From 0701f7159962f9bec900cfcc2d1ed3310ee3e7d4 Mon Sep 17 00:00:00 2001
From: Jesse Beard <jebe@stibosystems.com>
Date: Wed, 10 Apr 2019 08:46:47 -0400
Subject: [PATCH] Changes to vars, toml, task and playbook

---
 group_vars/all.yml.dist        | 15 +++++++++++++
 nas.yml                        |  4 ++++
 tasks/bitwarden.yml            | 41 ++++++++++++++++++++++++++++++++++
 templates/traefik/traefik.toml |  1 +
 tests/test.yml                 | 16 +++++++++++++
 5 files changed, 77 insertions(+)
 create mode 100644 tasks/bitwarden.yml

diff --git a/group_vars/all.yml.dist b/group_vars/all.yml.dist
index e15dfa71..6efc958b 100644
--- a/group_vars/all.yml.dist
+++ b/group_vars/all.yml.dist
@@ -59,6 +59,8 @@ timemachine_enabled: false
 # IRC bouncer
 znc_enabled: false
 
+# Password Management
+bitwarden_enabled: false
 
 ###
 ### General
@@ -207,6 +209,14 @@ cloudflare_email: dave@awesomedomain.com
 # Cloudflare 'Global API Key', can be found on the 'My Profile' page
 cloudflare_api_key: abcdeabcdeabcdeabcde1234512345
 
+###
+### Bitwarden
+###
+# Keep this token secret, this is password to access admin area of your server!
+# This token can be anything, but it's recommended to use a long, randomly generated string of characters,
+# for example running openssl rand -base64 48
+bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321
+
 ##################################################################
 ###### You shouldn't need to edit anything below this point ######
 ##################################################################
@@ -449,3 +459,8 @@ mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa"
 ### jackett
 ###
 jackett_data_directory: "{{ docker_home }}/jackett"
+
+###
+### bitwarden
+###
+bitwarden_data_directory: "{{ docker_home }}/bitwarden"
\ No newline at end of file
diff --git a/nas.yml b/nas.yml
index ccb85447..6f1514a7 100644
--- a/nas.yml
+++ b/nas.yml
@@ -138,3 +138,7 @@
   - import_tasks: tasks/jackett.yml
     when: (jackett_enabled | default(False))
     tags: jackett
+
+  - import_tasks: tasks/bitwarden.yml
+    when: (bitwarden_enabled | default(False))
+    tags: bitwarden
\ No newline at end of file
diff --git a/tasks/bitwarden.yml b/tasks/bitwarden.yml
new file mode 100644
index 00000000..e6217aec
--- /dev/null
+++ b/tasks/bitwarden.yml
@@ -0,0 +1,41 @@
+- name: Create Bitwarden Directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ bitwarden_data_directory }}"
+
+- name: Bitwarden Docker Container
+  docker_container:
+    name: bitwarden
+    image: mprasil/bitwarden:latest
+    pull: true
+    ports:
+      #- "19080:80"
+      - "3012:3012"
+    volumes:
+      - "{{ bitwarden_data_directory }}:/data:rw"
+    env:
+      SIGNUPS_ALLOWED: "false"
+      ADMIN_TOKEN: "{{ bitwarden_admin_token }}" 
+      LOG_FILE: "/data/bitwarden.log"
+    labels:
+      traefik.backend: "bitwarden"
+      traefik.web.frontend.rule: "Host:bitwarden.{{ ansible_nas_domain }}"
+      traefik.enable: "true"
+      traefik.web.port: "80"
+      #traefik.web.frontend.headers.customFrameOptionsValue: "ALLOW-FROM http://{{ ansible_nas_domain }}"
+      #traefik.web.frontend.headers.customFrameOptionsValue: "ALLOW-FROM https://{{ ansible_nas_domain }}"
+      #traefik.web.frontend.headers.SSLRedirect: "true"
+      traefik.hub.frontend.rule: "Host:bitwarden.{{ ansible_nas_domain }};Path:/notifications/hub"
+      traefik.hub.port: "3012"
+    restart_policy: unless-stopped
+    #memory: 1g
+
+- name: Bitwarden Backup Container
+  docker_container:
+    name: bitwarden-backup
+    image: bruceforce/bw_backup:latest
+    pull: true
+    restart_policy: unless-stopped
+    volumes_from: bitwarden
\ No newline at end of file
diff --git a/templates/traefik/traefik.toml b/templates/traefik/traefik.toml
index 69eba793..49f510ce 100644
--- a/templates/traefik/traefik.toml
+++ b/templates/traefik/traefik.toml
@@ -180,6 +180,7 @@ onDemand = false # create certificate when container is created
 
   # we request a certificate for everything, because why not.
   sans = ["airsonic.{{ ansible_nas_domain }}",
+          "bitwarden.{{ ansible_nas_domain }}",
           "couchpotato.{{ ansible_nas_domain }}",
           "duplicati.{{ ansible_nas_domain }}",
           "emby.{{ ansible_nas_domain }}",
diff --git a/tests/test.yml b/tests/test.yml
index a9a8f3f2..f787a308 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -59,6 +59,9 @@ timemachine_enabled: false
 # IRC bouncer
 znc_enabled: false
 
+# Password Management
+bitwarden_enabled: false
+
 ###
 ### General
 ###
@@ -207,6 +210,14 @@ cloudflare_email: dave@awesomedomain.com
 # Cloudflare 'Global API Key', can be found on the 'My Profile' page
 cloudflare_api_key: abcdeabcdeabcdeabcde1234512345
 
+###
+### Bitwarden
+###
+# Keep this token secret, this is password to access admin area of your server!
+# This token can be anything, but it's recommended to use a long, randomly generated string of characters,
+# for example running openssl rand -base64 48
+bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321
+
 ##################################################################
 ###### You shouldn't need to edit anything below this point ######
 ##################################################################
@@ -449,3 +460,8 @@ mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa"
 ### jackett
 ###
 jackett_data_directory: "{{ docker_home }}/jackett"
+
+###
+### bitwarden
+###
+bitwarden_data_directory: "{{ docker_home }}/bitwarden"
\ No newline at end of file