwarden_smtp_timeout](#vaultwarden_smtp_timeout)
|
||||
- [vaultwarden_smtp_username](#vaultwarden_smtp_username)
|
||||
- [vaultwarden_templates_folder](#vaultwarden_templates_folder)
|
||||
- [vaultwarden_user_attachment_limit](#vaultwarden_user_attachment_limit)
|
||||
- [vaultwarden_version](#vaultwarden_version)
|
||||
- [vaultwarden_volumes](#vaultwarden_volumes)
|
||||
- [vaultwarden_web_vault_enabled](#vaultwarden_web_vault_enabled)
|
||||
- [vaultwarden_websocket_enabled](#vaultwarden_websocket_enabled)
|
||||
- [Dependencies](#dependencies)
|
||||
|
||||
---
|
||||
|
||||
## Default Variables
|
||||
|
||||
### vaultwarden_admin_token
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_admin_token: _unset_
|
||||
```
|
||||
|
||||
### vaultwarden_authenticator_disable_time_drift
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_authenticator_disable_time_drift: false
|
||||
```
|
||||
|
||||
### vaultwarden_base_url
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_base_url: http://localhost/
|
||||
```
|
||||
|
||||
### vaultwarden_cap_add
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_cap_add: []
|
||||
```
|
||||
|
||||
### vaultwarden_cap_drop
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_cap_drop: []
|
||||
```
|
||||
|
||||
### vaultwarden_container_name
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_container_name: vaultwarden
|
||||
```
|
||||
|
||||
### vaultwarden_cpu_shares
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_cpu_shares: _unset_
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
vaultwarden_cpu_shares: '1024'
|
||||
```
|
||||
|
||||
### vaultwarden_db_name
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_db_name: vaultwarden
|
||||
```
|
||||
|
||||
### vaultwarden_db_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_db_password: secure
|
||||
```
|
||||
|
||||
### vaultwarden_db_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_db_port: 5432
|
||||
```
|
||||
|
||||
### vaultwarden_db_server
|
||||
|
||||
This ansible roles does only support postgresql as database"
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_db_server: localhost
|
||||
```
|
||||
|
||||
### vaultwarden_db_ssl_mode
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_db_ssl_mode: disable
|
||||
```
|
||||
|
||||
### vaultwarden_db_ssl_rootcert
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
|
||||
```
|
||||
|
||||
### vaultwarden_db_user
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_db_user: pgvaultwarden
|
||||
```
|
||||
|
||||
### vaultwarden_disable_2fa_remember
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_disable_2fa_remember: false
|
||||
```
|
||||
|
||||
### vaultwarden_disable_icon_download
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_disable_icon_download: false
|
||||
```
|
||||
|
||||
### vaultwarden_exposed_ports
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_exposed_ports:
|
||||
- 127.0.0.1:8080:8080
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
vaultwarden_exposed_ports:
|
||||
- "127.0.0.1:8080:8080"
|
||||
- "127.0.0.1:3012:3012"
|
||||
```
|
||||
|
||||
### vaultwarden_extended_logging
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_extended_logging: true
|
||||
```
|
||||
|
||||
### vaultwarden_extra_hosts
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_extra_hosts: []
|
||||
```
|
||||
|
||||
### vaultwarden_healthcheck
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_healthcheck:
|
||||
test: '["CMD", "/usr/local/bin/healthcheck"]'
|
||||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 3
|
||||
```
|
||||
|
||||
### vaultwarden_icon_blacklist_non_global_ips
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_icon_blacklist_non_global_ips: true
|
||||
```
|
||||
|
||||
### vaultwarden_icon_blacklist_regexl
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_icon_blacklist_regexl: _unset_
|
||||
```
|
||||
|
||||
### vaultwarden_icon_cache_negttl
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_icon_cache_negttl: '{{ vaultwarden_icon_cache_ttl }}'
|
||||
```
|
||||
|
||||
### vaultwarden_icon_cache_ttl
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_icon_cache_ttl: 2592000
|
||||
```
|
||||
|
||||
### vaultwarden_icon_download_timeout
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_icon_download_timeout: 10
|
||||
```
|
||||
|
||||
### vaultwarden_image
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_image: thegeeklab/vaultwarden:{{ vaultwarden_version }}
|
||||
```
|
||||
|
||||
### vaultwarden_invitations_allowed
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_invitations_allowed: true
|
||||
```
|
||||
|
||||
### vaultwarden_ip_header
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_ip_header: X-Forwarded-For
|
||||
```
|
||||
|
||||
### vaultwarden_log_level
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_log_level: Info
|
||||
```
|
||||
|
||||
### vaultwarden_memory_limit
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_memory_limit: _unset_
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
vaultwarden_memory_limit: 512m
|
||||
```
|
||||
|
||||
### vaultwarden_memory_reservation
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_memory_reservation: _unset_
