From 44f9505bef0437da1fb66b28a15cac5734dc9fbb Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Wed, 6 Nov 2024 19:11:29 +0100
Subject: [PATCH] vaultwarden: enable automatic updates of docker images

---
 roles/vaultwarden/handlers/main.yml                  |  3 +++
 roles/vaultwarden/tasks/main.yml                     | 12 ++++++++++++
 .../templates/vaultwarden-reload.service.j2          |  7 +++++++
 .../templates/vaultwarden-reload.timer.j2            | 10 ++++++++++
 roles/vaultwarden/templates/vaultwarden.service.j2   |  6 ++++++
 5 files changed, 38 insertions(+)
 create mode 100644 roles/vaultwarden/templates/vaultwarden-reload.service.j2
 create mode 100644 roles/vaultwarden/templates/vaultwarden-reload.timer.j2

diff --git a/roles/vaultwarden/handlers/main.yml b/roles/vaultwarden/handlers/main.yml
index 0d4eaa0..651e51f 100644
--- a/roles/vaultwarden/handlers/main.yml
+++ b/roles/vaultwarden/handlers/main.yml
@@ -6,6 +6,9 @@
 - name: Restart vaultwarden
   service: name=vaultwarden state=restarted
 
+- name: Restart vaultwarden-reload
+  service: name=vaultwarden-reload state=restarted
+
 - name: Restart nginx
   service: name=nginx state=restarted
 
diff --git a/roles/vaultwarden/tasks/main.yml b/roles/vaultwarden/tasks/main.yml
index fdb4ed6..81e3071 100644
--- a/roles/vaultwarden/tasks/main.yml
+++ b/roles/vaultwarden/tasks/main.yml
@@ -42,9 +42,21 @@
   - Reload systemd
   - Restart vaultwarden
 
+- name: Systemd unit for vaultwarden-reload
+  template: src=vaultwarden-reload.{{ item }}.j2 dest=/etc/systemd/system/vaultwarden-reload.{{ item }}
+  with_items:
+  - "service"
+  - "timer"
+  notify:
+  - Reload systemd
+  - Restart vaultwarden-reload
+
 - name: Start the vaultwarden service
   service: name=vaultwarden state=started enabled=yes
 
+- name: Enable auto update timer
+  service: name=vaultwarden-reload.timer state=started enabled=yes
+
 - name: Enable monitoring
   include_role: name=icinga-monitor tasks_from=http
   vars:
diff --git a/roles/vaultwarden/templates/vaultwarden-reload.service.j2 b/roles/vaultwarden/templates/vaultwarden-reload.service.j2
new file mode 100644
index 0000000..57bc847
--- /dev/null
+++ b/roles/vaultwarden/templates/vaultwarden-reload.service.j2
@@ -0,0 +1,7 @@
+[Unit]
+Description=Refresh vaultwarden images
+
+[Service]
+Type=oneshot
+
+ExecStart=/bin/systemctl reload-or-restart vaultwarden.service
diff --git a/roles/vaultwarden/templates/vaultwarden-reload.timer.j2 b/roles/vaultwarden/templates/vaultwarden-reload.timer.j2
new file mode 100644
index 0000000..ef154d4
--- /dev/null
+++ b/roles/vaultwarden/templates/vaultwarden-reload.timer.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Refresh vaultwarden images
+Requires=vaultwarden.service
+After=vaultwarden.service
+
+[Timer]
+OnCalendar=*:0/15
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/vaultwarden/templates/vaultwarden.service.j2 b/roles/vaultwarden/templates/vaultwarden.service.j2
index f7a51d4..067ab21 100644
--- a/roles/vaultwarden/templates/vaultwarden.service.j2
+++ b/roles/vaultwarden/templates/vaultwarden.service.j2
@@ -17,6 +17,8 @@ WorkingDirectory=/opt/vaultwarden
 
 # Make sure no old containers are running
 ExecStartPre=/usr/bin/docker-compose down -v
+# Update images
+ExecStartPre=-/usr/bin/docker-compose pull --quiet
 
 # Compose up
 ExecStart=/usr/bin/docker-compose up
@@ -24,5 +26,9 @@ ExecStart=/usr/bin/docker-compose up
 # Compose down, remove containers and volumes
 ExecStop=/usr/bin/docker-compose down -v
 
+# Refresh on reload
+ExecReload=-/usr/bin/docker-compose pull --quiet
+ExecReload=/usr/bin/docker-compose up -d
+
 [Install]
 WantedBy=multi-user.target