diff options
| author | alex <alex@pdp7.net> | 2025-10-11 18:55:29 +0200 |
|---|---|---|
| committer | alex <alex@pdp7.net> | 2025-10-11 18:55:29 +0200 |
| commit | 7dd4a64f2f7612efb581c881ca9d59fc8b949663 (patch) | |
| tree | 3e3b897f0ed27d7fea60671f4ceb19bb67a7f095 /infrastructure | |
| parent | b92dca5d025ddb8c42f137d329033283ef803821 (diff) | |
Add Vaultwarden
Diffstat (limited to 'infrastructure')
| -rw-r--r-- | infrastructure/roles/vaultwarden/handlers/main.yaml | 4 | ||||
| -rw-r--r-- | infrastructure/roles/vaultwarden/tasks/main.yaml | 37 | ||||
| -rw-r--r-- | infrastructure/roles/web/tasks/main.yaml | 16 | ||||
| -rw-r--r-- | infrastructure/site.yaml | 1 |
4 files changed, 58 insertions, 0 deletions
diff --git a/infrastructure/roles/vaultwarden/handlers/main.yaml b/infrastructure/roles/vaultwarden/handlers/main.yaml new file mode 100644 index 0000000..00c03ee --- /dev/null +++ b/infrastructure/roles/vaultwarden/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: restart quadlet + ansible.builtin.systemd_service: + name: vaultwarden.service + state: restarted diff --git a/infrastructure/roles/vaultwarden/tasks/main.yaml b/infrastructure/roles/vaultwarden/tasks/main.yaml new file mode 100644 index 0000000..746696e --- /dev/null +++ b/infrastructure/roles/vaultwarden/tasks/main.yaml @@ -0,0 +1,37 @@ +- name: create quadlet + ansible.builtin.copy: + dest: /etc/containers/systemd/vaultwarden.container + content: | + [Unit] + After=network-online.target + + [Container] + AutoUpdate=registry + Image=ghcr.io/dani-garcia/vaultwarden:latest + Exec=/start.sh + EnvironmentFile=vaultwarden.environment + Volume=/var/lib/vaultwarden/:/data/ + PublishPort=127.0.0.1:8080:80 + + [Install] + WantedBy=default.target + notify: + - systemd daemon reload + - restart quadlet +- name: create environment + ansible.builtin.copy: + dest: /etc/containers/systemd/vaultwarden.environment + content: | + DOMAIN=https://{{ public_hostname }}/vaultwarden + notify: + - restart quadlet +- name: create storage + ansible.builtin.file: + name: /var/lib/vaultwarden + state: directory +- meta: flush_handlers +- name: enable quadlet + ansible.builtin.systemd_service: + name: vaultwarden.service + enabled: true + state: started diff --git a/infrastructure/roles/web/tasks/main.yaml b/infrastructure/roles/web/tasks/main.yaml index 9ef0a15..51cef33 100644 --- a/infrastructure/roles/web/tasks/main.yaml +++ b/infrastructure/roles/web/tasks/main.yaml @@ -16,6 +16,16 @@ cmd: a2enmod userdir creates: /etc/apache2/mods-enabled/userdir.load notify: restart web +- name: enable mod_proxy_http + ansible.builtin.command: + cmd: a2enmod proxy_http + creates: /etc/apache2/mods-enabled/proxy_http.load + notify: restart web +- name: enable mod_headers + ansible.builtin.command: + cmd: a2enmod headers + creates: /etc/apache2/mods-enabled/headers.load + notify: restart web - name: ssl site ansible.builtin.copy: dest: /etc/apache2/sites-enabled/ssl.conf @@ -27,5 +37,11 @@ ServerName {{ public_hostname_punycode }} SSLEngine on ServerAdmin {{ admin_email }} + + <Location /vaultwarden/> + ProxyPass http://127.0.0.1:8080/vaultwarden/ + ProxyPreserveHost On + RequestHeader set X-Real-IP %{REMOTE_ADDR}s + </Location> </VirtualHost> notify: restart web diff --git a/infrastructure/site.yaml b/infrastructure/site.yaml index acbdc7e..12e4b2d 100644 --- a/infrastructure/site.yaml +++ b/infrastructure/site.yaml @@ -7,3 +7,4 @@ - systemd - git - podman + - vaultwarden |