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
vaultwarden_memory_reservation: 256m
|
||||
```
|
||||
|
||||
### vaultwarden_networks
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_networks:
|
||||
- name: default
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
vaultwarden_networks:
|
||||
- name: default
|
||||
# optional network driver, defaults to 'bride'
|
||||
driver: host
|
||||
```
|
||||
|
||||
### vaultwarden_networks_applied
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_networks_applied:
|
||||
- default
|
||||
```
|
||||
|
||||
### vaultwarden_org_attachment_limit
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_org_attachment_limit: 1024
|
||||
```
|
||||
|
||||
### vaultwarden_password_iterations
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_password_iterations: 100000
|
||||
```
|
||||
|
||||
### vaultwarden_pids_limit
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_pids_limit: _unset_
|
||||
```
|
||||
|
||||
### vaultwarden_reload_templates
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_reload_templates: false
|
||||
```
|
||||
|
||||
### vaultwarden_restart_policy
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_restart_policy: always
|
||||
```
|
||||
|
||||
### vaultwarden_security_opt
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_security_opt: []
|
||||
```
|
||||
|
||||
### vaultwarden_service_directory
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_service_directory: /var/lib/docker/services/vaultwarden
|
||||
```
|
||||
|
||||
### vaultwarden_service_stopped
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_service_stopped: false
|
||||
```
|
||||
|
||||
### vaultwarden_show_password_hint
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_show_password_hint: true
|
||||
```
|
||||
|
||||
### vaultwarden_signups_allowed
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_signups_allowed: false
|
||||
```
|
||||
|
||||
### vaultwarden_signups_domains_whitelist
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_signups_domains_whitelist: _unset_
|
||||
```
|
||||
|
||||
### vaultwarden_signups_verify
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_signups_verify: false
|
||||
```
|
||||
|
||||
### vaultwarden_signups_verify_resend_limit
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_signups_verify_resend_limit: 6
|
||||
```
|
||||
|
||||
### vaultwarden_signups_verify_resend_time
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_signups_verify_resend_time: 3600
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_auth_mechanism
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_auth_mechanism: plain
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_from
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_from: vaultwarden@localhost
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_from_name
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_from_name: Vaultwarden
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_host
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_host: _unset_
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_password: _unset_
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_port: 465
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_security
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_security: force_tls
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_timeout
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_timeout: 15
|
||||
```
|
||||
|
||||
### vaultwarden_smtp_username
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_smtp_username: _unset_
|
||||
```
|
||||
|
||||
### vaultwarden_templates_folder
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_templates_folder: _unset_
|
||||
```
|
||||
|
||||
### vaultwarden_user_attachment_limit
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_user_attachment_limit: 1024
|
||||
```
|
||||
|
||||
### vaultwarden_version
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_version: latest
|
||||
```
|
||||
|
||||
### vaultwarden_volumes
|
||||
|
||||
> Define required docker volumes.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_volumes:
|
||||
- name: data
|
||||
dest: /app/data
|
||||
bind: false
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
vaultwarden_volumes:
|
||||
# Instead of the name you could specify a path on the container host system,
|
||||
# but you also have to enable bind mount for this volume
|
||||
- name: data
|
||||
# target location inside the container
|
||||
dest: /var/www/app/data
|
||||
# enable bind mount, if false volume will be configured as named volume
|
||||
# keep in mind you MUST set bind in any case
|
||||
bind: True
|
||||
```
|
||||
|
||||
### vaultwarden_web_vault_enabled
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_web_vault_enabled: true
|
||||
```
|
||||
|
||||
### vaultwarden_websocket_enabled
|
||||
|
||||
If you enable websockets you also have to expose port `3012`.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
vaultwarden_websocket_enabled: false
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Dependencies
|
||||
|
||||
None.
