Skip to content

Latest commit

 

History

History
92 lines (65 loc) · 2.91 KB

HEADER.md

File metadata and controls

92 lines (65 loc) · 2.91 KB
Raw

Ansible Role: Bitwarden

CI

Deploy Bitwarden with Docker and Docker-Compose using the bitwarden.sh.

This role is an automated wrapper around the Bitwarden setup scripts. It makes heavy use of handlers to trigger reconfigure and update tasks.

If you need any task not covered by the role it's totally fine to use the setup script on the machine directly. Use the official docs as reference: https://bitwarden.com/help/article/install-on-premise/

Usage

Add the role to your playbook:

- hosts: server
  roles:
    - { role: breuninger.bitwarden }

Known issues

Bitwarden version

Bitwarden has a different version in the setup files than in the tagged version of the repo may indicates. This is due to their release strategy, which always increases the actual version only in the master. We are already in talks with Bitwarden and hope for a different mode of release.

SSL Modes

The Bitwarden setup script allows for four different ways of setting up SSL (or the lack thereof): a user provided SSL cert, an SSL cert that is created by Let's Encrypt, a self-signed cert generated by the setup container, and no SSL (not recommended for installs being used normally).

User Provided

To maintain backwards compatibility, this is the default mode for this role. While the Bitwarden setup script allows for untrusted certs provided by the user, this role requires it to be trusted (signed by a CA, not self signed).

- hosts: server
  roles:
    - role: breuninger.bitwarden
      vars:
        bitwarden_ssl_mode: provided
        bitwarden_nginx_cert_path: /path/to/ssl/cert
        bitwarden_nginx_cert_key: /path/to/ssl/key

If an untrusted-user-provided-cert usecase is needed, it can be added with a new ssl_mode and corresponding inputs in defaults/main.yml.

Let's Encrypt

Use the Certbot SSL integration that comes with the Bitwarden setup script

- hosts: server
  roles:
    - role: breuninger.bitwarden
      vars:
          bitwarden_ssl_mode: lets_encrypt
          bitwarden_lets_encrypt_email: [email protected]

Generated self signed

The Bitwarden setup script allows for generating a self-signed SSL cert to utilize SSL, but from an untrusted source. The two methods above are better for running Bitwarden in a Production environment. Please choose from one of them instead of using this option, unless absolutely necessary.

- hosts: server
  roles:
    - role: breuninger.bitwarden
      vars:
        bitwarden_ssl_mode: generate

No SSL

Please heavily consider your use case before using this option. One legitimate usecase for this is SSL termination at a reverse proxy.

- hosts: server
  roles:
    - role: breuninger.bitwarden
      vars:
        bitwarden_ssl_mode: disable