Benoit/esh
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2025-02-14. You can view files and clone it, but cannot push or open issues or pull requests.
esh/esh_vaultwarden/recipes/service.rb
Benoit 65be894048 Archive abandoned project
2025-02-15 01:05:58 +09:00

114 lines
2.6 KiB
Ruby
Raw Blame History

#
# Cookbook:: esh_vaultwarden
# Recipe:: service
#
# Copyright:: 2023, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
esh_undocker_download node['esh']['vaultwarden']['docker']['image']
esh_undocker_extract node['esh']['vaultwarden']['docker']['image']
group 'vaultwarden' do
system true
action :create
end
user 'vaultwarden' do
comment 'vaultwarden system user'
gid 'vaultwarden'
home '/var/lib/vaultwarden'
manage_home true
shell '/sbin/nologin'
system true
action :create
end
apt_package 'nginx'
cookbook_file '/etc/nginx/sites-available/default' do
owner 'root'
group 'root'
mode '0444'
notifies :restart, 'service[nginx]', :delayed
action :create
end
directory '/etc/vaultwarden' do
owner 'vaultwarden'
group 'vaultwarden'
mode '0500'
action :create
end
directory '/var/lib/vaultwarden' do
owner 'vaultwarden'
group 'vaultwarden'
mode '0700'
action :create
end
file '/etc/vaultwarden/vaultwarden.cfg' do
content node['esh']['vaultwarden']['service']['config']
owner 'vaultwarden'
group 'vaultwarden'
mode '0400'
notifies :restart, 'service[vaultwarden]', :delayed
action :create
end
file '/etc/ld.so.conf.d/zzz-vaultwarden.conf' do
content '/opt/undocker/vaultwarden/server/rootfs/usr/lib/x86_64-linux-gnu'
owner 'root'
group 'root'
mode '0400'
notifies :run, 'execute[ldconfig]', :immediately
action :create
end
execute 'ldconfig' do
command 'ldconfig'
action :nothing
end
systemd_unit 'vaultwarden.service' do
content <<~EOU
[Unit]
Description=Vaultwarden - A Bitwarden API server
After=network.target
[Service]
Type=simple
User=vaultwarden
ExecStart=/opt/undocker/vaultwarden/server/rootfs/vaultwarden
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
WorkingDirectory=/var/lib/vaultwarden
ReadWriteDirectories=/var/lib/vaultwarden
EnvironmentFile=/etc/vaultwarden/vaultwarden.cfg
[Install]
WantedBy=multi-user.target
EOU
action :create
end
service 'vaultwarden' do
action [:start, :enable]
end
service 'nginx' do
action [:start, :enable]
end
Reference in a new issue View git blame Copy permalink