|
|
@ -1,31 +0,0 @@
|
|||
# Standards: 0.2
|
||||
---
|
||||
galaxy_info:
|
||||
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
|
||||
author: Robert Kaussow <mail@thegeeklab.de>
|
||||
namespace: xoxys
|
||||
role_name: vaultwarden_docker
|
||||
# @meta description: >
|
||||
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.vaultwarden_docker)
|
||||
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.vaultwarden_docker?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.vaultwarden_docker)
|
||||
# [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.vaultwarden_docker/src/branch/main/LICENSE)
|
||||
#
|
||||
# Role to setup a [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password safe.
|
||||
# Vaultwarden is a community Bitwarden API server implementation written in Rust.
|
||||
# @end
|
||||
description: Role to setup Vaultwarden passsword safe
|
||||
license: MIT
|
||||
min_ansible_version: 2.10
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
galaxy_tags:
|
||||
- security
|
||||
- vault
|
||||
- password
|
||||
- save
|
||||
dependencies: []
|
||||
collections:
|
||||
- xoxys.general
|
||||
- community.general
|
|
@ -1,40 +0,0 @@
|
|||
---
|
||||
- name: Converge (Stage 1)
|
||||
hosts: all
|
||||
vars:
|
||||
dockerengine_packages_extra:
|
||||
- epel-release
|
||||
- python-pip
|
||||
- python-virtualenv
|
||||
|
||||
roles:
|
||||
- role: xoxys.docker_engine
|
||||
|
||||
- name: Converge (Stage 2)
|
||||
hosts: all
|
||||
environment:
|
||||
PYTHONPATH: /opt/python2/ansible-deps/lib/python2.7/site-packages
|
||||
vars:
|
||||
postgres_repository_enabled: True
|
||||
postgres_connection_addresses:
|
||||
- "{{ ansible_docker0.ipv4.address }}"
|
||||
postgres_users:
|
||||
- name: "pgvaultwarden"
|
||||
password: "secure"
|
||||
priv: ALL
|
||||
db: "vaultwarden"
|
||||
postgres_dbs:
|
||||
- name: "vaultwarden"
|
||||
postgres_hba_entries_extra:
|
||||
- contype: host
|
||||
databases:
|
||||
- all
|
||||
users:
|
||||
- all
|
||||
address: "172.18.0.0/16"
|
||||
auth_method: md5
|
||||
vaultwarden_db_server: "{{ ansible_docker0.ipv4.address }}"
|
||||
|
||||
roles:
|
||||
- role: xoxys.postgres
|
||||
- role: xoxys.vaultwarden_docker
|
|
@ -1,120 +0,0 @@
|
|||
---
|
||||
- name: Create
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
vars:
|
||||
ssh_port: 22
|
||||
ssh_user: root
|
||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||
tasks:
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: "{{ lookup('env', 'USER') }}"
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ ssh_path }}"
|
||||
force: true
|
||||
register: generated_ssh_key
|
||||
|
||||
- name: Register the SSH key name
|
||||
set_fact:
|
||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||
|
||||
- name: Register SSH key for test instance(s)
|
||||
hcloud_ssh_key:
|
||||
name: "{{ ssh_key_name }}"
|
||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||
state: present
|
||||
|
||||
- name: Create molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.name }}"
|
||||
server_type: "{{ item.server_type }}"
|
||||
ssh_keys:
|
||||
- "{{ ssh_key_name }}"
|
||||
image: "{{ item.image }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||
user_data: "{{ item.user_data | default(omit) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: present
|
||||
register: server
