From ea9603a2dbff238e5cdfedb869091e4150ac60e2 Mon Sep 17 00:00:00 2001
From: Kris Lamoureux <kris@lamoureux.io>
Date: Fri, 8 Aug 2025 01:31:39 -0400
Subject: [PATCH] testing

---
 roles/bitwarden/defaults/main.yml |  7 +++++--
 roles/bitwarden/tasks/main.yml    | 35 ++++++++++++++++++++++++-------
 2 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/roles/bitwarden/defaults/main.yml b/roles/bitwarden/defaults/main.yml
index 8e03a1c..056141a 100644
--- a/roles/bitwarden/defaults/main.yml
+++ b/roles/bitwarden/defaults/main.yml
@@ -1,7 +1,10 @@
 bitwarden_name: bitwarden
-bitwarden_root: "/var/lib/{{ bitwarden_name }}"
+bitwarden_user: bitwarden
+bitwarden_root: /home/bitwarden
 bitwarden_logs_identity: "{{ bitwarden_root }}/bwdata/logs/identity/Identity"
-bitwarden_logs_identity_date: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}"
+bitwarden_logs_identity_date:
+  "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{
+  ansible_date_time.day }}"
 bitwarden_database: "{{ bitwarden_name }}"
 bitwarden_realips: "172.16.0.0/12"
 bitwarden_standalone: false
diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml
index 83855cf..ba28b45 100644
--- a/roles/bitwarden/tasks/main.yml
+++ b/roles/bitwarden/tasks/main.yml
@@ -3,35 +3,39 @@
     name: expect
     state: present
 
-- name: Create Bitwarden directory
-  ansible.builtin.file:
-    path: "{{ bitwarden_root }}"
-    state: directory
-    mode: "755"
-
 - name: Download Bitwarden script
   ansible.builtin.get_url:
     url: "https://raw.githubusercontent.com/\
-          bitwarden/self-host/master/bitwarden.sh"
+      bitwarden/self-host/master/bitwarden.sh"
     dest: "{{ bitwarden_root }}"
+    owner: "{{ bitwarden_user }}"
+    group: "{{ bitwarden_user }}"
     mode: u+x
 
 - name: Install Bitwarden script wrapper
   ansible.builtin.template:
     src: bw_wrapper.j2
     dest: "{{ bitwarden_root }}/bw_wrapper"
+    owner: "{{ bitwarden_user }}"
+    group: "{{ bitwarden_user }}"
     mode: u+x
 
 - name: Run Bitwarden installation script
   ansible.builtin.command: "{{ bitwarden_root }}/bw_wrapper"
   args:
     creates: "{{ bitwarden_root }}/bwdata/config.yml"
+  become_user: "{{ bitwarden_user }}"
+  become: true
 
 - name: Install compose override
   ansible.builtin.template:
     src: compose.override.yml.j2
     dest: "{{ bitwarden_root }}/bwdata/docker/docker-compose.override.yml"
+    owner: "{{ bitwarden_user }}"
+    group: "{{ bitwarden_user }}"
     mode: "644"
+  become_user: "{{ bitwarden_user }}"
+  become: true
   when: bitwarden_override | default(true)
   notify: rebuild_bitwarden
 
@@ -40,6 +44,8 @@
     path: "{{ bitwarden_root }}/bwdata/config.yml"
     regexp: "^http_port: 80$"
     replace: "http_port: {{ bitwarden_http_port | default('127.0.0.1:9080') }}"
+  become_user: "{{ bitwarden_user }}"
+  become: true
   when: not bitwarden_standalone
   notify: rebuild_bitwarden
 
@@ -47,7 +53,10 @@
   ansible.builtin.replace:
     path: "{{ bitwarden_root }}/bwdata/config.yml"
     regexp: "^https_port: 443$"
-    replace: "https_port: {{ bitwarden_https_port | default('127.0.0.1:9443') }}"
+    replace:
+      "https_port: {{ bitwarden_https_port | default('127.0.0.1:9443') }}"
+  become_user: "{{ bitwarden_user }}"
+  become: true
   when: not bitwarden_standalone
   notify: rebuild_bitwarden
 
@@ -56,6 +65,8 @@
     path: "{{ bitwarden_root }}/bwdata/config.yml"
     regexp: "^ssl_managed_lets_encrypt: true$"
     replace: "ssl_managed_lets_encrypt: false"
+  become_user: "{{ bitwarden_user }}"
+  become: true
   when: not bitwarden_standalone or not bitwarden_production
   notify: rebuild_bitwarden
 
@@ -64,6 +75,8 @@
     path: "{{ bitwarden_root }}/bwdata/config.yml"
     regexp: "^ssl: true$"
     replace: "ssl: false"
+  become_user: "{{ bitwarden_user }}"
+  become: true
   when: not bitwarden_standalone
   notify: rebuild_bitwarden
 
@@ -72,12 +85,16 @@
     path: "{{ bitwarden_root }}/bwdata/config.yml"
     line: "- {{ bitwarden_realips }}"
     insertafter: "^real_ips"
+  become_user: "{{ bitwarden_user }}"
+  become: true
   notify: rebuild_bitwarden
 
 - name: Install Bitwarden systemd service
   ansible.builtin.template:
     src: bitwarden.service.j2
     dest: "/etc/systemd/system/{{ bitwarden_name }}.service"
+    owner: "{{ bitwarden_user }}"
+    group: "{{ bitwarden_user }}"
     mode: "644"
   register: bitwarden_systemd
   notify: rebuild_bitwarden
@@ -86,6 +103,8 @@
   ansible.builtin.file:
     path: "{{ bitwarden_logs_identity }}"
     state: directory
+    owner: "{{ bitwarden_user }}"
+    group: "{{ bitwarden_user }}"
     mode: "755"
   notify: touch_bitwarden