diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..a20c997 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,58 @@ +--- +name: ci +'on': + pull_request: + push: + branches: + - main + +defaults: + run: + working-directory: 'bcook254.vaultwarden' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'bcook254.vaultwarden' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: python -m pip install yamllint + + - name: Lint code. + run: yamllint . + + molecule: + name: Molecule Test + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'bcook254.vaultwarden' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: python -m pip install ansible molecule molecule-plugins[docker] docker + + - name: Run Molecule tests. + run: molecule test --driver-name docker --scenario-name all + env: + VAULTWARDEN_VERSION: '1.30.5' + VAULTWARDEN_URL: ${{ secrets.VAULTWARDEN_URL }} + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' diff --git a/.yamllint b/.yamllint index 8e2c589..a552e2a 100644 --- a/.yamllint +++ b/.yamllint @@ -4,6 +4,7 @@ extends: default ignore: | molecule/ + .github/ rules: braces: diff --git a/defaults/main.yml b/defaults/main.yml index 18e9482..f9e52e8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,6 +2,13 @@ vaultwarden_user: vaultwarden vaultwarden_group: vaultwarden vaultwarden_daemon: vaultwarden +vaultwarden_bin_dir: /usr/local/bin +vaultwarden_bin_file: "{{ vaultwarden_bin_dir }}/vaultwarden" +vaultwarden_home_dir: /var/lib/vaultwarden +vaultwarden_data_dir: "{{ vaultwarden_home_dir }}/data" +vaultwarden_web_vault_dir: "{{ vaultwarden_home_dir }}/web-vault" +vaultwarden_config_dir: /etc/vaultwarden +vaultwarden_config_file: "{{ vaultwarden_config_dir }}/vaultwarden.env" vaultwarden_database_name: vaultwarden vaultwarden_web_vault_version: 2023.10.0 vaultwarden_enable_web_vault: true diff --git a/meta/main.yml b/meta/main.yml index 2a4c8eb..a780115 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -17,17 +17,15 @@ galaxy_info: - 9 - name: Fedora versions: - - 37 - 38 + - 39 - name: Debian versions: - - bullseye - bookworm - name: Ubuntu versions: - - bionic - - focal - jammy galaxy_tags: - vaultwarden - bitwardenrs + - bitwarden_rs diff --git a/molecule/all/converge.yml b/molecule/all/converge.yml index f5b33bc..5f5dae9 100644 --- a/molecule/all/converge.yml +++ b/molecule/all/converge.yml @@ -3,7 +3,7 @@ hosts: all vars: - vaultwarden_file: "{{ 'molecule/vaultwarden-openssl1' if ('openssl1' in group_names) else 'molecule/vaultwarden' }}" + vaultwarden_file: "{{ None if (vaultwarden_url is defined and vaultwarden_url | length > 0) else 'molecule/vaultwarden' }}" vaultwarden_manage_config: true roles: diff --git a/molecule/all/molecule.yml b/molecule/all/molecule.yml index 7eb1a8b..7701cd8 100644 --- a/molecule/all/molecule.yml +++ b/molecule/all/molecule.yml @@ -9,96 +9,51 @@ platforms: - name: ubuntu2204 image: docker.io/geerlingguy/docker-ubuntu2204-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN - cgroupns_mode: host - pre_build_image: true - - name: ubuntu2004 - groups: - - openssl1 - image: docker.io/geerlingguy/docker-ubuntu2004-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true - name: debian12 image: docker.io/geerlingguy/docker-debian12-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true - - name: debian11 - groups: - - openssl1 - image: docker.io/geerlingguy/docker-debian11-ansible + - name: fedora39 + image: docker.io/geerlingguy/docker-fedora39-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true - name: fedora38 image: docker.io/geerlingguy/docker-fedora38-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN - cgroupns_mode: host - pre_build_image: true - - name: fedora37 - image: docker.io/geerlingguy/docker-fedora37-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true - name: centosstream9 image: ghcr.io/bcook254/docker-centosstream9-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true provisioner: name: ansible inventory: group_vars: - openssl1: + all: + vaultwarden_version: "${VAULTWARDEN_VERSION}" + vaultwarden_url: "${VAULTWARDEN_URL}" + vaultwarden_url_checksum: "sha256:{{ vaultwarden_url }}.sha256" host_vars: centosstream9: vaultwarden_packages: @@ -117,5 +72,4 @@ verifier: name: ansible lint: | set -e - yamllint . ansible-lint . \ No newline at end of file diff --git a/molecule/all/verify.yml b/molecule/all/verify.yml index 7a316ef..0b81a21 100644 --- a/molecule/all/verify.yml +++ b/molecule/all/verify.yml @@ -14,7 +14,7 @@ chdir: /usr/local/bin changed_when: false register: __vaultwarden_version - failed_when: __vaultwarden_version is not search('1.29.0') + failed_when: __vaultwarden_version is not search(vaultwarden_version if vaultwarden_version | length > 0 else '1.30.5') - name: Check if Vaultwarden web-vault is installed. ansible.builtin.stat: diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index f5b33bc..5f5dae9 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,7 +3,7 @@ hosts: all vars: - vaultwarden_file: "{{ 'molecule/vaultwarden-openssl1' if ('openssl1' in group_names) else 'molecule/vaultwarden' }}" + vaultwarden_file: "{{ None if (vaultwarden_url is defined and vaultwarden_url | length > 0) else 'molecule/vaultwarden' }}" vaultwarden_manage_config: true roles: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 81e01c5..69204ec 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,21 +7,29 @@ driver: name: podman platforms: - name: ${MOLECULE_DISTRO:-ubuntu2204} - groups: - - ${MOLECULE_OPENSSL:-openssl3} image: docker.io/geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + privileged: true cgroupns_mode: host pre_build_image: true provisioner: name: ansible + inventory: + group_vars: + all: + vaultwarden_version: "${VAULTWARDEN_VERSION}" + vaultwarden_url: "${VAULTWARDEN_URL}" + vaultwarden_url_checksum: "sha256:{{ vaultwarden_url }}.sha256" + host_vars: + centosstream9: + vaultwarden_packages: + - openssl + - ca-certificates + - curl-minimal + - mariadb-devel + - libpq config_options: defaults: interpreter_python: auto_silent diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index ebb1dfa..ce4e32b 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -14,7 +14,7 @@ chdir: /usr/local/bin changed_when: false register: __vaultwarden_version - failed_when: __vaultwarden_version is not search('1.29.0') + failed_when: __vaultwarden_version is not search(vaultwarden_version if vaultwarden_version | length > 0 else '1.30.5') - name: Check if Vaultwarden web-vault is installed. ansible.builtin.stat: diff --git a/tasks/assertions.yml b/tasks/assertions.yml index d8b5a21..a9173b4 100644 --- a/tasks/assertions.yml +++ b/tasks/assertions.yml @@ -2,6 +2,6 @@ - name: Check either vaultwarden_url or vaultwarden_file is set. ansible.builtin.assert: that: - - vaultwarden_url is defined or vaultwarden_file is defined + - (vaultwarden_url is defined and vaultwarden_url | length > 0) or (vaultwarden_file is defined and vaultwarden_file | length > 0) fail_msg: "One of 'vaultwarden_url' or 'vaultwarden_file' must be set." quiet: true diff --git a/tasks/configure.yml b/tasks/configure.yml index 040266d..050a0aa 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -2,7 +2,7 @@ - name: Configure environment variables. ansible.builtin.template: src: "env.j2" - dest: "{{ vaultwarden_config_path }}" + dest: "{{ vaultwarden_config_file }}" owner: "{{ vaultwarden_user }}" group: "{{ vaultwarden_group }}" mode: 0600 diff --git a/tasks/install.yml b/tasks/install.yml index b78adf2..295f040 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -18,7 +18,7 @@ url: "{{ vaultwarden_url }}" checksum: "{{ vaultwarden_url_checksum | default(omit) }}" headers: "{{ vaultwarden_url_headers | default(omit) }}" - dest: "{{ vaultwarden_bin_dir }}/vaultwarden" + dest: "{{ vaultwarden_bin_file }}" owner: "{{ vaultwarden_user }}" group: "{{ vaultwarden_group }}" mode: 0755 @@ -26,11 +26,12 @@ notify: restart vaultwarden when: - vaultwarden_url is defined + - vaultwarden_url | length > 0 - name: Install Vaultwarden (Local). ansible.builtin.copy: src: "{{ vaultwarden_file }}" - dest: "{{ vaultwarden_bin_dir }}/vaultwarden" + dest: "{{ vaultwarden_bin_file }}" owner: "{{ vaultwarden_user }}" group: "{{ vaultwarden_group }}" mode: 0755 @@ -38,6 +39,7 @@ notify: restart vaultwarden when: - vaultwarden_file is defined + - vaultwarden_file | length > 0 - name: Ensure Vaultwarden data directory exists. ansible.builtin.file: diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index ce0a492..940fa85 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -4,4 +4,3 @@ name: "{{ vaultwarden_packages }}" state: present update_cache: true - cache_valid_time: 43200 diff --git a/tasks/variables.yml b/tasks/variables.yml index f737de8..ac38de5 100644 --- a/tasks/variables.yml +++ b/tasks/variables.yml @@ -1,47 +1,13 @@ --- # Variable configuration. - name: Include OS-specific variables (Debian). - ansible.builtin.include_vars: "{{ ansible_distribution }}.yml" + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" when: ansible_os_family == 'Debian' - name: Include OS-specific variables (RedHat). ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" when: - ansible_os_family == 'RedHat' - - ansible_distribution != 'Fedora' - -- name: Include OS-specific variables (Fedora). - ansible.builtin.include_vars: "{{ ansible_distribution }}.yml" - when: ansible_distribution == 'Fedora' - -- name: Define vaultwarden_bin_dir. - ansible.builtin.set_fact: - vaultwarden_bin_dir: "{{ __vaultwarden_bin_dir }}" - when: vaultwarden_bin_dir is not defined - -- name: Define vaultwarden_home_dir. - ansible.builtin.set_fact: - vaultwarden_home_dir: "{{ __vaultwarden_home_dir }}" - when: vaultwarden_home_dir is not defined - -- name: Define vaultwarden_data_dir. - ansible.builtin.set_fact: - vaultwarden_data_dir: "{{ __vaultwarden_data_dir }}" - when: vaultwarden_data_dir is not defined - -- name: Define vaultwarden_config_dir. - ansible.builtin.set_fact: - vaultwarden_config_dir: "{{ __vaultwarden_config_dir }}" - when: vaultwarden_config_dir is not defined - -- name: Define vaultwarden_config_path. - ansible.builtin.set_fact: - vaultwarden_config_path: "{{ vaultwarden_config_dir }}/vaultwarden.env" - -- name: Define vaultwarden_web_vault_dir. - ansible.builtin.set_fact: - vaultwarden_web_vault_dir: "{{ __vaultwarden_web_vault_dir }}" - when: vaultwarden_web_vault_dir is not defined - name: Define vaultwarden_packages. ansible.builtin.set_fact: diff --git a/vars/Debian.yml b/vars/Debian.yml index ad99500..6f5f5a9 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,9 +1,4 @@ --- -__vaultwarden_home_dir: /var/lib/vaultwarden -__vaultwarden_data_dir: "{{ vaultwarden_home_dir }}/data" -__vaultwarden_bin_dir: /usr/local/bin -__vaultwarden_web_vault_dir: "{{ vaultwarden_home_dir }}/web-vault" -__vaultwarden_config_dir: /etc/vaultwarden __vaultwarden_packages: - openssl - ca-certificates diff --git a/vars/Fedora.yml b/vars/Fedora.yml deleted file mode 100644 index b80194c..0000000 --- a/vars/Fedora.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -__vaultwarden_home_dir: /var/lib/vaultwarden -__vaultwarden_data_dir: "{{ vaultwarden_home_dir }}/data" -__vaultwarden_bin_dir: /usr/local/bin -__vaultwarden_web_vault_dir: "{{ vaultwarden_home_dir }}/web-vault" -__vaultwarden_config_dir: /etc/vaultwarden -__vaultwarden_packages: - - openssl - - ca-certificates - - curl - - mariadb-devel - - libpq diff --git a/vars/RedHat.yml b/vars/RedHat.yml index b80194c..35f0ad2 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,9 +1,4 @@ --- -__vaultwarden_home_dir: /var/lib/vaultwarden -__vaultwarden_data_dir: "{{ vaultwarden_home_dir }}/data" -__vaultwarden_bin_dir: /usr/local/bin -__vaultwarden_web_vault_dir: "{{ vaultwarden_home_dir }}/web-vault" -__vaultwarden_config_dir: /etc/vaultwarden __vaultwarden_packages: - openssl - ca-certificates diff --git a/vars/Ubuntu.yml b/vars/Ubuntu.yml deleted file mode 100644 index ad99500..0000000 --- a/vars/Ubuntu.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -__vaultwarden_home_dir: /var/lib/vaultwarden -__vaultwarden_data_dir: "{{ vaultwarden_home_dir }}/data" -__vaultwarden_bin_dir: /usr/local/bin -__vaultwarden_web_vault_dir: "{{ vaultwarden_home_dir }}/web-vault" -__vaultwarden_config_dir: /etc/vaultwarden -__vaultwarden_packages: - - openssl - - ca-certificates - - curl - - libmariadb-dev-compat - - libpq5