README.md

@@ -3,7 +3,7 @@
 [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.bitwardenrs_docker?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.bitwardenrs_docker)
 [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
 
-Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) password safe. Bitwarden_RS is a community Bitwarden API server implementation written in Rust. This Role use Docker to setup [Bitwarden](https://gitea.rknet.org/docker/bitwarden_rs) and a [Bitwarden LDAP](https://gitea.rknet.org/docker/bitwarden_rs_ldap) Sync Service (optional).
+Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) password safe. Bitwarden_RS is a community Bitwarden API server implementation written in Rust.
 
 You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/bitwardenrs_docker/).
 

defaults/main.yml

@@ -1,18 +1,57 @@
 ---
-bitwardenrs_version: 1.13
+bitwardenrs_version: latest
-bitwardenrs_service_directory: /var/lib/docker/services/bitwardenrs
-
-bitwardenrs_container_name: bitwardenrs
 bitwardenrs_image: "xoxys/bitwardenrs:{{ bitwardenrs_version }}"
-bitwardenrs_restart_policy: on-failure
+bitwardenrs_base_url: "http://localhost/"
-bitwardenrs_exposed_port: 80
+
-bitwardenrs_exposed_ip: 127.0.0.1
+bitwardenrs_service_directory: /var/lib/docker/services/bitwardenrs
-bitwardenrs_extra_hosts: []
+bitwardenrs_container_name: bitwardenrs
-# @var bitwardenrs_volumes_extra:example: >
+bitwardenrs_restart_policy: always
-# bitwardenrs_volumes_extra:
+bitwardenrs_service_stopped: False
-#   - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z
+
+# @var bitwardenrs_networks:example: >
+# bitwardenrs_networks:
+#   - name: default
+#     # optional network driver, defaults to 'bride'
+#     driver: host
 # @end
-bitwardenrs_volumes_extra: []
+bitwardenrs_networks:
+  - name: default
+
+bitwardenrs_networks_applied:
+  - default
+
+# @var bitwardenrs_volumes:description: > Define required docker volumes.
+# @end
+# @var bitwardenrs_volumes:example: >
+# bitwardenrs_volumes:
+#   # Instead of the name you could specify a path on the container host system,
+#   # but you also have to enable bind mount for this volume
+#   - name: data
+#     # target location inside the container
+#     dest: /var/www/app/data
+#     # enable bind mount, if false volume will be configured as named volume
+#     # keep in mind you MUST set bind in any case
+#     bind: True
+# @end
+bitwardenrs_volumes:
+  - name: data
+    dest: /app/data
+    bind: False
+
+# @var bitwardenrs_websocket_enabled:description: >
+# If you enable websockets you also have to expose port `3012`.
+# @end
+bitwardenrs_websocket_enabled: False
+
+# @var bitwardenrs_exposed_ports:example: >
+# bitwardenrs_exposed_ports:
+#   - "127.0.0.1:8080:8080"
+#   - "127.0.0.1:3012:3012"
+# @end
+bitwardenrs_exposed_ports:
+  - "127.0.0.1:8080:8080"
+
+bitwardenrs_extra_hosts: []
 
 # @var bitwardenrs_memory_limit: $ "_unset_"
 # @var bitwardenrs_memory_limit:example: $ "512m"
@@ -32,12 +71,6 @@ bitwardenrs_healthcheck:
   timeout: 3s
   retries: 3
 
-bitwardenrs_base_url: "http://localhost/"
-
-bitwardenrs_websocket_enabled: False
-bitwardenrs_websocket_exposed_port: 3012
-bitwardenrs_websocket_exposed_ip: 127.0.0.1
-
 # @var bitwardenrs_templates_folder: $ "_unset_"
 bitwardenrs_reload_templates: False
 
