Skull-IT/iac_stack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iac_stack/ansible/roles/deploy_container_vaultwarden
History
= bcc7fb55d5 add new container
2025-08-13 17:43:37 +02:00
..
defaults add new container 2025-08-13 17:43:37 +02:00
files add new container 2025-08-13 17:43:37 +02:00
handlers add new container 2025-08-13 17:43:37 +02:00
meta add new container 2025-08-13 17:43:37 +02:00
tasks add new container 2025-08-13 17:43:37 +02:00
templates add new container 2025-08-13 17:43:37 +02:00
vars add new container 2025-08-13 17:43:37 +02:00
README.md add new container 2025-08-13 17:43:37 +02:00

README.md

Role: deploy_container_vaultwarden

Purpose

This role installs and configures Vaultwarden (a Bitwarden-compatible password manager) as a Docker container.
It generates a docker-compose.yml and .env file based on the provided variables and integrates the container into an existing Traefik setup.

The role focuses solely on deployment and basic configuration of Vaultwarden, including SMTP settings and the admin token.

Variables

Default Variables (defaults/main.yml)

container_vaultwarden_version: latest                  # (type: string) Vaultwarden container version
container_vaultwarden_domain: vaultwarden.example.com  # (type: string) Domain name for Vaultwarden
container_vaultwarden_admin_token: generated_vaultwarden_hash  # (type: string) Argon2 hash for admin login
container_vaultwarden_smtp_host: ip_of_your_smtp_server # (type: string) SMTP server hostname/IP
container_vaultwarden_smtp_from: mail@example.com       # (type: string) Sender email address for notifications
container_vaultwarden_smtp_port: 587                    # (type: int) SMTP port (587 = TLS, 465 = SSL)
container_vaultwarden_smtp_security: force_tls          # (type: string) SMTP security ("force_tls", "starttls", "off")
container_vaultwarden_smtp_username: your_smtp_username # (type: string) SMTP username
container_vaultwarden_smtp_password: your_smtp_password # (type: string) SMTP password

Note: The admin token must be generated with

docker run --rm -it vaultwarden/server /vaultwarden hash

Static Variables (vars/main.yml)

container_base_dir: /opt/docker/vaultwarden

Role Usage

roles:
  - role: deploy_container_vaultwarden
    vars:
      container_vaultwarden_domain: vault.yourdomain.tld
      container_vaultwarden_smtp_host: smtp.yourprovider.com
      container_vaultwarden_smtp_port: 465
      container_vaultwarden_smtp_security: force_tls

Requirements

  • Docker and Docker Compose must be installed
  • The Traefik network (traefik) must exist
  • Ansible access to the target system
  • Root/sudo privileges (become: true)

Authors