Initial commit
This commit is contained in:
commit
0a85eae379
|
@ -0,0 +1,50 @@
|
||||||
|
# Role : docker_vaultwarden
|
||||||
|
|
||||||
|
## Services fournis
|
||||||
|
|
||||||
|
- main.yml : Installation de vaultwarden sur un serveur docker_host
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
Fournir les variables suivantes. Par exemple :
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
docker_vaultwarden_fqdn: vaultwarden.example.com
|
||||||
|
docker_vaultwarden_version: 1.29.1
|
||||||
|
docker_vaultwarden_data_dir: /data1
|
||||||
|
docker_vaultwarden_service_id: vaultwarden
|
||||||
|
docker_vaultwarden_db_password: mot_de_passe
|
||||||
|
```
|
||||||
|
|
||||||
|
| Option | Valeur par défaut | Description |
|
||||||
|
|--------------------------------------|-------------------|--------------------------------------------------------------------------------------------|
|
||||||
|
| docker_vaultwarden_fqdn | | Le fqdn pour accéder à vaultwarden |
|
||||||
|
| docker_vaultwarden_version | | Version de l'image vaultwarden |
|
||||||
|
| docker_vaultwarden_data_dir | | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service |
|
||||||
|
| docker_vaultwarden_service_id | | Le nom de service souhaité : conditionne le nommage des dossiers et le routage par traefik |
|
||||||
|
| docker_vaultwarden_db_name | vaultwarden | Le nom souhaité pour la base de données |
|
||||||
|
| docker_vaultwarden_db_user | vaultwarden | Le nom souhaité pour le proprietaire de la base |
|
||||||
|
| docker_vaultwarden_db_password | | Le mot de passe du proprietaire de la base |
|
||||||
|
| docker_vaultwarden_allow_signups | true | Permet d'accepter l'auto inscription des utilisateurs |
|
||||||
|
| docker_vaultwarden_allow_invitations | true | Permet d'inviter d'autres utilisateurs depuis vaultwarden |
|
||||||
|
| docker_vaultwarden_smtp_host | | Adresse du serveur smtp à utiliser |
|
||||||
|
| docker_vaultwarden_smtp_from | | Adresse de l'expéditeur des courriels de vaultwarden |
|
||||||
|
| docker_vaultwarden_smtp_port | | Port du serveur smtp |
|
||||||
|
| docker_vaultwarden_smtp_security | | Type de sécurité pour les connexions smtp |
|
||||||
|
| docker_vaultwarden_smtp_username | | Compte d'utilisateur pour les connexions smtp authentifiées |
|
||||||
|
| docker_vaultwarden_smtp_password | | Mot de passe du compte smtp |
|
||||||
|
| docker_vaultwarden_admin_token | | Mot de passe d'administration (url /admin) |
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Admin token
|
||||||
|
|
||||||
|
Il est possible d'indiquer un admin token "en clair", mais il est préférable d'obtenir un token tel que décrit ici
|
||||||
|
https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
|
||||||
|
|
||||||
|
```
|
||||||
|
docker-compose exec vaultwarden /vaultwarden hash
|
||||||
|
```
|
||||||
|
|
||||||
|
Attention à doubler les caractères $ obtenus au moment de copier/coller le résultat dans la variable `docker_vaultwarden_admin_token` pour que docker-compose ne croie pas avoir à substituer des variables.
