Compare commits
No commits in common. "main" and "feat-specify-image-version-for-renovate" have entirely different histories.
main
...
feat-speci
|
@ -5,8 +5,7 @@
|
|||
```
|
||||
- bitwarden_version Docker image version to use
|
||||
- bitwarden_domain Fully qualified domain name, e.g. vault.example.tld
|
||||
- bitwarden_project Project name for docker-compose
|
||||
- bitwarden_admin_token Token for admin panel
|
||||
- bitwarden_port_web UI port to run on localhost
|
||||
- bitwarden_port_ws Socket port to run on localhost
|
||||
```
|
||||
```
|
|
@ -1,7 +1,8 @@
|
|||
bitwarden_domain: vault.example.com
|
||||
bitwarden_project: example
|
||||
---
|
||||
|
||||
bitwarden_prefix: pass
|
||||
bitwarden_image: vaultwarden/server
|
||||
bitwarden_version: 1.30.3-alpine
|
||||
bitwarden_version: 1.24.0-alpine
|
||||
bitwarden_port_web: 80
|
||||
bitwarden_port_ws: 3021
|
||||
bitwarden_service_name: bitwarden_{{ bitwarden_project }}
|
||||
domain: example.com
|
||||
|
|
|
@ -1,11 +1,14 @@
|
|||
---
|
||||
galaxy_info:
|
||||
role_name: bitwarden
|
||||
author: thiuda
|
||||
description: Role to deploy bitwarden behind a Nginx reverse proxy
|
||||
description: role to deploy bitwarden behind nginx reverse proxy
|
||||
company: progressivwerk
|
||||
license: MIT
|
||||
min_ansible_version: "2.1"
|
||||
galaxy_tags: [password, vault, bitwarden, nginx, reverse proxy]
|
||||
min_ansible_version: 2.1
|
||||
galaxy_tags: []
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- 10
|
||||
dependencies: []
|
||||
|
||||
|
|
|
@ -1,37 +1,43 @@
|
|||
- name: "Create {{ bitwarden_service_name }} directory if it does not exists"
|
||||
---
|
||||
- name: Create directory if it does not exists
|
||||
become: true
|
||||
file:
|
||||
path: "{{ compose_dir }}/{{ bitwarden_service_name }}"
|
||||
path: "{{ compose_dir }}/bitwarden"
|
||||
state: directory
|
||||
mode: 0755
|
||||
- name: "Place docker-compose file to {{ bitwarden_service_name }}/docker-compose.yml"
|
||||
|
||||
- name: Place docker-compose file
|
||||
become: true
|
||||
template:
|
||||
src: templates/docker-compose.yml.j2
|
||||
dest: "{{ compose_dir }}/{{ bitwarden_service_name }}/docker-compose.yml"
|
||||
dest: "{{ compose_dir }}/bitwarden/docker-compose.yml"
|
||||
mode: 0700
|
||||
- name: "Place bitwarden env file {{ bitwarden_service_name }}/.env"
|
||||
|
||||
- name: Place bitwarden env file
|
||||
become: true
|
||||
template:
|
||||
src: templates/.env.j2
|
||||
dest: "{{ compose_dir }}/{{ bitwarden_service_name }}/.env"
|
||||
dest: "{{ compose_dir }}/bitwarden/.env"
|
||||
mode: 0600
|
||||
|
||||
- name: Update and start services
|
||||
become: true
|
||||
docker_compose:
|
||||
project_src: "{{ compose_dir }}/{{ bitwarden_service_name }}"
|
||||
project_src: "{{ compose_dir }}/bitwarden"
|
||||
pull: true
|
||||
state: present
|
||||
remove_orphans: true
|
||||
register: output
|
||||
|
||||
- name: Check all containers are running
|
||||
assert:
|
||||
that:
|
||||
- "output.ansible_facts.{{ bitwarden_service_name }}.{{ bitwarden_service_name }}.state.running": true
|
||||
- "output.ansible_facts.bitwarden.bitwarden.state.running": true
|
||||
|
||||
