1
0
forked from infra/ansible
infra/roles/vaultwarden/tasks/main.yml

52 lines
1.5 KiB
YAML

---
- name: Install packages
apt:
name:
- docker-compose
- name: Create vaultwarden group
group: name=vaultwarden
- name: Create vaultwarden user
user:
name: vaultwarden
home: /opt/vaultwarden
shell: /bin/bash
group: vaultwarden
groups: docker
- name: Configure vaultwarden container
template: src=docker-compose.yml.j2 dest=/opt/vaultwarden/docker-compose.yml
notify: Restart vaultwarden
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ vaultwarden_domain }}.key -out /etc/nginx/ssl/{{ vaultwarden_domain }}.crt -days 730 -subj "/CN={{ vaultwarden_domain }}" creates=/etc/nginx/ssl/{{ vaultwarden_domain }}.crt
notify: Restart nginx
- name: Configure certificate manager for vaultwarden
template: src=certs.j2 dest=/etc/acertmgr/{{ vaultwarden_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template: src=vhost.j2 dest=/etc/nginx/sites-available/vaultwarden
notify: Restart nginx
- name: Enable vhost
file: src=/etc/nginx/sites-available/vaultwarden dest=/etc/nginx/sites-enabled/vaultwarden state=link
notify: Restart nginx
- name: Systemd unit for vaultwarden
template: src=vaultwarden.service.j2 dest=/etc/systemd/system/vaultwarden.service
notify:
- Reload systemd
- Restart vaultwarden
- name: Start the vaultwarden service
service: name=vaultwarden state=started enabled=yes
- name: Enable monitoring
include_role: name=icinga-monitor tasks_from=http
vars:
vhost: "{{ vaultwarden_domain }}"