From 385e60aee558f3aac1333dd34f61df1d2a0a0a28 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Thu, 2 Nov 2023 23:29:54 -0400 Subject: [PATCH] Update proxy playbook --- dev/host_vars/gitea.yml | 3 + dev/host_vars/proxy.yml | 56 ++++++++++++++++--- dev/proxy.yml | 2 +- roles/bitwarden/tasks/main.yml | 8 +-- roles/bitwarden/templates/bw_wrapper.j2 | 7 ++- .../templates/compose.override.yml.j2 | 6 +- 6 files changed, 64 insertions(+), 18 deletions(-) diff --git a/dev/host_vars/gitea.yml b/dev/host_vars/gitea.yml index 4adb429..ef520f8 100644 --- a/dev/host_vars/gitea.yml +++ b/dev/host_vars/gitea.yml @@ -7,6 +7,7 @@ users: uid: 1001 gid: 1001 home: true + system: true # Import my GPG key for git signature verification root_gpgkeys: @@ -35,6 +36,8 @@ docker_compose_deploy: url: https://github.com/krislamo/gitea version: b0ce66f6a1ab074172eed79eeeb36d7e9011ef8f enabled: true + trusted_keys: + - FBF673CEEC030F8AECA814E73EDA9C3441EDA925 env: USER_UID: "{{ users.git.uid }}" USER_GID: "{{ users.git.gid }}" diff --git a/dev/host_vars/proxy.yml b/dev/host_vars/proxy.yml index 998884c..2076075 100644 --- a/dev/host_vars/proxy.yml +++ b/dev/host_vars/proxy.yml @@ -4,6 +4,18 @@ base_domain: local.krislamo.org allow_reboot: false manage_network: false +users: + git: + uid: 1001 + gid: 1001 + home: true + system: true + +# Import my GPG key for git signature verification +root_gpgkeys: + - name: kris@lamoureux.io + id: FBF673CEEC030F8AECA814E73EDA9C3441EDA925 + # proxy proxy: #production: true @@ -15,14 +27,49 @@ proxy: - "{{ base_domain }}" servers: - domain: "{{ bitwarden_domain }}" - proxy_pass: "http://127.0.0.1:8080" + proxy_pass: "http://127.0.0.1" - domain: "{{ gitea_domain }}" - proxy_pass: "http://127.0.0.1:3000" + proxy_pass: "http://127.0.0.1" # docker +docker_official: true # docker's apt repos docker_users: - vagrant +docker_compose_env_nolog: false # dev only setting +docker_compose_deploy: + # Traefik + - name: traefik + url: https://github.com/krislamo/traefik + version: e97db75e2e214582fac5f5e495687ab5cdf855ad + path: docker-compose.web.yml + enabled: true + accept_newhostkey: true + trusted_keys: + - FBF673CEEC030F8AECA814E73EDA9C3441EDA925 + env: + ENABLE: true + # Gitea + - name: gitea + url: https://github.com/krislamo/gitea + version: b0ce66f6a1ab074172eed79eeeb36d7e9011ef8f + enabled: true + trusted_keys: + - FBF673CEEC030F8AECA814E73EDA9C3441EDA925 + env: + ENTRYPOINT: web + ENABLE_TLS: false + USER_UID: "{{ users.git.uid }}" + USER_GID: "{{ users.git.gid }}" + DB_PASSWD: "{{ gitea.DB_PASSWD }}" + +# gitea +gitea_domain: "git.{{ base_domain }}" +gitea: + DB_NAME: gitea + DB_USER: gitea + DB_PASSWD: password + # bitwarden # Get Installation ID & Key at https://bitwarden.com/host/ bitwarden_domain: "vault.{{ base_domain }}" @@ -30,8 +77,3 @@ bitwarden_dbpass: password bitwarden_install_id: 4ea840a3-532e-4cb6-a472-abd900728b23 bitwarden_install_key: 1yB3Z2gRI0KnnH90C6p #bitwarden_prodution: true - -# gitea -gitea_domain: "git.{{ base_domain }}" -gitea_version: 1 -gitea_dbpass: password diff --git a/dev/proxy.yml b/dev/proxy.yml index b01bc74..73818dd 100644 --- a/dev/proxy.yml +++ b/dev/proxy.yml @@ -5,8 +5,8 @@ - host_vars/proxy.yml roles: - base - - mariadb - proxy - docker + - mariadb - gitea - bitwarden diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index 8c607ed..c21d37c 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -26,18 +26,18 @@ args: creates: "{{ bitwarden_root }}/bwdata/config.yml" -- name: Install docker-compose override +- name: Install compose override ansible.builtin.template: src: compose.override.yml.j2 dest: "{{ bitwarden_root }}/bwdata/docker/docker-compose.override.yml" - when: traefik_version is defined + when: bitwarden_override | default(true) notify: rebuild_bitwarden - name: Disable bitwarden-nginx HTTP on 80 ansible.builtin.replace: path: "{{ bitwarden_root }}/bwdata/config.yml" regexp: "^http_port: 80$" - replace: "http_port: 127.0.0.1:8080" + replace: "http_port: {{ bitwarden_http_port | default('127.0.0.1:9080') }}" when: not bitwarden_standalone notify: rebuild_bitwarden @@ -45,7 +45,7 @@ ansible.builtin.replace: path: "{{ bitwarden_root }}/bwdata/config.yml" regexp: "^https_port: 443$" - replace: "https_port: 127.0.0.1:8443" + replace: "https_port: {{ bitwarden_https_port | default('127.0.0.1:9443') }}" when: not bitwarden_standalone notify: rebuild_bitwarden diff --git a/roles/bitwarden/templates/bw_wrapper.j2 b/roles/bitwarden/templates/bw_wrapper.j2 index 752ae85..cabcf63 100644 --- a/roles/bitwarden/templates/bw_wrapper.j2 +++ b/roles/bitwarden/templates/bw_wrapper.j2 @@ -23,10 +23,13 @@ send "{{ bitwarden_install_id }}\r" expect "Enter your installation key:" send "{{ bitwarden_install_key }}\r" -expect "Do you have a SSL certificate to use? (y/n):" +expect "Enter your region (US/EU) \\\[US\\\]:" +send "US\r" + +expect "Do you have a SSL certificate to use? (y/N):" send "n\r" -expect "Do you want to generate a self-signed SSL certificate? (y/n):" +expect "Do you want to generate a self-signed SSL certificate? (y/N):" {% if bitwarden_standalone and not bitwarden_production %} send "y\r" {% else %} diff --git a/roles/bitwarden/templates/compose.override.yml.j2 b/roles/bitwarden/templates/compose.override.yml.j2 index eaa6b01..f7bffe1 100644 --- a/roles/bitwarden/templates/compose.override.yml.j2 +++ b/roles/bitwarden/templates/compose.override.yml.j2 @@ -6,13 +6,11 @@ services: - traefik labels: traefik.http.routers.bitwarden.rule: "Host(`{{ bitwarden_domain }}`)" - traefik.http.routers.bitwarden.entrypoints: websecure - traefik.http.routers.bitwarden.tls.certresolver: letsencrypt - traefik.http.routers.bitwarden.middlewares: "securehttps@file" + traefik.http.routers.bitwarden.entrypoints: {{ bitwarden_entrypoint | default('web') }} + traefik.http.routers.bitwarden.tls: {{ bitwarden_traefik_tls | default('false') }} traefik.http.services.bitwarden.loadbalancer.server.port: 8080 traefik.docker.network: traefik traefik.enable: "true" - networks: traefik: external: true