Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/e-breuninger/ansible-role-bitwarden

Deploy Bitwarden with Docker and Docker-Compose following the steps provided by Bitwardens setup.sh.
https://github.com/e-breuninger/ansible-role-bitwarden

Last synced: 3 months ago
JSON representation

Deploy Bitwarden with Docker and Docker-Compose following the steps provided by Bitwardens setup.sh.

Host: GitHub
URL: https://github.com/e-breuninger/ansible-role-bitwarden
Owner: e-breuninger
License: mit
Created: 2021-09-06T12:57:46.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2023-12-11T17:47:02.000Z (about 1 year ago)
Last Synced: 2023-12-11T18:51:33.477Z (about 1 year ago)
Language: Python
Size: 63.5 KB
Stars: 8
Watchers: 1
Forks: 2
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Ansible Role: Bitwarden

[![CI](https://github.com/e-breuninger/ansible-role-bitwarden/actions/workflows/ci.yml/badge.svg)](https://github.com/e-breuninger/ansible-role-bitwarden/actions/workflows/ci.yml)

Deploy Bitwarden with Docker and Docker-Compose using the `bitwarden.sh`.

This role is an automated wrapper around the Bitwarden setup scripts.
It makes heavy use of handlers to trigger reconfigure and update tasks.

If you need any task not covered by the role it's totally fine to use the setup script on the machine directly.
Use the official docs as reference: https://bitwarden.com/help/article/install-on-premise/

## Usage

Add the role to your playbook:

- hosts: server
roles:
- { role: breuninger.bitwarden }

## Known issues

### Certbot

We currently only support static TLS certificates for Nginx. The Certbot integration is not configured.
Feel free to add this feature as a PR if needed.

### Bitwarden version

Bitwarden has a different version in the setup files than in the tagged version of the repo may indicates.
This is due to their release strategy, which always increases the actual version only in the master. We are already in talks with Bitwarden and hope for a different mode of release.

### SSL Modes

The Bitwarden setup script allows for four different ways of setting up SSL (or the lack thereof): a user provided SSL
cert, an SSL cert that is created by Let's Encrypt, a self-signed cert generated by the setup container, and no SSL (not
recommended for installs being used normally).

#### User Provided

To maintain backwards compatibility, this is the default mode for this role. While the Bitwarden setup script allows for
untrusted certs provided by the user, this role requires it to be trusted (signed by a CA, not self signed).

```YAML
- hosts: server
roles:
- role: breuninger.bitwarden
vars:
bitwarden_ssl_mode: provided
bitwarden_nginx_cert_path: /path/to/ssl/cert
bitwarden_nginx_key_path: /path/to/ssl/key
```

If an untrusted-user-provided-cert usecase is needed, it can be added with a new ssl_mode and corresponding inputs in
`defaults/main.yml`.

#### Let's Encrypt

Use the Certbot SSL integration that comes with the Bitwarden setup script

```YAML
- hosts: server
roles:
- role: breuninger.bitwarden
vars:
bitwarden_ssl_mode: lets_encrypt
bitwarden_lets_encrypt_email: [email protected]
```

#### Generated self signed

The Bitwarden setup script allows for generating a self-signed SSL cert to utilize SSL, but from an untrusted source.
The two methods above are better for running Bitwarden in a Production environment. Please choose from one of them
instead of using this option, unless absolutely necessary.

```YAML
- hosts: server
roles:
- role: breuninger.bitwarden
vars:
bitwarden_ssl_mode: generate
```

#### No SSL

Please heavily consider your use case before using this option. One legitimate usecase for this is SSL termination at a
reverse proxy.

```YAML
- hosts: server
roles:
- role: breuninger.bitwarden
vars:
bitwarden_ssl_mode: disable
```

Install and configure bitwarden on premise in docker-compose fashion.

## Table of content

- [Requirements](#requirements)
- [Default Variables](#default-variables)
- [bitwarden_domain_name](#bitwarden_domain_name)
- [bitwarden_global_env](#bitwarden_global_env)
- [bitwarden_lets_encrpyt_email](#bitwarden_lets_encrpyt_email)
- [bitwarden_lets_encrypt_email](#bitwarden_lets_encrypt_email)
- [bitwarden_nginx_cert_path](#bitwarden_nginx_cert_path)
- [bitwarden_nginx_key_path](#bitwarden_nginx_key_path)
- [bitwarden_region](#bitwarden_region)
- [bitwarden_script_version](#bitwarden_script_version)
- [bitwarden_setup_config](#bitwarden_setup_config)
- [bitwarden_ssl_mode](#bitwarden_ssl_mode)
- [bitwarden_ssl_provider](#bitwarden_ssl_provider)
- [bitwarden_test_install_script](#bitwarden_test_install_script)
- [Dependencies](#dependencies)
- [License](#license)
- [Author](#author)

---

## Default Variables

### bitwarden_domain_name

Domain name which used for Bitwarden

#### Default value

```YAML
bitwarden_domain_name: localhost
```

### bitwarden_global_env

Map of global Bitwarden environment variables. Each entire is mapped to the global.override.env.
See https://bitwarden.com/help/article/environment-variables/

#### Default value

```YAML
bitwarden_global_env: {}
```

#### Example usage

```YAML
bitwarden_global_env:
globalSettings__mail__smtp__host: localhost
globalSettings__mail__smtp__port: 25
```

### bitwarden_lets_encrpyt_email

Lets Encrypt email account if bitwarden_ssl_mode set to "lets_encrypt"

### bitwarden_lets_encrypt_email

#### Default value

```YAML
bitwarden_lets_encrypt_email:
```

### bitwarden_nginx_cert_path

Path of the certificate file used for the Nginx container (required if `bitwarden_ssl_mode == "provided"`).
The user of the role is responsible for providing a valid certificate file.
File is copied from the provided location to Bitwardens user home in order to garantue the correct mapping inside the container.

#### Default value

```YAML
bitwarden_nginx_cert_path:
```

### bitwarden_nginx_key_path

Path of the key file used for the Nginx container (required if `bitwarden_ssl_mode == "provided"`). The user of the role is responsible for providing a valid key file.
File is copied from the provided location to Bitwardens user home in order to garantue the correct mapping inside the container.

#### Default value

```YAML
bitwarden_nginx_key_path:
```

### bitwarden_region

Region which is used for Bitwarden.
Options: US, EU

#### Default value

```YAML
bitwarden_region: US
```

### bitwarden_script_version

#### Default value

```YAML
bitwarden_script_version: v2023.12.0
```

### bitwarden_setup_config

Map of Bitwarden setup configuration values to override.
Use this to change values in the generated config.yml file from Bitwarden.

#### Default value

```YAML
bitwarden_setup_config: {}
```

#### Example usage

```YAML
bitwarden_setup_config:
database_docker_volume: true
```

### bitwarden_ssl_mode

#### Default value

```YAML
bitwarden_ssl_mode: provided
```

### bitwarden_ssl_provider

Provides the SSL mode to use when setting up the installation
Options: provided, generate, lets_encrypt, disable

### bitwarden_test_install_script

A flag to disable downloading the `bitwarden.sh` script. Used in cases where the Let's Encrypt ssl_mode needs to be
tested without fear of hitting the Let's Encrypt rate limit. Or to test changes to the `bitwarden.sh` or `run.sh`
scripts. Hopefully this flag can be added to the `bitwarden.sh` script in the future instead of being used here.

#### Default value

```YAML
bitwarden_test_install_script: false
```

## Dependencies

None.

## License

MIT

## Author

Operations Core Toolig