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- name: Create volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.name }}"
|
||||
server: "{{ item.name }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
size: "{{ item.volume_size | default(10) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "present"
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
when: item.volume | default(False) | bool
|
||||
register: volumes
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config dict
|
||||
set_fact:
|
||||
instance_conf_dict:
|
||||
{
|
||||
"instance": "{{ item.hcloud_server.name }}",
|
||||
"ssh_key_name": "{{ ssh_key_name }}",
|
||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||
"user": "{{ ssh_user }}",
|
||||
"port": "{{ ssh_port }}",
|
||||
"identity_file": "{{ ssh_path }}",
|
||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||
}
|
||||
loop: "{{ hetzner_jobs.results }}"
|
||||
register: instance_config_dict
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Convert instance config dict to a list
|
||||
set_fact:
|
||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Wait for SSH
|
||||
wait_for:
|
||||
port: "{{ ssh_port }}"
|
||||
host: "{{ item.address }}"
|
||||
search_regex: SSH
|
||||
delay: 10
|
||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||
|
||||
- name: Wait for VM to settle down
|
||||
pause:
|
||||
seconds: 30
|
|
@ -1,78 +0,0 @@
|
|||
---
|
||||
- name: Destroy
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
tasks:
|
||||
- name: Check existing instance config file
|
||||
stat:
|
||||
path: "{{ molecule_instance_config }}"
|
||||
register: cfg
|
||||
|
||||
- name: Populate the instance config
|
||||
set_fact:
|
||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||
|
||||
- name: Destroy molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: absent
|
||||
register: server
|
||||
loop: "{{ instance_conf }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- pause:
|
||||
seconds: 5
|
||||
|
||||
- name: Destroy volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.instance }}"
|
||||
server: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "absent"
|
||||
register: volumes
|
||||
loop: "{{ instance_conf }}"
|
||||
when: item.volume | default(False) | bool
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
- name: Remove registered SSH key
|
||||
hcloud_ssh_key:
|
||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||
state: absent
|
||||
when: (instance_conf | default([])) | length > 0
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config
|
||||
set_fact:
|
||||
instance_conf: {}
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/requirements.yml
|
||||
requirements-file: molecule/requirements.yml
|
||||
env:
|
||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||
driver:
|
||||
name: delegated
|
||||
platforms:
|
||||
- name: centos7-vaultwarden
|
||||
image: centos-7
|
||||
server_type: cx11
|
||||
lint: |
|
||||
/usr/local/bin/flake8
|
||||
provisioner:
|
||||
name: ansible
|
||||
env:
|
||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||
log: False
|
||||
verifier:
|
||||
name: testinfra
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Bootstrap python for Ansible
|
||||
raw: |
|
||||
command -v python3 python || (
|
||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||
echo "Warning: Python not boostrapped due to unknown platform."
