From 7dd4a64f2f7612efb581c881ca9d59fc8b949663 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 11 Oct 2025 18:55:29 +0200
Subject: Add Vaultwarden

---
 infrastructure/roles/web/tasks/main.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'infrastructure/roles/web/tasks/main.yaml')

diff --git a/infrastructure/roles/web/tasks/main.yaml b/infrastructure/roles/web/tasks/main.yaml
index 9ef0a15..51cef33 100644
--- a/infrastructure/roles/web/tasks/main.yaml
+++ b/infrastructure/roles/web/tasks/main.yaml
@@ -16,6 +16,16 @@
     cmd: a2enmod userdir
     creates: /etc/apache2/mods-enabled/userdir.load
   notify: restart web
+- name: enable mod_proxy_http
+  ansible.builtin.command:
+    cmd: a2enmod proxy_http
+    creates: /etc/apache2/mods-enabled/proxy_http.load
+  notify: restart web
+- name: enable mod_headers
+  ansible.builtin.command:
+    cmd: a2enmod headers
+    creates: /etc/apache2/mods-enabled/headers.load
+  notify: restart web
 - name: ssl site
   ansible.builtin.copy:
     dest: /etc/apache2/sites-enabled/ssl.conf
@@ -27,5 +37,11 @@
         ServerName {{ public_hostname_punycode }}
         SSLEngine on
         ServerAdmin {{ admin_email }}
+
+        <Location /vaultwarden/>
+          ProxyPass http://127.0.0.1:8080/vaultwarden/
+          ProxyPreserveHost On
+          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+        </Location>
       </VirtualHost>
   notify: restart web
-- 
cgit v1.2.3