joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bfd6f22f0e2f81d0e027ea55161053eb9db3d403
rick-infra/rick-infra.yml
Joakim bfd6f22f0e Add Vaultwarden password manager role with PostgreSQL and SSO support 
- Implement complete Vaultwarden deployment using Podman Quadlet
- PostgreSQL backend via Unix socket with 777 permissions
- Caddy reverse proxy with WebSocket support for live sync
- Control-node admin token hashing using argon2 (OWASP preset)
- Idempotent token hashing with deterministic salt generation
- Full Authentik SSO integration following official guide
- SMTP email configuration support (optional)
- Invitation-only user registration by default
- Comprehensive documentation with setup and troubleshooting guides

Technical Details:
- Container: vaultwarden/server:latest from Docker Hub
- Database: PostgreSQL via /var/run/postgresql socket
- Port: 8080 (localhost only, proxied by Caddy)
- Domain: vault.jnss.me
- Admin token: Hashed on control node with argon2id
- SSO: OpenID Connect with offline_access scope support

Role includes automatic argon2 installation on control node if needed.
2025-12-22 21:33:27 +01:00

44 lines
1.0 KiB
YAML
Raw Blame History

---
# Homelab Infrastructure Deployment
#
# Deploys personal homelab services to arch-vps including:
# - PostgreSQL database
# - Valkey cache/session store
# - Podman container runtime
# - Caddy web server
# - Nextcloud cloud storage
# - Authentik SSO/authentication
# - Gitea git hosting
# - Vaultwarden password manager
#
# Usage:
# ansible-playbook playbooks/homelab.yml
# - import_playbook: playbooks/security.yml
- name: Deploy Homelab Infrastructure
hosts: homelab
become: true
gather_facts: true
tasks:
# - name: Deploy Authentik
# include_role:
# name: authentik
# tags: ['authentik', 'sso', 'auth']
# - name: Deploy Gitea
# include_role:
# name: gitea
# tags: ['gitea', 'git', 'development']
# - name: Deploy Nextcloud
# include_role:
# name: nextcloud
# tags: ['nextcloud', 'cloud', 'storage']
- name: Deploy Vaultwarden
include_role:
name: vaultwarden
tags: ['vaultwarden', 'vault', 'password-manager', 'security']
Reference in New Issue View Git Blame Copy Permalink