104 lines
2.1 KiB
YAML
104 lines
2.1 KiB
YAML
- name: ensure sqlite command is installed
|
|
package:
|
|
name: sqlite
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure podman is installed
|
|
package:
|
|
name: podman
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure vaultwarden user exists
|
|
user:
|
|
name: vaultwarden
|
|
system: true
|
|
home: /var/lib/vaultwarden
|
|
createhome: false
|
|
register: vaultwarden_user
|
|
tags:
|
|
- user
|
|
- name: cache vaultwarden user fact
|
|
set_fact:
|
|
vaultwarden_user: '{{ vaultwarden_user }}'
|
|
cacheable: true
|
|
|
|
- name: ensure vaultwarden_rs home directory exists
|
|
file:
|
|
path: '{{ vaultwarden_user.home }}'
|
|
owner: '{{ vaultwarden_user.name }}'
|
|
group: '{{ vaultwarden_user.group }}'
|
|
mode: u=rwx,go=
|
|
state: directory
|
|
tags:
|
|
- datadir
|
|
|
|
- name: ensure vaultwarden container image is available
|
|
podman_image:
|
|
name: docker.io/vaultwarden/server
|
|
tag: latest
|
|
state: present
|
|
force: '{{ vaultwarden_update|d|bool }}'
|
|
notify:
|
|
- restart vaultwarden
|
|
tags:
|
|
- container-image
|
|
- container
|
|
|
|
- name: ensure vaultwarden environment is configured
|
|
template:
|
|
src: vaultwarden.sysconfig.j2
|
|
dest: /etc/sysconfig/vaultwarden
|
|
mode: u=rw,go=
|
|
notify:
|
|
- restart vaultwarden
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure vaultwarden systemd unit is installed
|
|
template:
|
|
src: vaultwarden.service.j2
|
|
dest: /etc/systemd/system/vaultwarden.service
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
- restart vaultwarden
|
|
tags:
|
|
- service
|
|
- systemd
|
|
- name: ensure vaultwarden starts at boot
|
|
service:
|
|
name: vaultwarden
|
|
enabled: true
|
|
tags:
|
|
- service
|
|
|
|
- import_tasks: migration.yml # noqa: unnamed-task
|
|
tags:
|
|
- migration
|
|
|
|
- meta: flush_handlers # noqa: unnamed-task
|
|
|
|
- name: ensure vaultwarden is running
|
|
service:
|
|
name: vaultwarden
|
|
state: started
|
|
tags:
|
|
- service
|
|
|
|
- name: ensure apache is allowed to proxy
|
|
seboolean:
|
|
name: httpd_can_network_connect
|
|
persistent: true
|
|
state: true
|
|
- name: ensure apache is configured to proxy for bitwarden
|
|
template:
|
|
src: bitwarden.httpd.conf.j2
|
|
dest: /etc/httpd/conf.d/bitwarden.conf
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload httpd
|