iac_stack/ansible/roles/deploy_container_vaultwarden/README.md

# Role: deploy_container_vaultwarden

## Purpose
This role installs and configures Vaultwarden (a Bitwarden-compatible password manager) as a Docker container.  
It generates a `docker-compose.yml` and `.env` file based on the provided variables and integrates the container into an existing Traefik setup.  

The role focuses solely on deployment and basic configuration of Vaultwarden, including SMTP settings and the admin token.

## Variables

### Default Variables (`defaults/main.yml`)
```yaml
container_vaultwarden_version: latest                  # (type: string) Vaultwarden container version
container_vaultwarden_domain: vaultwarden.example.com  # (type: string) Domain name for Vaultwarden
container_vaultwarden_admin_token: generated_vaultwarden_hash  # (type: string) Argon2 hash for admin login
container_vaultwarden_smtp_host: ip_of_your_smtp_server # (type: string) SMTP server hostname/IP
container_vaultwarden_smtp_from: mail@example.com       # (type: string) Sender email address for notifications
container_vaultwarden_smtp_port: 587                    # (type: int) SMTP port (587 = TLS, 465 = SSL)
container_vaultwarden_smtp_security: force_tls          # (type: string) SMTP security ("force_tls", "starttls", "off")
container_vaultwarden_smtp_username: your_smtp_username # (type: string) SMTP username
container_vaultwarden_smtp_password: your_smtp_password # (type: string) SMTP password
```
Note: The admin token must be generated with
```
docker run --rm -it vaultwarden/server /vaultwarden hash
```

### Static Variables (`vars/main.yml`)
```yaml
container_base_dir: /opt/docker/vaultwarden
```

### Role Usage

```yaml
roles:
  - role: deploy_container_vaultwarden
    vars:
      container_vaultwarden_domain: vault.yourdomain.tld
      container_vaultwarden_smtp_host: smtp.yourprovider.com
      container_vaultwarden_smtp_port: 465
      container_vaultwarden_smtp_security: force_tls
```

## Requirements
* Docker and Docker Compose must be installed
* The Traefik network (traefik) must exist
* Ansible access to the target system
* Root/sudo privileges (become: true)

## Authors
* Author
  📧 [Kevin Heyer](mailto:kevin.heyer@wira-gmbh.de)

```
add new container 2025-08-13 17:43:37 +02:00			`# Role: deploy_container_vaultwarden`

			`## Purpose`
			`This role installs and configures Vaultwarden (a Bitwarden-compatible password manager) as a Docker container.`
			It generates a `docker-compose.yml` and `.env` file based on the provided variables and integrates the container into an existing Traefik setup.

			`The role focuses solely on deployment and basic configuration of Vaultwarden, including SMTP settings and the admin token.`

			`## Variables`

			### Default Variables (`defaults/main.yml`)
			```yaml
			`container_vaultwarden_version: latest # (type: string) Vaultwarden container version`
			`container_vaultwarden_domain: vaultwarden.example.com # (type: string) Domain name for Vaultwarden`
			`container_vaultwarden_admin_token: generated_vaultwarden_hash # (type: string) Argon2 hash for admin login`
			`container_vaultwarden_smtp_host: ip_of_your_smtp_server # (type: string) SMTP server hostname/IP`
			`container_vaultwarden_smtp_from: mail@example.com # (type: string) Sender email address for notifications`
			`container_vaultwarden_smtp_port: 587 # (type: int) SMTP port (587 = TLS, 465 = SSL)`
			`container_vaultwarden_smtp_security: force_tls # (type: string) SMTP security ("force_tls", "starttls", "off")`
			`container_vaultwarden_smtp_username: your_smtp_username # (type: string) SMTP username`
			`container_vaultwarden_smtp_password: your_smtp_password # (type: string) SMTP password`
			```
			`Note: The admin token must be generated with`
			```
			`docker run --rm -it vaultwarden/server /vaultwarden hash`
			```

			### Static Variables (`vars/main.yml`)
			```yaml
			`container_base_dir: /opt/docker/vaultwarden`
			```

			`### Role Usage`

			```yaml
			`roles:`
			`- role: deploy_container_vaultwarden`
			`vars:`
			`container_vaultwarden_domain: vault.yourdomain.tld`
			`container_vaultwarden_smtp_host: smtp.yourprovider.com`
			`container_vaultwarden_smtp_port: 465`
			`container_vaultwarden_smtp_security: force_tls`
			```

			`## Requirements`
			`* Docker and Docker Compose must be installed`
			`* The Traefik network (traefik) must exist`
			`* Ansible access to the target system`
			`* Root/sudo privileges (become: true)`

			`## Authors`
			`* Author`
			`📧 [Kevin Heyer](mailto:kevin.heyer@wira-gmbh.de)`

			```