diff options
| author | alexpdp7 <alex@pdp7.net> | 2025-01-26 10:26:52 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-26 10:26:52 +0100 |
| commit | 28e31c610ae7abcd8662a506a28e883715599a13 (patch) | |
| tree | a10e8f752020e265d8a1fb36f1e4d005da39478b /personal_infra | |
| parent | 15a69894b8ac53e898723a311df54c41dd6fb712 (diff) | |
Add Vaultwarden (#320)
Diffstat (limited to 'personal_infra')
4 files changed, 43 insertions, 0 deletions
diff --git a/personal_infra/puppet/modules/vaultwarden/manifests/init.pp b/personal_infra/puppet/modules/vaultwarden/manifests/init.pp new file mode 100644 index 00000000..d92e38f0 --- /dev/null +++ b/personal_infra/puppet/modules/vaultwarden/manifests/init.pp @@ -0,0 +1,31 @@ +class vaultwarden { + package {['vaultwarden', 'vaultwarden-web']:} + -> + file {'/var/lib/vaultwarden/data': + ensure => directory, + owner => 'vaultwarden', + group => 'vaultwarden', + mode => '700', + } + -> + service {'vaultwarden': + ensure => running, + enable => true, + } + + Package['vaultwarden'] + -> + file {'/etc/vaultwarden/vaultwarden.cfg': + content => @(EOT) + # see https://src.fedoraproject.org/rpms/vaultwarden/blob/rawhide/f/vaultwarden.cfg + + # uncomment temporarily + SIGNUPS_ALLOWED=false + WEB_VAULT_FOLDER=/usr/share/vaultwarden-web + ROCKET_ADDRESS=0.0.0.0 + | EOT + , + } + ~> + Service['vaultwarden'] +} diff --git a/personal_infra/puppet/site/dixie.bcn.int.pdp7.net.pp b/personal_infra/puppet/site/dixie.bcn.int.pdp7.net.pp index 1c815c24..067849b7 100644 --- a/personal_infra/puppet/site/dixie.bcn.int.pdp7.net.pp +++ b/personal_infra/puppet/site/dixie.bcn.int.pdp7.net.pp @@ -57,6 +57,7 @@ host-record=router4g.bcn.int.pdp7.net,router4g,192.168.76.3 sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-210-disk-1 rpool/user/backed/bitwarden --quiet sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-211-disk-1 rpool/user/backed/gitolite --quiet sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-214-disk-1 rpool/user/backed/weed --quiet + sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-215-disk-1 rpool/user/backed/vaultwarden --quiet | EOT , owner => root, diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp index 7ef47fcd..967a6348 100644 --- a/personal_infra/puppet/site/h1.pdp7.net.pp +++ b/personal_infra/puppet/site/h1.pdp7.net.pp @@ -25,6 +25,10 @@ node 'h1.pdp7.net' { [rpool/data/subvol-214-disk-1] use_template = backup + # vaultwarden + [rpool/data/subvol-215-disk-1] + use_template = backup + [template_backup] frequently=0 hourly=0 @@ -74,6 +78,10 @@ node 'h1.pdp7.net' { target => 'http://bitwarden.h1.int.pdp7.net:8000/', } + proxmox::proxy_host {'vaultwarden.pdp7.net': + target => 'http://vaultwarden.h1.int.pdp7.net:8000/', + } + proxmox::proxy_host {'grafana.pdp7.net': target => 'http://grafana.h1.int.pdp7.net:3000/', } diff --git a/personal_infra/puppet/site/vaultwarden.h1.int.pdp7.net.pp b/personal_infra/puppet/site/vaultwarden.h1.int.pdp7.net.pp new file mode 100644 index 00000000..00006086 --- /dev/null +++ b/personal_infra/puppet/site/vaultwarden.h1.int.pdp7.net.pp @@ -0,0 +1,3 @@ +node 'vaultwarden.h1.int.pdp7.net' { + class {'vaultwarden':} +} |