From 2516154b8728cab2be47721fa61f0a1f128bd979 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Mon, 6 Dec 2021 20:00:28 -0800 Subject: [PATCH 01/19] Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fb995c8..fbe39e6 100644 --- a/README.md +++ b/README.md @@ -16,5 +16,5 @@ ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --f ## Deploy to Docker Swarm ```bash -ansible-playbook .ansible/deploy.yaml -i .ansible/inventory/development/hosts --vault-id ~/.tokens/master_id +ansible-playbook .ansible/deploy.yaml -i .ansible/inventory/development ``` From 5765fcbe384d34ead8f1ad44e4b9dfdb8ef15415 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:12:14 -0800 Subject: [PATCH 02/19] Update ansible config --- .ansible/ansible.cfg | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.ansible/ansible.cfg b/.ansible/ansible.cfg index b177cda..50e48df 100644 --- a/.ansible/ansible.cfg +++ b/.ansible/ansible.cfg @@ -1,9 +1,4 @@ [defaults] -stdout_callback = debug host_key_checking = True retry_files_enabled = False - -# Fixes ansible variable precedence issue: Makes inventory group_vars override playbook group_vars -# https://github.com/ansible/ansible/issues/18154 -precedence = all_plugins_play, all_inventory, all_plugins_inventory, groups_plugins_play, groups_inventory, groups_plugins_inventory From 24f600d2e58a3002eb9979df6fa61cababb3f2ac Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:12:32 -0800 Subject: [PATCH 03/19] Update gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 1a9d9cc..8fd013d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -.ansible/roles/docker_deploy +.ansible/roles/docker +.ansible/roles/common .DS_Store From 2773500cc50fb1c8487c1550e995a77f496a3496 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:37:00 -0800 Subject: [PATCH 04/19] Repo refresh --- .../development/group_vars/tools/config.yaml | 1 + .../development/group_vars/tools/proxy.yaml | 1 - .ansible/inventory/development/hosts | 2 + .../production/group_vars/tools/config.yaml | 15 ++----- .../production/group_vars/tools/proxy.yaml | 1 - .ansible/inventory/production/hosts | 2 + .ansible/roles/requirements.yaml | 4 +- .ansible/templates/docker-compose.yaml.j2 | 41 ++++++++----------- .drone.yaml | 6 ++- README.md | 20 +++++---- 10 files changed, 43 insertions(+), 50 deletions(-) delete mode 100644 .ansible/inventory/development/group_vars/tools/proxy.yaml delete mode 100644 .ansible/inventory/production/group_vars/tools/proxy.yaml diff --git a/.ansible/inventory/development/group_vars/tools/config.yaml b/.ansible/inventory/development/group_vars/tools/config.yaml index 2b49ee1..061d036 100644 --- a/.ansible/inventory/development/group_vars/tools/config.yaml +++ b/.ansible/inventory/development/group_vars/tools/config.yaml @@ -1,2 +1,3 @@ signups_allowed: yes admin_token: admin +host: bitwarden.dev.diesel.net diff --git a/.ansible/inventory/development/group_vars/tools/proxy.yaml b/.ansible/inventory/development/group_vars/tools/proxy.yaml deleted file mode 100644 index 179a79a..0000000 --- a/.ansible/inventory/development/group_vars/tools/proxy.yaml +++ /dev/null @@ -1 +0,0 @@ -proxy_domain: bitwarden.dev.diesel.net diff --git a/.ansible/inventory/development/hosts b/.ansible/inventory/development/hosts index 6e1b21a..3ffb164 100644 --- a/.ansible/inventory/development/hosts +++ b/.ansible/inventory/development/hosts @@ -1,8 +1,10 @@ all: children: + tools: hosts: dev.diesel.net + vars: ansible_user: automation ansible_python_interpreter: /usr/bin/python3 diff --git a/.ansible/inventory/production/group_vars/tools/config.yaml b/.ansible/inventory/production/group_vars/tools/config.yaml index 07d2858..f90726f 100644 --- a/.ansible/inventory/production/group_vars/tools/config.yaml +++ b/.ansible/inventory/production/group_vars/tools/config.yaml @@ -1,11 +1,4 @@ -signups_allowed: no -admin_token: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63353762613865376264346632316461666430653533353062363762393766383936303538663831 - 6535613862376263623966663039626631313931336331320a376464633533353262373739323330 - 62373336316365323964323665383137616132613364313239363736656236623630663061333838 - 3633383966323731330a306535626637363034366362323738336235623239373064386536636361 - 33613136346535323839396132636130373639613966346235396531636338646338316661343564 - 65386330303032623163306131616333623931633139363334376332383463646233396664613339 - 66623662643664366633396236313466663663353935353166383865356665393332653064643464 - 64313437303036626330 +signups_allowed: yes +admin_token: "{{ lookup('env', 'ADMIN_TOKEN') }}" + +host: bitwarden.diesel.net diff --git a/.ansible/inventory/production/group_vars/tools/proxy.yaml b/.ansible/inventory/production/group_vars/tools/proxy.yaml deleted file mode 100644 index 3dec846..0000000 --- a/.ansible/inventory/production/group_vars/tools/proxy.yaml +++ /dev/null @@ -1 +0,0 @@ -proxy_domain: bitwarden.diesel.net diff --git a/.ansible/inventory/production/hosts b/.ansible/inventory/production/hosts index 3c92186..f64cfb8 100644 --- a/.ansible/inventory/production/hosts +++ b/.ansible/inventory/production/hosts @@ -1,8 +1,10 @@ all: children: + tools: hosts: tools.diesel.net + vars: ansible_user: automation ansible_python_interpreter: /usr/bin/python3 diff --git a/.ansible/roles/requirements.yaml b/.ansible/roles/requirements.yaml index 7985374..b0dee25 100644 --- a/.ansible/roles/requirements.yaml +++ b/.ansible/roles/requirements.yaml @@ -1,9 +1,9 @@ - name: docker scm: git src: "git@github.com:Diesel-Net/ansible-role-docker.git" - version: 1.3.0 + version: 1.10.0 - name: common scm: git src: "git@github.com:Diesel-Net/ansible-role-common.git" - version: 1.1.0 + version: 1.2.0 diff --git a/.ansible/templates/docker-compose.yaml.j2 b/.ansible/templates/docker-compose.yaml.j2 index 10f099c..7290a70 100644 --- a/.ansible/templates/docker-compose.yaml.j2 +++ b/.ansible/templates/docker-compose.yaml.j2 @@ -5,40 +5,31 @@ services: main: - image: vaultwarden/server:1.22.2 + image: vaultwarden/server:1.23.1 volumes: - - /etc/localtime:/etc/localtime - - {{ ssl_cert_dir }}/:/etc/ssl/certs/ - - {{ data_dir }}:/data/ + - {{ localtime_file }}:/etc/localtime + - {{ ssl_cert_file }}:/etc/ssl/certs/ca-certificates.crt + - {{ data_dir }}:/data environment: - SIGNUPS_ALLOWED={{ signups_allowed | string | lower }} - ADMIN_TOKEN={{ admin_token }} - - DOMAIN=https://{{ proxy_domain }} + - DOMAIN=https://{{ host }} deploy: labels: - traefik.enable=true - - traefik.docker.network={{ docker_network }} - - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https - - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true - - traefik.http.routers.bitwarden-ui-https.rule=Host(`{{ proxy_domain }}`) - - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure - - traefik.http.routers.bitwarden-ui-https.tls=true - - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui - - traefik.http.routers.bitwarden-ui-http.rule=Host(`{{ proxy_domain }}`) - - traefik.http.routers.bitwarden-ui-https.tls.certresolver=step-ca - - traefik.http.routers.bitwarden-ui-http.entrypoints=web - - traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https - - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui + + # web interface - traefik.http.services.bitwarden-ui.loadbalancer.server.port=80 - - traefik.http.routers.bitwarden-websocket-https.rule=Host(`{{ proxy_domain }}`) && Path(`/notifications/hub`) - - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure - - traefik.http.routers.bitwarden-websocket-https.tls=true - - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket - - traefik.http.routers.bitwarden-websocket-http.rule=Host(`{{ proxy_domain }}`) && Path(`/notifications/hub`) - - traefik.http.routers.bitwarden-websocket-http.entrypoints=web - - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https - - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket + - traefik.http.routers.bitwarden-ui.rule=Host(`{{ host }}`) + - traefik.http.routers.bitwarden-ui.tls.certresolver=step-ca + - traefik.http.routers.bitwarden-ui.service=bitwarden-ui + + # websocket notifications - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012 + - traefik.http.routers.bitwarden-websocket.rule=Host(`{{ host }}`) && Path(`/notifications/hub`) + - traefik.http.routers.bitwarden-websocket.tls.certresolver=step-ca + - traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket + networks: - {{ docker_network }} diff --git a/.drone.yaml b/.drone.yaml index 7944278..2909ae7 100644 --- a/.drone.yaml +++ b/.drone.yaml @@ -15,7 +15,7 @@ steps: settings: playbook: .ansible/deploy.yaml galaxy: .ansible/roles/requirements.yaml - inventory: .ansible/inventory/development/hosts + inventory: .ansible/inventory/development private_key: from_secret: automation_id_rsa vault_password: @@ -41,10 +41,12 @@ steps: image: plugins/ansible:3 environment: ANSIBLE_CONFIG: .ansible/ansible.cfg + ADMIN_TOKEN: + from_secret: admin_token settings: playbook: .ansible/deploy.yaml galaxy: .ansible/roles/requirements.yaml - inventory: .ansible/inventory/production/hosts + inventory: .ansible/inventory/production private_key: from_secret: automation_id_rsa vault_password: diff --git a/README.md b/README.md index fbe39e6..bec9486 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,24 @@ [![Build Status](https://drone.kiwi-labs.net/api/badges/Diesel-Net/bitwarden/status.svg)](https://drone.kiwi-labs.net/Diesel-Net/bitwarden) # bitwarden -Sets up [vaultwarden](https://github.com/dani-garcia/vaultwarden) (formerly called bitwarden_rs) on the internal network. +[vaultwarden](https://github.com/dani-garcia/vaultwarden) (formerly named `bitwarden_rs`) on Docker Swarm -# Notes -- [traefik v2 labels](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples#traefik-v1-labels-migrated-to-traefik-v2) -## Requirements -- Ansible 2.10+ +## Manual Deployments +This application is automatically configured and deployed using Drone CI, however you may use these commands to manually deploy or test changes if needed. -## Installing Dependencies +### Requirements +Recommended way to install Ansible is with `pip` for `Python3.9+`. Ansible `5.0.1` was used at the time of this writing. ```bash -ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --force +pip3 install --user ansible ``` -## Deploy to Docker Swarm +1. Install Ansible Dependencies (external roles) +```bash +ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --force +``` +2. Configure and Deploy +You will need to have the ansible-vault password file configured on your machine. Please read the relevant [ansible documentation](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source) for more information. ```bash ansible-playbook .ansible/deploy.yaml -i .ansible/inventory/development ``` From 9e20fcbdc3bd8c4712668d74a4ac343994b1230b Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:38:18 -0800 Subject: [PATCH 05/19] clean up --- .ansible/inventory/production/group_vars/tools/config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.ansible/inventory/production/group_vars/tools/config.yaml b/.ansible/inventory/production/group_vars/tools/config.yaml index f90726f..44f1263 100644 --- a/.ansible/inventory/production/group_vars/tools/config.yaml +++ b/.ansible/inventory/production/group_vars/tools/config.yaml @@ -1,4 +1,3 @@ signups_allowed: yes admin_token: "{{ lookup('env', 'ADMIN_TOKEN') }}" - host: bitwarden.diesel.net From bb1c30aa8e2203f49a2ed63865ee74ab182418f2 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:42:52 -0800 Subject: [PATCH 06/19] Formatting --- README.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index bec9486..c98b375 100644 --- a/README.md +++ b/README.md @@ -14,11 +14,10 @@ pip3 install --user ansible ``` 1. Install Ansible Dependencies (external roles) -```bash -ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --force -``` -2. Configure and Deploy -You will need to have the ansible-vault password file configured on your machine. Please read the relevant [ansible documentation](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source) for more information. -```bash -ansible-playbook .ansible/deploy.yaml -i .ansible/inventory/development -``` + ```bash + ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --force + ``` +2. Configure and Deploy. You will need to have the ansible-vault password file configured on your machine. Please read the relevant [ansible documentation](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source) for more information. + ```bash + ansible-playbook .ansible/deploy.yaml -i .ansible/inventory/development + ``` From ed36f8fb4aa7c0612d9c600abe6952194b9a5298 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:45:26 -0800 Subject: [PATCH 07/19] Update README --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c98b375..7d2ccc2 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [vaultwarden](https://github.com/dani-garcia/vaultwarden) (formerly named `bitwarden_rs`) on Docker Swarm -## Manual Deployments +## Deployments This application is automatically configured and deployed using Drone CI, however you may use these commands to manually deploy or test changes if needed. ### Requirements @@ -13,6 +13,7 @@ Recommended way to install Ansible is with `pip` for `Python3.9+`. Ansible `5.0. pip3 install --user ansible ``` +### Steps 1. Install Ansible Dependencies (external roles) ```bash ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --force From e49a4d14b5c29a62add025908aba1126eeb1f9f6 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:56:47 -0800 Subject: [PATCH 08/19] Work on better deployment documentation --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7d2ccc2..9ca53ca 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ## Deployments -This application is automatically configured and deployed using Drone CI, however you may use these commands to manually deploy or test changes if needed. +This application is configured and deployed automatically using Drone CI, however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [ansible-vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your_ secrets using _your_ ansible vault password. ### Requirements Recommended way to install Ansible is with `pip` for `Python3.9+`. Ansible `5.0.1` was used at the time of this writing. @@ -18,7 +18,7 @@ pip3 install --user ansible ```bash ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --force ``` -2. Configure and Deploy. You will need to have the ansible-vault password file configured on your machine. Please read the relevant [ansible documentation](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source) for more information. +2. Configure and Deploy. ```bash ansible-playbook .ansible/deploy.yaml -i .ansible/inventory/development ``` From 5bb5dc412561fda02a65cc0907c64eeedd4d42a7 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:58:34 -0800 Subject: [PATCH 09/19] Revise --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9ca53ca..3cf33c4 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ## Deployments -This application is configured and deployed automatically using Drone CI, however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [ansible-vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your_ secrets using _your_ ansible vault password. +This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [ansible-vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ ansible vault password. ### Requirements Recommended way to install Ansible is with `pip` for `Python3.9+`. Ansible `5.0.1` was used at the time of this writing. From 4f1663b1807da9b74941409468d8a73e5815a120 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 17:59:40 -0800 Subject: [PATCH 10/19] Formatting --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3cf33c4..7696def 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ## Deployments -This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [ansible-vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ ansible vault password. +This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ ansible vault password. ### Requirements Recommended way to install Ansible is with `pip` for `Python3.9+`. Ansible `5.0.1` was used at the time of this writing. From 0dc92d634deb0fc3022bf9565bc57a7f2826f523 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:00:09 -0800 Subject: [PATCH 11/19] Formatting --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7696def..3be95d9 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ## Deployments -This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ ansible vault password. +This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ Ansible Vault password. ### Requirements Recommended way to install Ansible is with `pip` for `Python3.9+`. Ansible `5.0.1` was used at the time of this writing. From d995014360690cdf1f27d0b6200d4d6165d36467 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:02:20 -0800 Subject: [PATCH 12/19] Update README --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3be95d9..08911ba 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ [![Build Status](https://drone.kiwi-labs.net/api/badges/Diesel-Net/bitwarden/status.svg)](https://drone.kiwi-labs.net/Diesel-Net/bitwarden) # bitwarden -[vaultwarden](https://github.com/dani-garcia/vaultwarden) (formerly named `bitwarden_rs`) on Docker Swarm +Sets up bitwarden on Docker Swarm. + +:warning: This configuration uses the unofficial Rust backend [vaultwarden](https://github.com/dani-garcia/vaultwarden), which was formerly called `bitwarden_rs`. ## Deployments From 199051698b96922b5698e61adc2585b04ac0bfc9 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:09:09 -0800 Subject: [PATCH 13/19] Add note about installing Ansible --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 08911ba..93ef85d 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ Sets up bitwarden on Docker Swarm. This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ Ansible Vault password. ### Requirements -Recommended way to install Ansible is with `pip` for `Python3.9+`. Ansible `5.0.1` was used at the time of this writing. +I recommend [installing Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible) with `pip` (globally) versus other package managers like Apt or Brew. It makes upgrading and using third party modules much easier. ```bash -pip3 install --user ansible +python3 -m pip install --user ansible ``` ### Steps From 9e65c901b558b6fb595464cb96d3283318f1315c Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:10:47 -0800 Subject: [PATCH 14/19] update wording --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 93ef85d..107515f 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Sets up bitwarden on Docker Swarm. ## Deployments -This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there may be situations where you would prefer to configure and deploy the application manually. You will need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ Ansible Vault password. +This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there might be situations where you would prefer to do this manually. You will need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ Ansible Vault password. ### Requirements I recommend [installing Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible) with `pip` (globally) versus other package managers like Apt or Brew. It makes upgrading and using third party modules much easier. From c00f8ea1025d283d20ea158801cbf46ba8bf014b Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:13:38 -0800 Subject: [PATCH 15/19] Add relative link --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 107515f..060eec8 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,9 @@ Sets up bitwarden on Docker Swarm. ## Deployments -This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there might be situations where you would prefer to do this manually. You will need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ Ansible Vault password. +This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there might be situations where you would prefer to do this manually. + +You might need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine, if there are any vaulted secrets. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ Ansible Vault password and replace those variables in the [Ansible configuration](.ansible). ### Requirements I recommend [installing Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible) with `pip` (globally) versus other package managers like Apt or Brew. It makes upgrading and using third party modules much easier. From 9e3be80e3f2f2ca70f9f2535a8311a980cd8f451 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:14:13 -0800 Subject: [PATCH 16/19] revise --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 060eec8..6a4d266 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Sets up bitwarden on Docker Swarm. ## Deployments This application is configured and deployed automatically using [Drone CI](https://github.com/harness/drone), however there might be situations where you would prefer to do this manually. -You might need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine, if there are any vaulted secrets. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ Ansible Vault password and replace those variables in the [Ansible configuration](.ansible). +You will need to have the [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-content-with-ansible-vault) password file configured on your machine, if there are any vaulted secrets. Please read the relevant ansible documentation on [setting a default password source](https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source). If you are trying to reuse this Ansible configuration for your own purposes, then you will need to encrypt all of _your own_ secrets using _your own_ Ansible Vault password and replace those variables in the [Ansible configuration](.ansible). ### Requirements I recommend [installing Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible) with `pip` (globally) versus other package managers like Apt or Brew. It makes upgrading and using third party modules much easier. From 31367cc3f8730975f950e7f1dc9979f15e85fac0 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:18:09 -0800 Subject: [PATCH 17/19] Revise --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6a4d266..6f4aefd 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,8 @@ # bitwarden Sets up bitwarden on Docker Swarm. -:warning: This configuration uses the unofficial Rust backend [vaultwarden](https://github.com/dani-garcia/vaultwarden), which was formerly called `bitwarden_rs`. +:warning: Warning! +This configuration uses the unofficial backend [vaultwarden](https://github.com/dani-garcia/vaultwarden), formerly known as `bitwarden_rs`. ## Deployments @@ -18,11 +19,11 @@ python3 -m pip install --user ansible ``` ### Steps -1. Install Ansible Dependencies (external roles) +1. Install roles (dependencies). ```bash ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --force ``` -2. Configure and Deploy. +2. Run playbook. ```bash ansible-playbook .ansible/deploy.yaml -i .ansible/inventory/development ``` From f9398131c470f564892879b38b685499caa6ad11 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:20:49 -0800 Subject: [PATCH 18/19] formatting --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 6f4aefd..e671f4a 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,7 @@ # bitwarden Sets up bitwarden on Docker Swarm. -:warning: Warning! -This configuration uses the unofficial backend [vaultwarden](https://github.com/dani-garcia/vaultwarden), formerly known as `bitwarden_rs`. +:warning: This configuration uses the unofficial backend [vaultwarden](https://github.com/dani-garcia/vaultwarden), formerly known as `bitwarden_rs`. ## Deployments From 2a1005fe362371994a16d1c68668e0013bf5d585 Mon Sep 17 00:00:00 2001 From: Thomas Daley Date: Sat, 1 Jan 2022 18:23:21 -0800 Subject: [PATCH 19/19] try two --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e671f4a..f3ceb63 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ # bitwarden Sets up bitwarden on Docker Swarm. -:warning: This configuration uses the unofficial backend [vaultwarden](https://github.com/dani-garcia/vaultwarden), formerly known as `bitwarden_rs`. +:warning: this configuration uses the unofficial backend [vaultwarden](https://github.com/dani-garcia/vaultwarden), formerly known as `bitwarden_rs` :warning: ## Deployments