@@ -96,42 +129,3 @@ bitwardenrs_db_user: pgbitwardenrs
 bitwardenrs_db_password: secure
 bitwardenrs_db_ssl_mode: disable
 bitwardenrs_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
-
-bitwardenrs_ldap_sync_enabled: False
-bitwardenrs_ldap_container_name: bitwardenrs_ldap
-bitwardenrs_ldap_version: latest
-bitwardenrs_ldap_image: "xoxys/bitwardenrs_ldap:{{ bitwardenrs_ldap_version }}"
-bitwardenrs_ldap_restart_policy: on-failure
-# @var bitwardenrs_ldap_volumes_extra:example: >
-# bitwardenrs_ldap_volumes_extra:
-#   - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z
-# @end
-bitwardenrs_ldap_volumes_extra: []
-
-# @var bitwardenrs_ldap_memory_limit: $ "_unset_"
-# @var bitwardenrs_ldap_memory_limit:example: $ "512m"
-# @var bitwardenrs_ldap_memory_reservation: $ "_unset_"
-# @var bitwardenrs_ldap_memory_reservation:example: $ "256m"
-# @var bitwardenrs_ldap_cpu_shares: $ "_unset_"
-# @var bitwardenrs_ldap_cpu_shares:example: $ "1024"
-
-bitwardenrs_ldap_cap_add: []
-bitwardenrs_ldap_cap_drop: []
-bitwardenrs_ldap_security_opt: []
-# @var bitwardenrs_ldap_pids_limit: $ "_unset_"
-
-bitwardenrs_ldap_bitwarden_url: "{{ bitwardenrs_base_url }}"
-bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_admin_token | default('') }}"
-# @var bitwardenrs_ldap_host: $ "_unset_"
-# @var bitwardenrs_ldap_scheme: $ "_unset_"
-bitwardenrs_ldap_ssl: True
-# @var bitwardenrs_ldap_port: $ "_unset_"
-# @var bitwardenrs_ldap_bind_dn: $ "_unset_"
-# @var bitwardenrs_ldap_bind_password: $ "_unset_"
-# @var bitwardenrs_ldap_search_base_dn: $ "_unset_"
-bitwardenrs_ldap_search_filter: "(&(objectclass=*)(uid=*))"
-bitwardenrs_ldap_mail_field: "mail"
-bitwardenrs_ldap_sync_interval_seconds: 60
-bitwardenrs_ldap_sync_loop: True
-
-bitwardenrs_docker_compose_bin: /usr/local/bin/docker-compose

handlers/main.yml

@@ -1,9 +0,0 @@
----
-- name: Restart container
-  systemd:
-    state: restarted
-    daemon_reload: yes
-    name: bitwardenrs
-  listen: __bitwardenrs_restart
-  become: True
-  become_user: root

meta/main.yml

@@ -9,9 +9,7 @@ galaxy_info:
 # [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.bitwardenrs_docker/src/branch/master/LICENSE)
 #
 # Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) password safe.
-# Bitwarden_RS is a community Bitwarden API server implementation written in Rust. This Role
+# Bitwarden_RS is a community Bitwarden API server implementation written in Rust.
-# use Docker to setup [Bitwarden](https://gitea.rknet.org/docker/bitwarden_rs) and a
-# [Bitwarden LDAP](https://gitea.rknet.org/docker/bitwarden_rs_ldap) Sync Service (optional).
 # @end
   description: Role to setup Bitwarden passsword safe
   license: MIT

molecule/centos7/converge.yml

@@ -1,8 +1,12 @@
 ---
 - name: Converge (Stage 1)
   hosts: all
+  vars:
+    dockerengine_packages_extra:
+      - epel-release
+      - python-pip
+
   roles:
-    - role: xoxys.python3
     - role: xoxys.docker_engine
 
 - name: Converge (Stage 2)

molecule/centos7/requirements.yml

@@ -1,13 +1,8 @@
 ---
-- src: https://gitea.rknet.org/ansible/xoxys.python3.git
-  name: xoxys.python3
-  scm: git
-  version: master
-
 - src: https://gitea.rknet.org/ansible/xoxys.docker_engine.git
   name: xoxys.docker_engine
   scm: git
-  version: master
+  version: refactoring
 
 - src: https://gitea.rknet.org/ansible/xoxys.postgres.git
   name: xoxys.postgres

molecule/centos7/tests/test_default.py

@@ -17,12 +17,12 @@ def test_bitwardenrs_running(host):
 
 def test_bitwardenrs_socket(host):
     # Verify the socket is listening for HTTP traffic
-    assert host.socket("tcp://127.0.0.1:80").is_listening
+    assert host.socket("tcp://127.0.0.1:8080").is_listening
 
 
 def test_bitwardenrs_conn_error(host):
-    code = int(host.run("curl -s -w '%{http_code}' http://localhost/alive -o /dev/null").stdout)
+    code = int(host.run("curl -s -w '%{http_code}' http://127.0.0.1:8080/alive -o /dev/null").stdout)
-    body = host.run("curl -sX GET http://localhost/").stdout
+    body = host.run("curl -sX GET http://127.0.0.1:8080/").stdout
 
     assert code == 200
     assert "Bitwarden Web Vault" in body

tasks/main.yml

@@ -1,4 +1,2 @@
 ---
-- include_tasks: prepare.yml
 - include_tasks: setup.yml
-- include_tasks: post.yml

tasks/post.yml

@@ -1,10 +0,0 @@
----
-- block:
-    - name: Ensure bitwardenrs service is up and running
-      systemd:
-        state: started
-        daemon_reload: yes
-        enabled: yes
-        name: bitwardenrs
-  become: True
-  become_user: root