- name: Place reverse proxy conf
|
||||
become: true
|
||||
template:
|
||||
src: templates/reverse_proxy.conf.j2
|
||||
dest: "/etc/nginx/conf.d/{{ bitwarden_service_name }}.conf"
|
||||
dest: "/etc/nginx/conf.d/bitwarden.conf"
|
||||
mode: 0600
|
||||
notify: Check and Reload nginx
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
# vim: set ft=yaml
|
||||
# {{ ansible_managed }}
|
||||
# commit: {{ lookup('pipe', 'git rev-parse --short HEAD') }}
|
||||
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
"{{ bitwarden_service_name }}":
|
||||
image: "{{ bitwarden_image }}:{{ bitwarden_version }}"
|
||||
bitwarden:
|
||||
image: {{ bitwarden_image }}:{{ bitwarden_version }}
|
||||
restart: unless-stopped
|
||||
container_name: "{{ bitwarden_service_name }}"
|
||||
hostname: "{{ bitwarden_service_name }}"
|
||||
container_name: bitwarden
|
||||
hostname: bitwarden
|
||||
ports:
|
||||
- "127.0.0.1:{{ bitwarden_port_web }}:80"
|
||||
- "127.0.0.1:{{ bitwarden_port_ws }}:3021"
|
||||
- 127.0.0.1:{{ bitwarden_port_web }}:80
|
||||
- 127.0.0.1:{{ bitwarden_port_ws }}:3021
|
||||
volumes:
|
||||
- data:/data
|
||||
env_file:
|
||||
- ./.env
|
||||
|
||||
volumes:
|
||||
data:
|
||||
name: "{{ bitwarden_service_name }}_data"
|
||||
data:
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
# vim: set ft=nginx
|
||||
# {{ ansible_managed }}
|
||||
# commit: {{ lookup('pipe', 'git rev-parse --short HEAD') }}
|
||||
|
||||
|
@ -7,7 +6,7 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
listen 3012 ssl http2;
|
||||
listen [::]:3012 ssl http2;
|
||||
server_name {{ bitwarden_domain }};
|
||||
server_name {{ bitwarden_prefix }}.{{ domain }};
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
|
@ -18,8 +17,10 @@ server {
|
|||
ssl_prefer_server_ciphers on;
|
||||
ssl_dhparam {{ ssl_dir }}/dhparams.pem;
|
||||
ssl_ecdh_curve secp384r1;
|
||||
ssl_certificate {{ certs_dir }}/{{ bitwarden_domain | get_cert_domain }}/cert.pem;
|
||||
ssl_certificate_key {{ certs_dir }}/{{ bitwarden_domain | get_cert_domain }}/key.pem;
|
||||
ssl_certificate {{ certs_dir }}/{{ domain | get_cert_domain }}/cert.pem;
|
||||
ssl_certificate_key {{ certs_dir }}/{{ domain | get_cert_domain }}/key.pem;
|
||||
ssl_certificate {{ certs_dir }}/{{ domain | get_cert_domain }}/cert.pem;
|
||||
ssl_certificate_key {{ certs_dir }}/{{ domain | get_cert_domain }}/key.pem;
|
||||
|
||||
##
|
||||
# OCSP Stapling
|
||||
|
@ -27,7 +28,7 @@ server {
|
|||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
resolver {{ dns_resolvers }} valid=300s;
|
||||
ssl_trusted_certificate {{ certs_dir }}/{{ bitwarden_domain | get_cert_domain }}/cert.pem;
|
||||
ssl_trusted_certificate {{ certs_dir }}/{{ domain | get_cert_domain }}/cert.pem;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $http_host;
|
||||
|
@ -72,13 +73,13 @@ server {
|
|||
|
||||
|
||||
server {
|
||||
if ($host = {{ bitwarden_domain }}) {
|
||||
if ($host = {{ bitwarden_prefix }}.{{ domain }}) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ bitwarden_domain }};
|
||||
server_name {{ bitwarden_prefix }}.{{ domain }};
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
|
|
Loading…
Reference in New Issue