GHP publish

roles/bitwarden/defaults/main.yaml

@@ -0,0 +1,40 @@
+bitwarden_enabled: true
+bitwarden_publish: false
+bitwarden_use_external_db: true
+bitwarden_default_values:
+  env:
+    SIGNUPS_ALLOWED: true
+    INVITATIONS_ALLOWED: true
+    DATABASE_URL: "postgresql://{{ bitwarden_db_username }}:{{ bitwarden_db_password }}@{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432/bitwarden?sslmode=require"
+    DOMAIN: "https://bitwarden.{{ domain }}"
+    SMTP_FROM: "bitwarden@{{ domain }}"
+    SMTP_HOST: "mail.{{ domain }}"
+    SMTP_PASSWORD: "{{ bitwarden_ldap_pass | default(bitwarden_ldap_password) }}"
+    SMTP_SSL: "true"
+    SMTP_EXPLICIT_TLS: "true"
+    SMTP_PORT: "465"
+    SMTP_USERNAME: "bitwarden@{{ domain }}"
+    SMTP_TIMEOUT: "120"
+    LOG_LEVEL: "debug"
+    EXTENDED_LOGGING: "true"
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}"
+      cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      cert-manager.io/acme-dns01-provider: "rfc2136"
+      cert-manager.io/acme-challenge-type: "dns01"
+      kubernetes.io/tls-acme: "true"
+    path: /
+    hosts:
+      - "bitwarden.{{ domain }}"
+    tls:
+      - secretName: "bitwarden.{{ domain }}-tls"
+        hosts:
+          - "bitwarden.{{ domain }}"
+  persistence:
+    enabled: true
+    accessMode: "{{ bitwarden_storage_mode | default('ReadWriteMany') }}"
+    size: "{{ bitwarden_size | default('8Gi') }}"
+    storageClass: "{{ bitwarden_storage | default('nfs-ssd') }}"
+

roles/bitwarden/tasks/main.yaml

@@ -0,0 +1,19 @@
+- name: Import secret.yaml to obtain secrets
+  include_tasks: secrets.yaml
+  when: 
+    - bitwarden_use_external_db
+    - postgres_enable
+
+- set_fact:
+    bitwarden_combined_values: "{{ bitwarden_default_values | combine(bitwarden_values, recursive=true) }}"
+
+- name: Deploy Bitwarden
+  community.kubernetes.helm:
+    create_namespace: true
+    release_namespace: "{{ bitwarden_namespace | default(namespace) }}"
+    release_name: "{{ bitwarden_name | default('bitwarden') }}"
+    chart_ref: "{{ bitwarden_chart | default('ghp/bitwarden') }}"
+    chart_version: "{{ bitwarden_version | default(omit) }}"
+    release_values: "{{ bitwarden_combined_values | from_yaml }}"
+    wait: true
+

roles/bitwarden/tasks/secrets.yaml

@@ -0,0 +1,25 @@
+- block:
+  - name: Set DB namespace for secret lookup
+    set_fact:
+      db_namespace: "{{ bitwarden_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}"
+
+  - name: Set DB secret name for lookup
+    set_fact:
+      db_secret_name: "bitwarden.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do"
+
+  - name: Lookup Bitwarden DB secret
+    set_fact:
+      bitwarden_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}"
+
+  - debug:
+      msg: "{{ bitwarden_db_secret }}"
+      verbosity: 2
+
+  - name: Set Bitwarden DB username
+    set_fact:
+      bitwarden_db_username: "{{ bitwarden_db_secret.data.username | b64decode }}"
+
+  - name: Set Bitwarden DB password
+    set_fact:
+      bitwarden_db_password: "{{ bitwarden_db_secret.data.password | b64decode }}"
+