- name: ensure sqlite command is installed package: name: sqlite state: present tags: - install - name: ensure podman is installed package: name: podman state: present tags: - install - name: ensure vaultwarden user exists user: name: vaultwarden system: true home: /var/lib/vaultwarden createhome: false register: vaultwarden_user tags: - user - name: cache vaultwarden user fact set_fact: vaultwarden_user: '{{ vaultwarden_user }}' cacheable: true - name: ensure vaultwarden_rs home directory exists file: path: '{{ vaultwarden_user.home }}' owner: '{{ vaultwarden_user.name }}' group: '{{ vaultwarden_user.group }}' mode: u=rwx,go= state: directory tags: - datadir - name: ensure vaultwarden container image is available podman_image: name: docker.io/vaultwarden/server tag: latest state: present force: '{{ vaultwarden_update|d|bool }}' notify: - restart vaultwarden tags: - container-image - container - name: ensure vaultwarden environment is configured template: src: vaultwarden.sysconfig.j2 dest: /etc/sysconfig/vaultwarden mode: u=rw,go= notify: - restart vaultwarden tags: - config - name: ensure vaultwarden systemd unit is installed template: src: vaultwarden.service.j2 dest: /etc/systemd/system/vaultwarden.service mode: u=rw,go=r notify: - reload systemd - restart vaultwarden tags: - service - systemd - name: ensure vaultwarden starts at boot service: name: vaultwarden enabled: true tags: - service - import_tasks: migration.yml # noqa: unnamed-task tags: - migration - meta: flush_handlers # noqa: unnamed-task - name: ensure vaultwarden is running service: name: vaultwarden state: started tags: - service - name: ensure apache is allowed to proxy seboolean: name: httpd_can_network_connect persistent: true state: true - name: ensure apache is configured to proxy for bitwarden template: src: bitwarden.httpd.conf.j2 dest: /etc/httpd/conf.d/bitwarden.conf mode: u=rw,go=r notify: - reload httpd