feat(vaultwarden): deploy from quadlet

Related to #51

Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-11-14 16:50:43 +01:00
parent cde2c78a0e
commit e106973211
Signed by: mfocko
SSH key fingerprint: SHA256:icm0fIOSJUpy5+1x23sfr+hLtF9UhY8VpMC7H4WFJP8
7 changed files with 120 additions and 15 deletions

View file

@ -1,3 +1,14 @@
certbot_domains:
- mfocko.xyz
- '*.mfocko.xyz'
vaultwarden_db_user: "{{ vault_vaultwarden_db_user }}"
vaultwarden_db_pass: "{{ vault_vaultwarden_db_pass }}"
vaultwarden_db_host: "{{ vault_vaultwarden_db_host }}"
vaultwarden_db_name: "{{ vault_vaultwarden_db_name }}"
vaultwarden_push_installation_id: "{{ vault_vaultwarden_push_installation_id }}"
vaultwarden_push_installation_key: "{{ vault_vaultwarden_push_installation_key }}"
vaultwarden_yubico_client_id: "{{ vault_vaultwarden_yubico_client_id }}"
vaultwarden_yubico_secret_key: "{{ vault_vaultwarden_yubico_secret_key }}"

View file

@ -1,16 +1,44 @@
$ANSIBLE_VAULT;1.1;AES256
32373735633265643033656563343839666566353330653231353538646537643363373438636664
3535373337356161653838653734616431336539623338630a663766393436343964623737663064
36323130313462306333663932386438613731336163343434333833313065366130313462633532
6533663439313565310a623161333466376166656630323636366435336334316635623138353761
36346539646632326166643935623137363964383036373632616466396239346533626239356565
37613331613238336561326161343163303733393262303230663732386334323232353037396334
34326633663031613837353464616436666663623733386463306164393562613061383031623137
35616564396562653163653938353163306362666530373663373361383434323962656236326164
61376434643365633863363833323665363662633638626663356164383864353064393163383532
65613739373665396333326631323663316561383932666662376137316636363536376532336632
65333562626530643835636561376166653732343731633737363237313263313464656162623138
30623939373930316239366336316466393333656365326135393964396538656638663066393832
65623438343562343332313438306235363839383136376333393933303730316265303133373939
62303838313036333262616438303263663666393063393030646336343239383631396130346361
313061323037333237623965396362373936
38396632393034303131393039353862623439616432616131393366393236386637623764636336
6331326239316563363964663962323034386362623033310a393766613836636634366536383336
33623339626637346130383865643464343363363030323333333639373230326635316461386135
6630326635626138320a353365393832663531663939663238303333646661653266396539326665
31373035373361663939336433393234303730336562653763393063313765626462623364396237
63396234303633663566343237313163313365623066356330346538643830363137636262306430
36363730623363393561353166366262643862316331393631643734643866313135303561396635
30303663373634333436383066323966626462343065613365656633646565333938636336626161
30313864653539373864326363626137306534303930643463353232383163636335326361633164
64623435616338363564653863343335666636653132623331653533666532333334323965303139
30396664663037643362653631386638663532383436366139353537623735303964343361326539
34303432376437376133396434326233636665656365363233613363653261353965333834343031
35653536356239616462613936663335666366623637656662666661663637326261383137356536
65343037363538333162626337396165373064376237646161356432613938616433616430336366
36393561383037633439666430336162613063376339393736346631333664656564663533356164
63363664643261633739646335353336656433303633613363373966353033643436373566323735
62316266333038373334313561363466656563393361623463623262333262346263663136383235
62373666353664303761333764343936306537323262393761373362616633326534303939353936
31653837373935373766386333333937306365356166303538383664633834356438643338363365
32313136636361633938393866306164646339393838346231623938613335613462323261343233
64656564626163303132353934386531383531636461653264613233343836663131346533363365
65333261633662313861636431363133646630663232623636366162386337393839626561613665
33316461633536653361396438363864326562646463396163656362303338376435666365336563
39666636343762656563343936373939363931623364346330666536626334356439393437326136
36313962356435643466333537346461313337653965616562643262336539343265343266303531
36386432373865363036383866366566356239396666323532633235623635326535363663643838
39623632623233613835353139616466623437616461626232343061393461393430623135346238
61316533333330323166303536316332663830373838326635306539323735353537393966356266
39306237373134396164313332356332633064383064623334303236646531383162663835363431
38316332386633356165333062666165613863303766633432613463653333343639333436323666
38306362313434613833363461386236363265646661633237346663353264343538633736373638
33336435316537616536383432646464396134373464316235656436323733333862623238386563
30303034303931636563613133383364663330373733643535393161613530636436386232653461
37383764613866303965306133653561333831323331643666346165646436666636366366356365
39626438306434316534653838316564373664323537386630373830623335613035303632623064
64343031646139616631633930386233303334383766333438323833303232383536636437663338
65643132376434643666626361323765303638363062613463303931626266343236393463313065
62363231363861363634373734326663323139346338663465616465666333323166376130366131
63666237383739363162613139336331653666616633383532613331656464343238323961373633
63383930346665396462633437363830316662633635316463646563393434636165656134343239
39303763353566656365373630366636326333343338313464376133313066373234323038646166
35393231303530303039396162633139366464383462393834613232646631313836396637623461
613966633165366164313336393436663832

View file

@ -0,0 +1,27 @@
---
- name: Install the Vaultwarden quadlets
ansible.builtin.template:
src: "templates/{{ item }}"
dest: "/etc/containers/systemd/{{ item }}"
mode: 0644
owner: root
group: root
loop:
- vaultwarden.container
- vaultwarden.network
- vaultwarden.volume
- name: Install environment file for Vaultwarden
ansible.builtin.template:
src: templates/vaultwarden.ini
dest: /etc/vaultwarden.ini
mode: 0600
owner: root
group: root
- name: Enable the Vaultwarden quadlet
ansible.builtin.systemd_service:
daemon_reload: true
enabled: true
name: vaultwarden.service
state: "started"

View file

@ -0,0 +1,20 @@
[Unit]
Description=Vaultwarden
[Container]
ContainerName=vaultwarden
Image=ghcr.io/dani-garcia/vaultwarden:latest
EnvironmentFile=/etc/vaultwarden.ini
Network=vaultwarden.network
PublishPort=8888:80
PublishPort=3012:3012
Volume=vaultwarden-data:/data
[Service]
Restart=always
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,15 @@
DATABASE_URL=postgresql://{{ vaultwarden_db_user }}:{{ vaultwarden_db_pass | urlencode }}@{{ vaultwarden_db_host }}/{{ vaultwarden_db_name }}
DOMAIN=https://{{ vaultwarden_address }}
PUSH_ENABLED=true
PUSH_INSTALLATION_ID={{ vaultwarden_push_installation_id }}
PUSH_INSTALLATION_KEY={{ vaultwarden_push_installation_key }}
WEBSOCKET_ENABLED=true
YUBICO_CLIENT_ID={{ vaultwarden_yubico_client_id }}
YUBICO_SECRET_KEY={{ vaultwarden_yubico_secret_key }}
# dunno why, but ok…
ROCKET_WORKERS=1

View file

@ -0,0 +1,2 @@
[Network]
NetworkName=vaultwarden

View file

@ -0,0 +1,2 @@
[Volume]
VolumeName=vaultwarden-data