Update proxy playbook

2023-11-02 23:29:54 -04:00
parent 5633468f41
commit 385e60aee5
6 changed files with 64 additions and 18 deletions
--- a/roles/bitwarden/tasks/main.yml
+++ b/roles/bitwarden/tasks/main.yml
@@ -26,18 +26,18 @@
  args:
    creates: "{{ bitwarden_root }}/bwdata/config.yml"

- name: Install docker-compose override
+- name: Install compose override
  ansible.builtin.template:
    src: compose.override.yml.j2
    dest: "{{ bitwarden_root }}/bwdata/docker/docker-compose.override.yml"
-  when: traefik_version is defined
+  when: bitwarden_override | default(true)
  notify: rebuild_bitwarden

 - name: Disable bitwarden-nginx HTTP on 80
  ansible.builtin.replace:
    path: "{{ bitwarden_root }}/bwdata/config.yml"
    regexp: "^http_port: 80$"
-    replace: "http_port: 127.0.0.1:8080"
+    replace: "http_port: {{ bitwarden_http_port | default('127.0.0.1:9080') }}"
  when: not bitwarden_standalone
  notify: rebuild_bitwarden

@@ -45,7 +45,7 @@
  ansible.builtin.replace:
    path: "{{ bitwarden_root }}/bwdata/config.yml"
    regexp: "^https_port: 443$"
-    replace: "https_port: 127.0.0.1:8443"
+    replace: "https_port: {{ bitwarden_https_port | default('127.0.0.1:9443') }}"
  when: not bitwarden_standalone
  notify: rebuild_bitwarden

--- a/roles/bitwarden/templates/bw_wrapper.j2
+++ b/roles/bitwarden/templates/bw_wrapper.j2
@@ -23,10 +23,13 @@ send "{{ bitwarden_install_id }}\r"
 expect "Enter your installation key:"
 send "{{ bitwarden_install_key }}\r"

-expect "Do you have a SSL certificate to use? (y/n):"
+expect "Enter your region (US/EU) \\\[US\\\]:"
+send "US\r"
+
+expect "Do you have a SSL certificate to use? (y/N):"
 send "n\r"

-expect "Do you want to generate a self-signed SSL certificate? (y/n):"
+expect "Do you want to generate a self-signed SSL certificate? (y/N):"
 {% if bitwarden_standalone and not bitwarden_production %}
 send "y\r"
 {% else %}
--- a/roles/bitwarden/templates/compose.override.yml.j2
+++ b/roles/bitwarden/templates/compose.override.yml.j2
@@ -6,13 +6,11 @@ services:
      - traefik
    labels:
      traefik.http.routers.bitwarden.rule: "Host(`{{ bitwarden_domain }}`)"
-      traefik.http.routers.bitwarden.entrypoints: websecure
-      traefik.http.routers.bitwarden.tls.certresolver: letsencrypt
-      traefik.http.routers.bitwarden.middlewares: "securehttps@file"
+      traefik.http.routers.bitwarden.entrypoints: {{ bitwarden_entrypoint | default('web') }}
+      traefik.http.routers.bitwarden.tls: {{ bitwarden_traefik_tls | default('false') }}
      traefik.http.services.bitwarden.loadbalancer.server.port: 8080
      traefik.docker.network: traefik
      traefik.enable: "true"
-
 networks:
  traefik:
    external: true