diff --git a/roles/bitwarden/defaults/main.yml b/roles/bitwarden/defaults/main.yml index da91560..46c67fe 100644 --- a/roles/bitwarden/defaults/main.yml +++ b/roles/bitwarden/defaults/main.yml @@ -1,5 +1,5 @@ bitwarden_name: bitwarden -bitwarden_root: "/opt/{{ bitwarden_name }}" +bitwarden_root: "{{ docker_root }}/{{ bitwarden_name }}" bitwarden_database: "{{ bitwarden_name }}" bitwarden_standalone: false bitwarden_production: false diff --git a/roles/bitwarden/handlers/main.yml b/roles/bitwarden/handlers/main.yml index 8fd980b..1e9b262 100644 --- a/roles/bitwarden/handlers/main.yml +++ b/roles/bitwarden/handlers/main.yml @@ -1,7 +1,16 @@ +- name: Stop Bitwarden for rebuild + service: + name: "{{ bitwarden_name }}" + state: stopped + listen: rebuild_bitwarden + - name: Rebuild Bitwarden shell: "{{ bitwarden_root }}/bitwarden.sh rebuild" listen: rebuild_bitwarden -- name: Start Bitwarden - shell: "{{ bitwarden_root }}/bitwarden.sh start" - listen: start_bitwarden +- name: Start Bitwarden after rebuild + service: + name: "{{ bitwarden_name }}" + state: started + enabled: true + listen: rebuild_bitwarden diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index 4a9cc12..7f9a6b3 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -25,36 +25,29 @@ shell: "{{ bitwarden_root }}/bw_wrapper" args: creates: "{{ bitwarden_root }}/bwdata/config.yml" - notify: start_bitwarden - name: Install docker-compose override template: src: compose.override.yml.j2 dest: "{{ bitwarden_root }}/bwdata/docker/docker-compose.override.yml" when: traefik_version is defined - notify: - - rebuild_bitwarden - - start_bitwarden + notify: rebuild_bitwarden - name: Disable bitwarden-nginx HTTP on 80 replace: path: "{{ bitwarden_root }}/bwdata/config.yml" regexp: "^http_port: 80$" - replace: "http_port: 8080" + replace: "http_port: 127.0.0.1:8080" when: not bitwarden_standalone - notify: - - rebuild_bitwarden - - start_bitwarden + notify: rebuild_bitwarden - name: Disable bitwarden-nginx HTTPS on 443 replace: path: "{{ bitwarden_root }}/bwdata/config.yml" regexp: "^https_port: 443$" - replace: "https_port: 8443" + replace: "https_port: 127.0.0.1:8443" when: not bitwarden_standalone - notify: - - rebuild_bitwarden - - start_bitwarden + notify: rebuild_bitwarden - name: Disable Bitwarden managed Lets Encrypt replace: @@ -62,9 +55,7 @@ regexp: "^ssl_managed_lets_encrypt: true$" replace: "ssl_managed_lets_encrypt: false" when: not bitwarden_standalone or not bitwarden_production - notify: - - rebuild_bitwarden - - start_bitwarden + notify: rebuild_bitwarden - name: Disable Bitwarden managed SSL replace: @@ -72,6 +63,17 @@ regexp: "^ssl: true$" replace: "ssl: false" when: not bitwarden_standalone - notify: - - rebuild_bitwarden - - start_bitwarden + notify: rebuild_bitwarden + +- name: Install Bitwarden systemd service + template: + src: bitwarden.service.j2 + dest: "/etc/systemd/system/{{ bitwarden_name }}.service" + register: bitwarden_systemd + notify: rebuild_bitwarden + +- name: Reload systemd manager configuration + systemd: + daemon_reload: true + when: bitwarden_systemd.changed + notify: rebuild_bitwarden diff --git a/roles/bitwarden/templates/bitwarden.service.j2 b/roles/bitwarden/templates/bitwarden.service.j2 new file mode 100644 index 0000000..fab45ce --- /dev/null +++ b/roles/bitwarden/templates/bitwarden.service.j2 @@ -0,0 +1,13 @@ +[Unit] +Description=Bitwarden Password Manager Server +PartOf=docker.service +After=docker.service + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart={{ bitwarden_root }}/bitwarden.sh start +ExecStop={{ bitwarden_root }}/bitwarden.sh stop + +[Install] +WantedBy=multi-user.target