Installs vaultwarden behind an nginx proxy using postgres backend in a (rootfull) podman container.
Ansible Collections (especially the community.crypto and containers.podman collection) are required. You should also have a working SMTP server and a domain pointing to your webserver. The firewall ports 80 and 443 should also be open.
- vaultwarden_acme_account_email is required for the Let's Encrypt certificate. Tip: You can change the ACME certificate service by setting a different vaultwarden_acme_directory.
- vaultwarden_fqdn is the required full qualified domain name.
- vaultwarden_smtp_{from,host,user,password} are required for SMTP configuration.
- vaultwarden_admin_token can be set to enable the Vaultwarden Admin Panel.
- the rest should be reasonable defaults but YMMV (you can adapt the playbook to your needs)
---
- name: install vaultwarden
hosts: vaultwarden.example.com
become: yes
vars:
vaultwarden_acme_account_email: vaultwarden@example.com
vaultwarden_admin_token: "VAULTWARDEN_ADMIN_TOKEN"
vaultwarden_fqdn: "vaultwarden.example.com"
vaultwarden_smtp_from: vaultwarden@example.com
vaultwarden_smtp_host: mail.example.com
vaultwarden_smtp_password: SMTP_PASSWORD
vaultwarden_smtp_user: vaultwarden
roles:
- stefan0xc.vaultwarden_ansible_podman
MIT
Stefan Melmuk