diff --git a/nas.yml b/nas.yml index a8b84c8c..e8dc5ab9 100644 --- a/nas.yml +++ b/nas.yml @@ -52,7 +52,6 @@ - role: bitwarden tags: - bitwarden - when: (bitwarden_enabled | default(False)) - role: booksonic tags: @@ -459,7 +458,7 @@ when: (znc_enabled | default(False)) post_tasks: - - name: Clean up stopped applications + - name: Clean up stopped applications # noqa no-changed-when command: /bin/true notify: "stop disabled applications" tags: diff --git a/roles/bitwarden/defaults/main.yml b/roles/bitwarden/defaults/main.yml index e30ab3e7..3637685e 100644 --- a/roles/bitwarden/defaults/main.yml +++ b/roles/bitwarden/defaults/main.yml @@ -20,3 +20,7 @@ bitwarden_allow_signups: false # specs bitwarden_memory: 1g bitwarden_backup_memory: 1g + +# docker +bitwarden_container_name: bitwarden +bitwarden_backup_container_name: bitwarden-backup diff --git a/roles/bitwarden/handlers/main.yml b/roles/bitwarden/handlers/main.yml new file mode 100644 index 00000000..abbf6744 --- /dev/null +++ b/roles/bitwarden/handlers/main.yml @@ -0,0 +1,18 @@ +--- +- name: Stop Bitwarden + docker_container: + name: "{{ bitwarden_container_name }}" + state: absent + when: bitwarden_enabled is false + listen: + - "stop bitwarden" + - "stop disabled applications" + +- name: Stop Bitwarden Backup + docker_container: + name: "{{ bitwarden_backup_container_name }}" + state: absent + when: bitwarden_enabled is false + listen: + - "stop bitwarden" + - "stop disabled applications" diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index e842164a..ec8b6aac 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -1,52 +1,55 @@ --- -- name: Create Bitwarden Directories - file: - path: "{{ item }}" - state: directory - mode: "0755" - with_items: - - "{{ bitwarden_data_directory }}" +- name: Bitwarden + block: + - name: Create Bitwarden Directories + file: + path: "{{ item }}" + state: directory + mode: "0755" + with_items: + - "{{ bitwarden_data_directory }}" -- name: Bitwarden Docker Container - docker_container: - name: bitwarden - image: bitwardenrs/server:latest - pull: true - ports: - - "{{ bitwarden_port_a }}:80" - - "{{ bitwarden_port_b }}:3012" - volumes: - - "{{ bitwarden_data_directory }}:/data:rw" - env: - SIGNUPS_ALLOWED: "{{ bitwarden_allow_signups }}" - ADMIN_TOKEN: "{{ bitwarden_admin_token }}" - LOG_FILE: "/data/bitwarden.log" - WEBSOCKET_ENABLED: "true" - labels: - traefik.enable: "{{ bitwarden_available_externally | string }}" - traefik.http.routers.bitwarden.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`)" - traefik.http.routers.bitwarden.tls.certresolver: "letsencrypt" - traefik.http.routers.bitwarden.tls.domains[0].main: "{{ ansible_nas_domain }}" - traefik.http.routers.bitwarden.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" - traefik.http.routers.bitwarden.service: "bitwarden" - traefik.http.routers.bitwarden.middlewares: "bitwarden-ipwhitelist@docker" - traefik.http.services.bitwarden.loadbalancer.server.port: "80" - traefik.http.routers.bitwarden-ws.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`) && Path(`/notifications/hub`)" - traefik.http.routers.bitwarden-ws.tls.certresolver: "letsencrypt" - traefik.http.routers.bitwarden-ws.tls.domains[0].main: "{{ ansible_nas_domain }}" - traefik.http.routers.bitwarden-ws.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" - traefik.http.routers.bitwarden-ws.service: "bitwarden-ws" - traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipwhitelist@docker" - traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012" - traefik.http.middlewares.bitwarden-ipwhitelist.ipwhitelist.sourcerange: "{{ bitwarden_ip_whitelist }}" - memory: "{{ bitwarden_memory }}" - restart_policy: unless-stopped + - name: Bitwarden Docker Container + docker_container: + name: "{{ bitwarden_container_name }}" + image: bitwardenrs/server:latest + pull: true + ports: + - "{{ bitwarden_port_a }}:80" + - "{{ bitwarden_port_b }}:3012" + volumes: + - "{{ bitwarden_data_directory }}:/data:rw" + env: + SIGNUPS_ALLOWED: "{{ bitwarden_allow_signups }}" + ADMIN_TOKEN: "{{ bitwarden_admin_token }}" + LOG_FILE: "/data/bitwarden.log" + WEBSOCKET_ENABLED: "true" + labels: + traefik.enable: "{{ bitwarden_available_externally | string }}" + traefik.http.routers.bitwarden.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.bitwarden.tls.certresolver: "letsencrypt" + traefik.http.routers.bitwarden.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.bitwarden.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.routers.bitwarden.service: "bitwarden" + traefik.http.routers.bitwarden.middlewares: "bitwarden-ipwhitelist@docker" + traefik.http.services.bitwarden.loadbalancer.server.port: "80" + traefik.http.routers.bitwarden-ws.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`) && Path(`/notifications/hub`)" + traefik.http.routers.bitwarden-ws.tls.certresolver: "letsencrypt" + traefik.http.routers.bitwarden-ws.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.bitwarden-ws.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.routers.bitwarden-ws.service: "bitwarden-ws" + traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipwhitelist@docker" + traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012" + traefik.http.middlewares.bitwarden-ipwhitelist.ipwhitelist.sourcerange: "{{ bitwarden_ip_whitelist }}" + memory: "{{ bitwarden_memory }}" + restart_policy: unless-stopped -- name: Bitwarden Backup Container - docker_container: - name: bitwarden-backup - image: bruceforce/bw_backup:latest - pull: true - restart_policy: unless-stopped - volumes_from: bitwarden - memory: "{{ bitwarden_backup_memory }}" + - name: Bitwarden Backup Container + docker_container: + name: "{{ bitwarden_backup_container_name }}" + image: bruceforce/bw_backup:latest + pull: true + restart_policy: unless-stopped + volumes_from: bitwarden + memory: "{{ bitwarden_backup_memory }}" + when: bitwarden_enabled is true