--- - name: Install packages apt: name: - docker-compose - name: Create vaultwarden group group: name=vaultwarden - name: Create vaultwarden user user: name: vaultwarden home: /opt/vaultwarden shell: /bin/bash group: vaultwarden groups: docker - name: Configure vaultwarden container template: src=docker-compose.yml.j2 dest=/opt/vaultwarden/docker-compose.yml notify: Restart vaultwarden - name: Ensure certificates are available command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ vaultwarden_domain }}.key -out /etc/nginx/ssl/{{ vaultwarden_domain }}.crt -days 730 -subj "/CN={{ vaultwarden_domain }}" creates=/etc/nginx/ssl/{{ vaultwarden_domain }}.crt notify: Restart nginx - name: Configure certificate manager for vaultwarden template: src=certs.j2 dest=/etc/acertmgr/{{ vaultwarden_domain }}.conf notify: Run acertmgr - name: Configure vhost template: src=vhost.j2 dest=/etc/nginx/sites-available/vaultwarden notify: Restart nginx - name: Enable vhost file: src=/etc/nginx/sites-available/vaultwarden dest=/etc/nginx/sites-enabled/vaultwarden state=link notify: Restart nginx - name: Systemd unit for vaultwarden template: src=vaultwarden.service.j2 dest=/etc/systemd/system/vaultwarden.service notify: - Reload systemd - Restart vaultwarden - name: Systemd unit for vaultwarden-reload template: src=vaultwarden-reload.{{ item }}.j2 dest=/etc/systemd/system/vaultwarden-reload.{{ item }} with_items: - "service" - "timer" notify: - Reload systemd - Restart vaultwarden-reload - name: Start the vaultwarden service service: name=vaultwarden state=started enabled=yes - name: Enable auto update timer service: name=vaultwarden-reload.timer state=started enabled=yes - name: Enable monitoring include_role: name=icinga-monitor tasks_from=http vars: vhost: "{{ vaultwarden_domain }}"