tasks/prepare.yml

@@ -1,8 +0,0 @@
----
-- name: Ensure service directory exists
-  file:
-    path: "{{ bitwardenrs_service_directory }}"
-    state: directory
-    mode: 0755
-  become: True
-  become_user: root

tasks/setup.yml

@@ -1,20 +1,28 @@
 ---
 - block:
+    - name: Ensure service directory exists
+      file:
+        path: "{{ bitwardenrs_service_directory }}"
+        state: directory
+        mode: 0755
+
     - name: Deploy compose file to '{{ bitwardenrs_service_directory }}'
       template:
-        src: "services/compose.yml.j2"
+        src: "services/bitwardenrs_compose.yml.j2"
         dest: "{{ bitwardenrs_service_directory }}/docker-compose.yml"
         owner: root
         group: root
-        mode: 0644
+        mode: 0640
-        validate: "{{ bitwardenrs_docker_compose_bin }} -f %s config -q"
+        validate: "docker-compose -f %s config -q"
-      notify: __bitwardenrs_restart
 
-    - name: Create systemd unit files
+    - name: Ensure service is up and running
-      template:
+      docker_compose:
-        src: "etc/systemd/system/bitwardenrs.service.j2"
+        project_src: "{{ bitwardenrs_service_directory }}"
-        dest: "/etc/systemd/system/bitwardenrs.service"
+        pull: yes
-        mode: 0644
+        remove_orphans: yes
-      notify: __bitwardenrs_restart
+        stopped: "{{ bitwardenrs_service_stopped }}"
+        state: present
+      # temp. disable changes; breaks idempotency for whatever reason
+      changed_when: False
   become: True
   become_user: root

templates/etc/systemd/system/bitwardenrs.service.j2

@@ -1,22 +0,0 @@
-#jinja2:lstrip_blocks: True
-{{ ansible_managed | comment }}
-[Unit]
-Description=Bitwarden API server in Rust
-Requires=docker.service network-online.target
-After=docker.service network-online.target
-
-[Service]
-WorkingDirectory={{ bitwardenrs_service_directory }}
-Type=simple
-TimeoutStartSec=15min
-Restart={{ bitwardenrs_restart_policy }}
-
-ExecStartPre={{ bitwardenrs_docker_compose_bin }} pull --quiet --ignore-pull-failures
-ExecStart={{ bitwardenrs_docker_compose_bin }} up --remove-orphans
-
-ExecStop={{ bitwardenrs_docker_compose_bin }} down --remove-orphans
-
-ExecReload={{ bitwardenrs_docker_compose_bin }} pull --quiet --ignore-pull-failures
-
-[Install]
-WantedBy=multi-user.target

templates/services/bitwardenrs_compose.yml.j2

@@ -1,27 +1,35 @@
 #jinja2:lstrip_blocks: True
 {{ ansible_managed | comment }}
-version: '2.1'
+version: "2.4"
 