|
||||
)
|
||||
become: true
|
||||
changed_when: false
|
|
@ -1,28 +0,0 @@
|
|||
import os
|
||||
|
||||
import testinfra.utils.ansible_runner
|
||||
|
||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
|
||||
|
||||
def test_vaultwarden_running(host):
|
||||
vaultwarden = host.docker("vaultwarden")
|
||||
|
||||
assert vaultwarden.is_running
|
||||
|
||||
|
||||
def test_vaultwarden_socket(host):
|
||||
# Verify the socket is listening for HTTP traffic
|
||||
assert host.socket("tcp://127.0.0.1:8080").is_listening
|
||||
|
||||
|
||||
def test_vaultwarden_conn_error(host):
|
||||
code = int(
|
||||
host.run("curl -s -w '%{http_code}' http://127.0.0.1:8080/alive -o /dev/null").stdout
|
||||
)
|
||||
body = host.run("curl -sX GET http://127.0.0.1:8080/").stdout
|
||||
|
||||
assert code == 200
|
||||
assert "Bitwarden Web Vault" in body
|
|
@ -1 +0,0 @@
|
|||
centos7
|
|
@ -1,3 +0,0 @@
|
|||
[pytest]
|
||||
filterwarnings =
|
||||
ignore::DeprecationWarning
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
collections:
|
||||
- name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz
|
||||
- name: community.general
|
||||
|
||||
roles:
|
||||
- src: https://gitea.rknet.org/ansible/xoxys.docker_engine.git
|
||||
name: xoxys.docker_engine
|
||||
scm: git
|
||||
version: main
|
||||
|
||||
- src: https://gitea.rknet.org/ansible/xoxys.postgres.git
|
||||
name: xoxys.postgres
|
||||
scm: git
|
||||
version: main
|
12
setup.cfg
12
setup.cfg
|
@ -1,12 +0,0 @@
|
|||
[flake8]
|
||||
ignore = D100, D101, D102, D103, D105, D107, E402, W503
|
||||
max-line-length = 99
|
||||
inline-quotes = double
|
||||
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
|
||||
|
||||
[yapf]
|
||||
based_on_style = google
|
||||
column_limit = 99
|
||||
dedent_closing_brackets = true
|
||||
coalesce_brackets = true
|
||||
split_before_logical_operator = true
|
|
@ -1,2 +0,0 @@
|
|||
---
|
||||
- include_tasks: setup.yml
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
- block:
|
||||
- name: Ensure service directory exists
|
||||
file:
|
||||
path: "{{ vaultwarden_service_directory }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Deploy compose file to '{{ vaultwarden_service_directory }}'
|
||||
template:
|
||||
src: "services/vaultwarden_compose.yml.j2"
|
||||
dest: "{{ vaultwarden_service_directory }}/docker-compose.yml"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0640
|
||||
validate: "docker-compose -f %s config -q"
|
||||
|
||||
- name: Ensure service is up and running
|
||||
docker_compose:
|
||||
project_src: "{{ vaultwarden_service_directory }}"
|
||||
pull: yes
|
||||
remove_orphans: yes
|
||||
stopped: "{{ vaultwarden_service_stopped }}"
|
||||
state: present
|
||||
become: True
|
||||
become_user: root
|
|
@ -1,132 +0,0 @@
|
|||
#jinja2:lstrip_blocks: True
|
||||
{{ ansible_managed | comment }}
|
||||
version: "2.4"
|
||||
|
||||
services:
|
||||
vaultwarden:
|
||||
container_name: {{ vaultwarden_container_name }}
|
||||
image: {{ vaultwarden_image }}
|
||||
restart: {{ vaultwarden_restart_policy }}
|
||||