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
docker_vaultwarden_db_name: vaultwarden
|
||||||
|
docker_vaultwarden_db_user: vaultwarden
|
||||||
|
|
||||||
|
docker_vaultwarden_allow_signups: true
|
||||||
|
docker_vaultwarden_allow_invitations: true
|
|
@ -0,0 +1,5 @@
|
||||||
|
- name: docker-compose-up
|
||||||
|
shell: |
|
||||||
|
docker-compose up -d
|
||||||
|
args:
|
||||||
|
chdir: /opt/{{ docker_vaultwarden_service_id }}/
|
|
@ -0,0 +1,8 @@
|
||||||
|
galaxy_info:
|
||||||
|
author: Olivier Navas
|
||||||
|
description: Modèle d'installation Libretic pour vaultwarden
|
||||||
|
license: GPL-3.0-only
|
||||||
|
min_ansible_version: 2.9
|
||||||
|
galaxy_tags: []
|
||||||
|
|
||||||
|
dependencies: []
|
|
@ -0,0 +1,17 @@
|
||||||
|
- name: docker directory
|
||||||
|
file:
|
||||||
|
path: /opt/{{ docker_vaultwarden_service_id }}/
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: prepare docker-compose.yml
|
||||||
|
template:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: /opt/{{ docker_vaultwarden_service_id }}/
|
||||||
|
with_items:
|
||||||
|
- docker-compose.yml
|
||||||
|
notify: docker-compose-up
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,54 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
version: '3.5'
|
||||||
|
|
||||||
|
services:
|
||||||
|
vaultwarden:
|
||||||
|
image: vaultwarden/server:{{ docker_vaultwarden_version }}
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
DOMAIN: "https://{{ docker_vaultwarden_fqdn }}"
|
||||||
|
DATABASE_URL: "postgresql://{{ docker_vaultwarden_db_user }}:{{ docker_vaultwarden_db_password }}@db:5432/{{ docker_vaultwarden_db_name }}"
|
||||||
|
SIGNUPS_ALLOWED: "{{ docker_vaultwarden_allow_signups }}"
|
||||||
|
INVITATIONS_ALLOWED: "{{ docker_vaultwarden_allow_invitations }}"
|
||||||
|
SMTP_HOST: "{{ docker_vaultwarden_smtp_host }}"
|
||||||
|
SMTP_FROM: "{{ docker_vaultwarden_smtp_from }}"
|
||||||
|
SMTP_PORT: "{{ docker_vaultwarden_smtp_port }}"
|
||||||
|
SMTP_SECURITY: "{{ docker_vaultwarden_smtp_security }}"
|
||||||
|
SMTP_USERNAME: "{{ docker_vaultwarden_smtp_username }}"
|
||||||
|
SMTP_PASSWORD: "{{ docker_vaultwarden_smtp_password }}"
|
||||||
|
ADMIN_TOKEN: "{{ docker_vaultwarden_admin_token }}"
|
||||||
|
volumes:
|
||||||
|
- {{ docker_vaultwarden_data_dir }}/{{ docker_vaultwarden_service_id }}/vw-data:/data
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=traefik"
|
||||||
|
- "traefik.http.routers.{{ docker_vaultwarden_service_id }}.entrypoints=web"
|
||||||
|
- "traefik.http.routers.{{ docker_vaultwarden_service_id }}.rule=Host(`{{ docker_vaultwarden_fqdn }}`)"
|
||||||
|
- "traefik.http.services.{{ docker_vaultwarden_service_id }}.loadbalancer.server.port=80"
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
networks:
|
||||||
|
- traefik
|
||||||
|
- vaultwarden
|
||||||
|
|
||||||
|
db:
|
||||||
|
restart: always
|
||||||
|
image: postgres:14
|
||||||
|
shm_size: 256mb
|
||||||
|
networks:
|
||||||
|
- vaultwarden
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||||
|
volumes:
|
||||||
|
- {{ docker_vaultwarden_data_dir }}/{{ docker_vaultwarden_service_id }}/db_data:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: "{{ docker_vaultwarden_db_name }}"
|
||||||
|
POSTGRES_USER: "{{ docker_vaultwarden_db_user }}"
|
||||||
|
POSTGRES_PASSWORD: "{{ docker_vaultwarden_db_password }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
traefik:
|
||||||
|
external: true
|
||||||
|
vaultwarden:
|
||||||
|
internal: true
|
Loading…
Reference in New Issue