 services:
   bitwardenrs:
     container_name: {{ bitwardenrs_container_name }}
     image: {{ bitwardenrs_image }}
     restart: {{ bitwardenrs_restart_policy }}
+    {% if bitwardenrs_exposed_ports | default([]) %}
     ports:
-      - {{ bitwardenrs_exposed_ip + ':' if bitwardenrs_exposed_ip is defined else '' }}{{ bitwardenrs_exposed_port }}:8080
+      {% for port in bitwardenrs_exposed_ports %}
-    {% if bitwardenrs_websocket_enabled %}
+      - {{ port | quote }}
-      - {{ bitwardenrs_websocket_exposed_ip + ':' if bitwardenrs_websocket_exposed_ip is defined else '' }}{{ bitwardenrs_websocket_exposed_port }}:3012
+      {% endfor %}
     {% endif %}
+    {% if bitwardenrs_volumes | default([]) %}
     volumes:
-      - data:/app/data
+      {% for volume in bitwardenrs_volumes %}
-    {% for volume in bitwardenrs_volumes_extra %}
+      - "{{ volume.name }}:{{ volume.dest }}"
-      - {{ volume }}
+      {% endfor %}
-    {% endfor %}
+    {% endif %}
+    {% if bitwardenrs_networks_applied | default([]) %}
+    networks:
+      {% for network in bitwardenrs_networks_applied %}
+      - {{ network }}
+      {% endfor %}
+    {% endif %}
     {% if bitwardenrs_extra_hosts | default([]) %}
     extra_hosts:
-    {% for host in bitwardenrs_extra_hosts %}
+      {% for host in bitwardenrs_extra_hosts %}
-      - {{ '"' + host + '"' }}
+      - {{ host | quote }}
-    {% endfor %}
+      {% endfor %}
     {% endif %}
     environment:
       - BITWARDENRS_DOMAIN={{ bitwardenrs_base_url }}
@@ -107,68 +115,18 @@ services:
     {% if bitwardenrs_pids_limit is defined %}
     pids_limit: {{ bitwardenrs_pids_limit }}
     {% endif %}
-  {% if bitwardenrs_ldap_sync_enabled %}
+{% if bitwardenrs_volumes | default([]) | rejectattr("bind") | list | length > 0 %}
-
-  bitwardenrs_ldap:
-    container_name: {{ bitwardenrs_ldap_container_name }}
-    image: {{ bitwardenrs_ldap_image }}
-    restart: {{ bitwardenrs_ldap_restart_policy }}
-    {% if bitwardenrs_ldap_volumes_extra %}
-    volumes:
-    {% for volume in bitwardenrs_ldap_volumes_extra %}
-      - {{ volume }}
-    {% endfor %}
-    {% endif %}
-    environment:
-      - BITWARDENRS_LDAP_BITWARDEN_URL={{ bitwardenrs_ldap_bitwarden_url }}
-      - BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN={{ bitwardenrs_ldap_bitwarden_admin_token }}
-      - BITWARDENRS_LDAP_HOST={{ bitwardenrs_ldap_host }}
-      {% if bitwardenrs_ldap_scheme is defined and bitwardenrs_ldap_scheme %}
-      - BITWARDENRS_LDAP_SCHEME={{ bitwardenrs_ldap_scheme }}
-      {% endif %}
-      - BITWARDENRS_LDAP_SSL={{ bitwardenrs_ldap_ssl }}
-      {% if bitwardenrs_ldap_port is defined and bitwardenrs_ldap_port %}
-      - BITWARDENRS_LDAP_PORT={{ bitwardenrs_ldap_port }}
-      {% endif %}
-      - BITWARDENRS_LDAP_BIND_DN={{ bitwardenrs_ldap_bind_dn }}
-      - BITWARDENRS_LDAP_BIND_PASSWORD={{ bitwardenrs_ldap_bind_password }}
-      - BITWARDENRS_LDAP_SEARCH_BASE_DN={{ bitwardenrs_ldap_search_base_dn }}
-      - BITWARDENRS_LDAP_SEARCH_FILTER={{ bitwardenrs_ldap_search_filter }}
-      - BITWARDENRS_LDAP_MAIL_FIELD={{ bitwardenrs_ldap_mail_field }}
-      - BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS={{ bitwardenrs_ldap_sync_interval_seconds }}
-      - BITWARDENRS_LDAP_SYNC_LOOP={{ bitwardenrs_ldap_sync_loop }}
-    {% if bitwardenrs_ldap_memory_limit is defined %}
-    mem_limit: {{ bitwardenrs_ldap_memory_limit }}
-    {% endif %}
-    {% if bitwardenrs_ldap_memory_reservation is defined %}
-    mem_reservation: {{ bitwardenrs_ldap_memory_reservation }}
-    {% endif %}
-    {% if bitwardenrs_ldap_cpu_shares is defined %}
-    cpu_shares: {{ bitwardenrs_ldap_cpu_shares }}
-    {% endif %}
-    {% if not bitwardenrs_ldap_cap_add | length == 0 %}
-    cap_add:
-      {% for item in bitwardenrs_ldap_cap_add %}
-      - {{ item }}
-      {% endfor %}
-    {% endif %}
-    {% if not bitwardenrs_ldap_cap_drop | length == 0  %}
-    cap_drop:
-      {% for item in bitwardenrs_ldap_cap_drop %}
-      - {{ item }}
-      {% endfor %}
-    {% endif %}
-    {% if not bitwardenrs_ldap_security_opt | length == 0 %}
-    security_opt:
-      {% for item in bitwardenrs_ldap_security_opt %}
-      - {{ item }}
-      {% endfor %}
-    {% endif %}
-    {% if bitwardenrs_ldap_pids_limit is defined %}
-    pids_limit: {{ bitwardenrs_ldap_pids_limit }}
-    {% endif %}
-    {% endif %}
 
 volumes:
-  data:
+  {% for volume in bitwardenrs_volumes | rejectattr("bind") %}
-    driver: local
+  {{ volume.name }}:
+  {% endfor %}
+{% endif %}
+{% if bitwardenrs_networks | default([]) | length > 0 %}
+
+networks:
+  {% for network in bitwardenrs_networks %}
+  {{ network.name }}:
+    driver: {{ network.backend | default("bridge") }}
+  {% endfor %}
+{% endif %}