{% if vaultwarden_exposed_ports | default([]) %}
|
||||
ports:
|
||||
{% for port in vaultwarden_exposed_ports %}
|
||||
- {{ port | quote }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if vaultwarden_volumes | default([]) %}
|
||||
volumes:
|
||||
{% for volume in vaultwarden_volumes %}
|
||||
- "{{ volume.name }}:{{ volume.dest }}"
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if vaultwarden_networks_applied | default([]) %}
|
||||
networks:
|
||||
{% for network in vaultwarden_networks_applied %}
|
||||
- {{ network }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if vaultwarden_extra_hosts | default([]) %}
|
||||
extra_hosts:
|
||||
{% for host in vaultwarden_extra_hosts %}
|
||||
- {{ host | quote }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
environment:
|
||||
- VAULTWARDEN_DOMAIN={{ vaultwarden_base_url }}
|
||||
- VAULTWARDEN_DATABASE_URL=postgresql://{{ vaultwarden_db_user }}:{{ vaultwarden_db_password | urlencode }}@{{ vaultwarden_db_server }}:{{ vaultwarden_db_port }}/{{ vaultwarden_db_name }}?sslmode={{ vaultwarden_db_ssl_mode }}&sslrootcert={{ vaultwarden_db_ssl_rootcert }}
|
||||
- VAULTWARDEN_USER_ATTACHMENT_LIMIT={{ vaultwarden_user_attachment_limit }}
|
||||
- VAULTWARDEN_ORG_ATTACHMENT_LIMIT={{ vaultwarden_org_attachment_limit }}
|
||||
- VAULTWARDEN_WEBSOCKET_ENABLED={{ vaultwarden_websocket_enabled }}
|
||||
{% if vaultwarden_templates_folder is defined and vaultwarden_templates_folder %}
|
||||
- VAULTWARDEN_TEMPLATES_FOLDER={{ vaultwarden_templates_folder }}
|
||||
{% endif %}
|
||||
- VAULTWARDEN_RELOAD_TEMPLATES={{ vaultwarden_reload_templates }}
|
||||
- VAULTWARDEN_IP_HEADER={{ vaultwarden_ip_header }}
|
||||
- VAULTWARDEN_ICON_CACHE_TTL={{ vaultwarden_icon_cache_ttl }}
|
||||
- VAULTWARDEN_ICON_CACHE_NEGTTL="{{ vaultwarden_icon_cache_negttl }}"
|
||||
- VAULTWARDEN_WEB_VAULT_ENABLED={{ vaultwarden_web_vault_enabled }}
|
||||
- VAULTWARDEN_EXTENDED_LOGGING={{ vaultwarden_extended_logging }}
|
||||
- VAULTWARDEN_LOG_LEVEL={{ vaultwarden_log_level }}
|
||||
- VAULTWARDEN_DISABLE_ICON_DOWNLOAD={{ vaultwarden_disable_icon_download }}
|
||||
- VAULTWARDEN_ICON_DOWNLOAD_TIMEOUT={{ vaultwarden_icon_download_timeout }}
|
||||
{% if vaultwarden_icon_blacklist_regexl is defined and vaultwarden_icon_blacklist_regexl %}
|
||||
- VAULTWARDEN_ICON_BLACKLIST_REGEXL={{ vaultwarden_icon_blacklist_regexl }}
|
||||
{% endif %}
|
||||
- VAULTWARDEN_ICON_BLACKLIST_NON_GLOBAL_IPS={{ vaultwarden_icon_blacklist_non_global_ips }}
|
||||
- VAULTWARDEN_DISABLE_2FA_REMEMBER={{ vaultwarden_disable_2fa_remember }}
|
||||
- VAULTWARDEN_SIGNUPS_ALLOWED={{ vaultwarden_signups_allowed }}
|
||||
- VAULTWARDEN_SIGNUPS_VERIFY={{ vaultwarden_signups_verify }}
|
||||
- VAULTWARDEN_SIGNUPS_VERIFY_RESEND_TIME={{ vaultwarden_signups_verify_resend_time }}
|
||||
- VAULTWARDEN_SIGNUPS_VERIFY_RESEND_LIMIT={{ vaultwarden_signups_verify_resend_limit }}
|
||||
{% if vaultwarden_signups_domains_whitelist is defined and vaultwarden_signups_domains_whitelist %}
|
||||
- VAULTWARDEN_SIGNUPS_DOMAINS_WHITELIST={{ vaultwarden_signups_domains_whitelist }}
|
||||
{% endif %}
|
||||
- VAULTWARDEN_INVITATIONS_ALLOWED={{ vaultwarden_invitations_allowed }}
|
||||
{% if vaultwarden_admin_token is defined and vaultwarden_admin_token %}
|
||||
- VAULTWARDEN_ADMIN_TOKEN={{ vaultwarden_admin_token }}
|
||||
{% endif %}
|
||||
- VAULTWARDEN_PASSWORD_ITERATIONS={{ vaultwarden_password_iterations }}
|
||||
- VAULTWARDEN_SHOW_PASSWORD_HINT={{ vaultwarden_show_password_hint }}
|
||||
- VAULTWARDEN_AUTHENTICATOR_DISABLE_TIME_DRIFT={{ vaultwarden_authenticator_disable_time_drift }}
|
||||
{% if vaultwarden_smtp_host is defined and vaultwarden_smtp_host %}
|
||||
- VAULTWARDEN_SMTP_HOST={{ vaultwarden_smtp_host }}
|
||||
- VAULTWARDEN_SMTP_FROM={{ vaultwarden_smtp_from }}
|
||||
- VAULTWARDEN_SMTP_FROM_NAME="{{ vaultwarden_smtp_from_name }}"
|
||||
- VAULTWARDEN_SMTP_PORT={{ vaultwarden_smtp_port }}
|
||||
- VAULTWARDEN_SMTP_SECURITY={{ vaultwarden_smtp_security }}
|
||||
{% if vaultwarden_smtp_username is defined and vaultwarden_smtp_username %}
|
||||
- VAULTWARDEN_SMTP_USERNAME={{ vaultwarden_smtp_username }}
|
||||
- VAULTWARDEN_SMTP_PASSWORD={{ vaultwarden_smtp_password }}
|
||||
{% endif %}
|
||||
- VAULTWARDEN_SMTP_AUTH_MECHANISM={{ vaultwarden_smtp_auth_mechanism }}
|
||||
- VAULTWARDEN_SMTP_TIMEOUT={{ vaultwarden_smtp_timeout }}
|
||||
{% endif %}
|
||||
{% if vaultwarden_memory_limit is defined %}
|
||||
mem_limit: {{ vaultwarden_memory_limit }}
|
||||
{% endif %}
|
||||
{% if vaultwarden_memory_reservation is defined %}
|
||||
mem_reservation: {{ vaultwarden_memory_reservation }}
|
||||
{% endif %}
|
||||
{% if vaultwarden_cpu_shares is defined %}
|
||||
cpu_shares: {{ vaultwarden_cpu_shares }}
|
||||
{% endif %}
|
||||
{% if not vaultwarden_cap_add | length == 0 %}
|
||||
cap_add:
|
||||
{% for item in vaultwarden_cap_add %}
|
||||
- {{ item }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if not vaultwarden_cap_drop | length == 0 %}
|
||||
cap_drop:
|
||||
{% for item in vaultwarden_cap_drop %}
|
||||
- {{ item }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if not vaultwarden_security_opt | length == 0 %}
|
||||
security_opt:
|
||||
{% for item in vaultwarden_security_opt %}
|
||||
- {{ item }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
healthcheck:
|
||||
{% for key, value in vaultwarden_healthcheck.items() %}
|
||||
{{ key }}: {{ value }}
|
||||
{% endfor %}
|
||||
{% if vaultwarden_pids_limit is defined %}
|
||||
pids_limit: {{ vaultwarden_pids_limit }}
|
||||
{% endif %}
|
||||
{% if vaultwarden_volumes | default([]) | rejectattr("bind") | list | length > 0 %}
|
||||
|
||||
volumes:
|
||||
{% for volume in vaultwarden_volumes | rejectattr("bind") %}
|
||||
{{ volume.name }}:
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if vaultwarden_networks | default([]) | length > 0 %}
|
||||
|
||||
networks:
|
||||
{% for network in vaultwarden_networks %}
|
||||
{{ network.name }}:
|
||||
driver: {{ network.backend | default("bridge") }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
Loading…
Reference in New Issue