mirror of
https://github.com/davestephens/ansible-nas
synced 2024-12-25 11:03:07 +00:00
Merge branch 'jesse-troy-add-bitwarden-service'
* jesse-troy-add-bitwarden-service: Enable Bitwarden for external access Tweaks for Bitwarden WebSockets Updated bitwarden and documentation fix trailing whitespace Adding bitwarden documentation Changes to vars, toml, task and playbook
This commit is contained in:
commit
d57aa8ec58
7 changed files with 85 additions and 5 deletions
|
@ -26,6 +26,7 @@ just a stock Ubuntu install, some clever Ansible config and a bunch of Docker co
|
|||
### Docker Containers Used
|
||||
|
||||
* [Airsonic](https://airsonic.github.io/) - catalog and stream music
|
||||
* [Bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs) - Self-Hosting port of password manager
|
||||
* [Cloudflare DDNS](https://hub.docker.com/r/joshuaavalon/cloudflare-ddns/) - automatically update Cloudflare with your dynamic IP address
|
||||
* [CouchPotato](https://couchpota.to/) - for downloading and managing movies
|
||||
* [Duplicati](https://www.duplicati.com/) - for backing up your stuff
|
||||
|
|
18
docs/applications/bitwarden.md
Normal file
18
docs/applications/bitwarden.md
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Bitwarden(_rs) Password Management
|
||||
|
||||
Homepage: [https://github.com/dani-garcia/bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs)
|
||||
Bitwarden: [https://bitwarden.com/](https://bitwarden.com/)
|
||||
|
||||
This is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
|
||||
|
||||
## Usage
|
||||
|
||||
Set `bitwarden_enabled: true` in your `group_vars/all.yml` file.
|
||||
|
||||
## Specific Configuration
|
||||
|
||||
Make sure you set your admin token! It is bitwarden_admin_token in `group_vars/all.yml` file. The string you put here will be the login to the admin section of your bitwarden installation (https://bitwarden.ansiblenasdomain.tld/admin). This token can be anything, but it's recommended to use a long, randomly generated string of characters, for example running: openssl rand -base64 48.
|
||||
|
||||
To create a user, you need to change a variable in ./tasks/bitwarden.yml. Set "SIGNUPS_ALLOWED" to "true", and reprovision the container. Once you have created your user, I would reccomend setting it to false and reprovisioning one more time.
|
||||
|
||||
There is currently an issue with websockets and this configuration; traefik does not work correctly when enabled. If this issue gets resolved, I will update the file. Until that time, please note that synchronizations between your vault and browser extensions will not be instant. You will need to force a sync or wait on the scheduled sync (approx. 1h).
|
|
@ -5,6 +5,8 @@ By default, applications can be found on the ports listed below.
|
|||
| Application | Port | Notes |
|
||||
|-----------------|--------|-----------|
|
||||
| Couchpotato | 5050 | |
|
||||
| Bitwarden "hub" | 3012 | Web Not. |
|
||||
| Bitwarden | 19080 | HTTP |
|
||||
| Duplicati | 8200 | |
|
||||
| Emby | 8096 | HTTP |
|
||||
| Emby | 8920 | HTTPS |
|
||||
|
|
|
@ -61,6 +61,9 @@ timemachine_enabled: false
|
|||
znc_enabled: false
|
||||
thelounge_enabled: false
|
||||
|
||||
# Password Management
|
||||
bitwarden_enabled: false
|
||||
|
||||
###
|
||||
### General
|
||||
###
|
||||
|
@ -208,10 +211,9 @@ cloudflare_email: "{{ ansible_nas_email }}"
|
|||
# Cloudflare 'Global API Key', can be found on the 'My Profile' page
|
||||
cloudflare_api_key: abcdeabcdeabcdeabcde1234512345
|
||||
|
||||
######################################################################################
|
||||
###### Advanced Settings ######
|
||||
###### Ensure you know what you're doing before getting stuck in down here 8-) ######
|
||||
######################################################################################
|
||||
##################################################################
|
||||
###### You shouldn't need to edit anything below this point ######
|
||||
##################################################################
|
||||
|
||||
###
|
||||
### General
|
||||
|
@ -485,4 +487,15 @@ jackett_data_directory: "{{ docker_home }}/jackett"
|
|||
###
|
||||
### The Lounge
|
||||
###
|
||||
thelounge_data_directory: "{{ docker_home }}/thelounge"
|
||||
thelounge_data_directory: "{{ docker_home }}/thelounge"
|
||||
|
||||
###
|
||||
### Bitwarden
|
||||
###
|
||||
bitwarden_data_directory: "{{ docker_home }}/bitwarden"
|
||||
bitwarden_available_externally: "false"
