Skip to content

ct-Open-Source/telerec-t-vaultwarden

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

telerec-t-vaultwarden

Telerec't submodule for Vaultwarden [1].

Installation

Add the submodule to your Ansible setup:

git submodule add https://github.com/ct-Open-Source/telerec-t-vaultwarden.git roles/vaultwarden

Then set an admin password. It should be rather long and hard to guess. A long random string is suitable and can easily be created with:

openssl rand -base64 48 | tr -d /=

Then use this to create an admin_token:

echo -n "admin-password-string" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4 | sed 's#\$#\$\$#g'

Add a section vaultwarden to your group_vars/all.yml and create a new key named admin_token with the output of this command. Do not forget to encase it with double quotes.

The admin interface is additionally secured via HTTP-Basic authentication. Create credentials with a hashed password for the variable http_basic_users:

htpasswd -nb mustermaria Geheimnis| sed -e s/\\$/\\$\\$/g

The string in this variable can be a comma separated list of user accounts created all like this.

As a last step create a playbook vaultwarden.yml like this in the base folder of your setup:

- hosts: server
  become: true
  roles:
    - role: vaultwarden
      vars:
        service_cfg: "{{ vaultwarden }}"

Running the playbook

Start the playbook with:

pipenv run ansible-playbook vaultwarden.yml -i hosts

You may use tags like this: pipenv run ansible-playbook vaultwarden.yml -i hosts --tags restarted

Reference

[1] Niklas Dierking, Geheimniskrämer, Der Raspberry Pi als Passwort-Server, c’t 9/2021, S. 18

About

Telerec't submodule for Valutwarden

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages