Set up Bitwarden behind Traefik

roles/bitwarden/templates/bw_wrapper.j2

@@ -2,13 +2,17 @@
 
 set timeout -1
 
-spawn /home/{{ docker_user }}/bitwarden/bitwarden.sh install
+spawn {{ bitwarden_root }}/bitwarden.sh install
 
 expect "Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com):"
 send "{{ bitwarden_domain }}\r"
 
 expect "Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):"
+{% if bitwarden_standalone and bitwarden_production %}
+send "y\r"
+{% else %}
 send "n\r"
+{% endif %}
 
 expect "Enter your installation id (get at https://bitwarden.com/host):"
 send "{{ bitwarden_install_id }}\r"
@@ -20,11 +24,11 @@ expect "Do you have a SSL certificate to use? (y/n):"
 send "n\r"
 
 expect "Do you want to generate a self-signed SSL certificate? (y/n):"
+{% if bitwarden_standalone and not bitwarden_production %}
 send "y\r"
+{% else %}
+send "n\r"
+{% endif %}
 
 expect "Next steps, run:\r\n`./bitwarden.sh start`"
 expect eof
-
-spawn /home/{{ docker_user }}/bitwarden/bitwarden.sh start
-expect "Bitwarden is up and running!"
-expect eof

roles/bitwarden/templates/compose.override.yml.j2

@@ -0,0 +1,16 @@
+services:
+  nginx:
+    networks:
+      - traefik
+    labels:
+      traefik.http.routers.bitwarden.rule: "Host(`{{ bitwarden_domain }}`)"
+      traefik.http.routers.bitwarden.entrypoints: websecure
+      traefik.http.routers.bitwarden.tls.certresolver: letsencrypt
+      traefik.http.routers.bitwarden.middlewares: "securehttps@file"
+      traefik.http.services.bitwarden.loadbalancer.server.port: 8080
+      traefik.docker.network: traefik
+      traefik.enable: "true"
+
+networks:
+  traefik:
+    external: true