✨ (vaultwarden): Added Vaultwarden service as a Ansible task

theobori · May 8, 2024 · b5a4835 · b5a4835
1 parent 3a18603
commit b5a4835
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -73,3 +73,16 @@ ansible-galaxy install -r requirements.yml
 #### LibreSpeed
 
 - **`librespeed_password`**: LibreSpeed password.
+
+#### Mailer
+
+- **`mailer_smtp_host`**: Mailer SMTP host.
+- **`mailer_smtp_from`**: Mailer SMTP email address.
+- **`mailer_smtp_port`**: Mailer SMTP port.
+- **`mailer_smtp_security`**: Mailer SMTP, force_tls or start_tls.
+- **`mailer_smtp_username`**: Mailer SMTP username.
+- **`mailer_smtp_password`**: Mailer SMTP password.
+
+#### Vaultwarden
+
+- **`vaultwarden_admin_token`**: Vaultwarden admin token.
diff --git a/group_vars/all/mailer.yml b/group_vars/all/mailer.yml
@@ -0,0 +1,6 @@
+mailer_smtp_host: "mailer_smtp_host"
+mailer_smtp_from: "mailer_smtp_from"
+mailer_smtp_port: "mailer_smtp_port"
+mailer_smtp_security: "mailer_smtp_security"
+mailer_smtp_username: "mailer_smtp_username"
+mailer_smtp_password: "mailer_smtp_password"
diff --git a/group_vars/all/vaultwarden.yml b/group_vars/all/vaultwarden.yml
@@ -0,0 +1 @@
+vaultwarden_admin_token: "vaultwarden_admin_token"
diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml
@@ -14,5 +14,6 @@
     - uptime_kuma
     - wireguard
     - librespeed
+    - vaultwarden
   loop_control:
     loop_var: task_name
diff --git a/roles/services/tasks/vaultwarden.yml b/roles/services/tasks/vaultwarden.yml
@@ -0,0 +1,39 @@
+- name: Create the Vaultwarden application directories
+  ansible.builtin.file:
+    path: "{{ docker_dir }}/vaultwarden/data/data"
+    state: directory
+    mode: "0755"
+
+- name: Create Vaultwarden container managed by Docker
+  community.docker.docker_container:
+    name: vaultwarden
+    image: vaultwarden/server
+    state: started
+    env:
+      ADMIN_TOKEN: "{{ vaultwarden_admin_token }}"
+      WEBSOCKET_ENABLED: "true"
+      SIGNUPS_ALLOWED: "true"
+      SMTP_HOST: "{{ mailer_smtp_host }}"
+      SMTP_FROM: "{{ mailer_smtp_from }}"
+      SMTP_PORT: "{{ mailer_smtp_port }}"
+      SMTP_SECURITY: "{{ mailer_smtp_security }}"
+      SMTP_USERNAME: "{{ mailer_smtp_username }}"
+      SMTP_PASSWORD: "{{ mailer_smtp_password }}"
+      DOMAIN: "https://vaultwarden.{{ domain }}"
+    volumes:
+      - "{{ docker_dir }}/vaultwarden/data/data:/data:rw"
+    restart_policy: unless-stopped
+    networks:
+      - name: homelab
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.vaultwarden-secure.middlewares: "authentik@file"
+      traefik.http.routers.vaultwarden-secure.entrypoints: "https"
+      traefik.http.routers.vaultwarden-secure.rule: "Host(`vaultwarden.{{ domain }}`)"
+      traefik.http.routers.vaultwarden-secure.tls: "true"
+      traefik.http.routers.vaultwarden-secure.service: "vaultwarden-svc"
+      traefik.http.services.vaultwarden-svc.loadBalancer.server.port: "80"
+      traefik.http.routers.vaultwarden-secure.tls.certresolver: letsencrypt
+      traefik.http.routers.vaultwarden-secure.tls.domains[0].main: "{{ domain }}"
+      traefik.http.routers.vaultwarden-secure.tls.domains[0].sans: "*.{{ domain }}"
+      traefik.docker.network: homelab
diff --git a/roles/services/templates/dashy/my-conf.yml.j2 b/roles/services/templates/dashy/my-conf.yml.j2
@@ -37,6 +37,10 @@ sections:
     icon: hl-librespeed
     url: "https://speed.{{ domain }}"
     target: newtab
+  - title: Vaultwarden
+    icon: hl-vaultwarden
+    url: "https://vaultwarden.{{ domain }}"
+    target: newtab
 
 - name: Monitoring
   items:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		vaultwarden_admin_token: "vaultwarden_admin_token"