diff --git a/roles/bitwarden/defaults/main.yml b/roles/bitwarden/defaults/main.yml index ba691e6d..04cb2184 100644 --- a/roles/bitwarden/defaults/main.yml +++ b/roles/bitwarden/defaults/main.yml @@ -5,6 +5,7 @@ bitwarden_data_directory: "{{ docker_home }}/bitwarden" bitwarden_port_a: "19080" bitwarden_port_b: "3012" bitwarden_hostname: "bitwarden" +bitwarden_ip_whitelist: "0.0.0.0/0" # Keep this token secret, this is password to access admin area of your server! # This token can be anything, but it's recommended to use a long, randomly generated string of characters, diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index 87857298..4d964f33 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -3,6 +3,7 @@ file: path: "{{ item }}" state: directory + mode: '0755' with_items: - "{{ bitwarden_data_directory }}" @@ -28,13 +29,16 @@ traefik.http.routers.bitwarden.tls.domains[0].main: "{{ ansible_nas_domain }}" traefik.http.routers.bitwarden.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" traefik.http.routers.bitwarden.service: "bitwarden" + traefik.http.routers.bitwarden.middlewares: "bitwarden-ipwhitelist@docker" traefik.http.services.bitwarden.loadbalancer.server.port: "80" traefik.http.routers.bitwarden-ws.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`) && Path(`/notifications/hub`)" traefik.http.routers.bitwarden-ws.tls.certresolver: "letsencrypt" traefik.http.routers.bitwarden-ws.tls.domains[0].main: "{{ ansible_nas_domain }}" traefik.http.routers.bitwarden-ws.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" traefik.http.routers.bitwarden-ws.service: "bitwarden-ws" + traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipwhitelist@docker" traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012" + traefik.http.middlewares.bitwarden-ipwhitelist.ipwhitelist.sourcerange: "{{ bitwarden_ip_whitelist }}" memory: "{{ bitwarden_memory }}" restart_policy: unless-stopped