diff options
| author | Elizabeth Hunt <me@liz.coffee> | 2025-04-29 18:12:29 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <me@liz.coffee> | 2025-04-29 18:12:29 -0700 |
| commit | 3ddb82656d6d0c34f47962db25d37adf6ebb15e1 (patch) | |
| tree | 154c314d9a01a4a2aff8d41fae182ef7391583b1 /playbooks/roles/passwd | |
| parent | c7c2393bc06c0e49612e9d05e55c30028c02cd4a (diff) | |
| download | infra-3ddb82656d6d0c34f47962db25d37adf6ebb15e1.tar.gz infra-3ddb82656d6d0c34f47962db25d37adf6ebb15e1.zip | |
password manager
Diffstat (limited to 'playbooks/roles/passwd')
| -rw-r--r-- | playbooks/roles/passwd/tasks/main.yml | 8 | ||||
| -rw-r--r-- | playbooks/roles/passwd/templates/stacks/docker-compose.yml | 56 | ||||
| -rw-r--r-- | playbooks/roles/passwd/templates/volumes/data/.gitkeep | 0 |
3 files changed, 64 insertions, 0 deletions
diff --git a/playbooks/roles/passwd/tasks/main.yml b/playbooks/roles/passwd/tasks/main.yml new file mode 100644 index 0000000..005aee0 --- /dev/null +++ b/playbooks/roles/passwd/tasks/main.yml @@ -0,0 +1,8 @@ +--- + +- name: Deploy passwd + ansible.builtin.import_tasks: manage-docker-swarm-service.yml + vars: + service_name: passwd + template_render_dir: "../templates" + service_destination_dir: "{{ passwd_base }}" diff --git a/playbooks/roles/passwd/templates/stacks/docker-compose.yml b/playbooks/roles/passwd/templates/stacks/docker-compose.yml new file mode 100644 index 0000000..7f2c373 --- /dev/null +++ b/playbooks/roles/passwd/templates/stacks/docker-compose.yml @@ -0,0 +1,56 @@ +--- + +services: + passwd: + image: vaultwarden/server:latest + volumes: + - {{ passwd_base }}/volumes/data:/data + environment: + - TZ={{ timezone }} + - DEPLOYMENT_TIME={{ now() }} + - DOMAIN=https://{{ passwd_domain }} + - SENDS_ALLOWED=true + - EMERGENCY_ACCESS_ALLOWED=true + - WEB_VAULT_ENABLED=true + + - SIGNUPS_ALLOWED=false + - SIGNUPS_VERIFY=true + - SIGNUPS_VERIFY_RESEND_TIME=3600 + - SIGNUPS_VERIFY_RESEND_LIMIT=5 + - SIGNUPS_DOMAINS_WHITELIST={{ domain }} + + - SMTP_HOST={{ mail_domain }} + - SMTP_FROM={{ info_mail }} + - SMTP_FROM_NAME=VaultWarden + - SMTP_SECURITY=force_tls + - SMTP_PORT=465 + - SMTP_USERNAME={{ info_mail_user }} + - SMTP_PASSWORD={{ info_mail_password }} + + - YUBICO_SECRET_KEY={{ yubico_secret_key }} + - YUBICO_CLIENT_ID={{ yubico_client_id }} + networks: + - proxy + healthcheck: + test: ["CMD", "/healthcheck.sh"] + start_period: 10s + deploy: + mode: replicated + update_config: + parallelism: 1 + failure_action: rollback + order: start-first + monitor: 90s + replicas: 1 + labels: + - traefik.enable=true + - traefik.swarm.network=proxy + - traefik.http.routers.passwd.tls=true + - traefik.http.routers.passwd.tls.certResolver=letsencrypt + - traefik.http.routers.passwd.rule=Host(`{{ passwd_domain }}`) + - traefik.http.routers.passwd.entrypoints=websecure + - traefik.http.services.passwd.loadbalancer.server.port=80 + +networks: + proxy: + external: true diff --git a/playbooks/roles/passwd/templates/volumes/data/.gitkeep b/playbooks/roles/passwd/templates/volumes/data/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/passwd/templates/volumes/data/.gitkeep |