|
||||
|
||||
# Keep this token secret, this is password to access admin area of your server!
|
||||
# This token can be anything, but it's recommended to use a long, randomly generated string of characters,
|
||||
# for example running openssl rand -base64 48
|
||||
bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321
|
4
nas.yml
4
nas.yml
|
@ -142,3 +142,7 @@
|
|||
- import_tasks: tasks/jackett.yml
|
||||
when: (jackett_enabled | default(False))
|
||||
tags: jackett
|
||||
|
||||
- import_tasks: tasks/bitwarden.yml
|
||||
when: (bitwarden_enabled | default(False))
|
||||
tags: bitwarden
|
41
tasks/bitwarden.yml
Normal file
41
tasks/bitwarden.yml
Normal file
|
@ -0,0 +1,41 @@
|
|||
- name: Create Bitwarden Directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- "{{ bitwarden_data_directory }}"
|
||||
|
||||
- name: Bitwarden Docker Container
|
||||
docker_container:
|
||||
name: bitwarden
|
||||
image: mprasil/bitwarden:latest
|
||||
pull: true
|
||||
ports:
|
||||
- "19080:80"
|
||||
- "3012:3012"
|
||||
volumes:
|
||||
- "{{ bitwarden_data_directory }}:/data:rw"
|
||||
env:
|
||||
SIGNUPS_ALLOWED: "false"
|
||||
ADMIN_TOKEN: "{{ bitwarden_admin_token }}"
|
||||
LOG_FILE: "/data/bitwarden.log"
|
||||
WEBSOCKET_ENABLED: "true"
|
||||
labels:
|
||||
traefik.backend: "bitwarden"
|
||||
traefik.web.frontend.rule: "Host:bitwarden.{{ ansible_nas_domain }}"
|
||||
traefik.enable: "{{ bitwarden_available_externally }}"
|
||||
traefik.web.port: "80"
|
||||
traefik.hub.frontend.rule: "Host:bitwarden.{{ ansible_nas_domain }};Path:/notifications/hub"
|
||||
traefik.hub.port: "3012"
|
||||
traefik.hub.protocol: "ws"
|
||||
restart_policy: unless-stopped
|
||||
#memory: 1g
|
||||
|
||||
- name: Bitwarden Backup Container
|
||||
docker_container:
|
||||
name: bitwarden-backup
|
||||
image: bruceforce/bw_backup:latest
|
||||
pull: true
|
||||
restart_policy: unless-stopped
|
||||
volumes_from: bitwarden
|
||||
memory: 1g
|
|
@ -180,6 +180,7 @@ onDemand = false # create certificate when container is created
|
|||
|
||||
# we request a certificate for everything, because why not.
|
||||
sans = ["airsonic.{{ ansible_nas_domain }}",
|
||||
"bitwarden.{{ ansible_nas_domain }}",
|
||||
"couchpotato.{{ ansible_nas_domain }}",
|
||||
"duplicati.{{ ansible_nas_domain }}",
|
||||
"emby.{{ ansible_nas_domain }}",
|
||||
|
|
Loading…
Reference in a new issue