├── LICENSE ├── README.md ├── defaults └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── tasks └── main.yml ├── templates └── rubywarden.j2 ├── tests ├── inventory └── test.yml └── vars └── main.yml /LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | openbsd-rubywarden 2 | ========= 3 | 4 | Role to setup a [rubywarden](https://github.com/jcs/rubywarden) instance on OpenBSD. 5 | 6 | Requirements 7 | ------------ 8 | 9 | - OpenBSD 10 | 11 | TODO 12 | ---- 13 | 14 | - Stop cloning as `root`. 15 | 16 | Role Variables 17 | -------------- 18 | 19 | | Variable | Default | Description | 20 | |--------- | ------- | ----------- | 21 | | rw_ruby | `2.7` | Ruby version. | 22 | | rw_port | `4567` | The port rubywarden should listen on. | 23 | | rw_user | `_rubywarden` | The user that will be added to the system in order to run rubywarden. | 24 | | rw_home | `/var/rubywarden` | Home directory for rw_user. | 25 | | rw_group | `_rubywarden` | The group that will be added to the system in order to run rubywarden. | 26 | | rw_signups | `false` | Tells rubywarden to allow signups. Requires a service restart to change. | 27 | | rw_commit | `master` | Specific commit to be used during the checkout process. | 28 | | rw_env | `production` | Specify if we are running in production or development mode. | 29 | | rw_src | `"{{ rw_home }}/src"` | Dir to clone the rubywarden source to. | 30 | | rw_keepass | `false` | Install gems needed for importing keepass version 1 databases (version 2 is not supported)| 31 | 32 | Running rubywarden tool scripts 33 | ------------------------------- 34 | 35 | The rubywarden scripts are installed in `/var/rubywarden/src/tools/`. 36 | 37 | To run the scripts you need to set the proper environment so that the ruby gems installed into the local directory work correctly. 38 | 39 | For example, to import a version 1 keepass database: 40 | 41 | ``` 42 | RUBYWARDEN_ENV=production \ 43 | PATH=/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/var/rubywarden/rb/bin \ 44 | HOME=/var/rubywarden \ 45 | GEM_HOME=/var/rubywarden/rb/ruby/2.7 \ 46 | ruby27 tools/keepass_import.rb -f /path/to/keepass.kbdx -u @domain.tld 47 | ``` 48 | 49 | Example Playbook 50 | ---------------- 51 | 52 | - hosts: rw_server 53 | roles: 54 | - { role: qbit.rubywarden } 55 | 56 | Upgrading from ruby-2.6 to ruby-2.7 57 | ----------------------------------- 58 | 59 | Just run the updated role. It automatically upgrades and installs needed packages. 60 | 61 | License 62 | ------- 63 | 64 | ``` 65 | /* 66 | * Copyright (c) 2018 Aaron Bieber 67 | * 68 | * Permission to use, copy, modify, and distribute this software for any 69 | * purpose with or without fee is hereby granted, provided that the above 70 | * copyright notice and this permission notice appear in all copies. 71 | * 72 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 73 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 74 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 75 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 76 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 77 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 78 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 79 | */ 80 | ``` 81 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for openbsd-rubywarden 3 | 4 | rw_ruby: 2.7 5 | rw_port: 4567 6 | rw_user: _rubywarden 7 | rw_group: _rubywarden 8 | rw_signups: False 9 | rw_commit: master 10 | rw_env: production 11 | rw_home: /var/rubywarden 12 | rw_src: "{{ rw_home }}/src" 13 | rw_keepass: False 14 | 15 | rw_ruby_slug: "{{ rw_ruby | regex_replace('\\.', '') }}" 16 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for openbsd-rubywarden -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | role_name: rubywarden 3 | author: Aaron Bieber 4 | description: OpenBSD rubywarden instance 5 | 6 | license: BSD 7 | 8 | min_ansible_version: 2.0 9 | 10 | platforms: 11 | - name: OpenBSD 12 | versions: 13 | - 6.1 14 | 15 | galaxy_tags: ["openbsd", "rubywarden", "bitwarden"] 16 | 17 | dependencies: [] 18 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install dependencies 4 | package: 5 | name: "{{ item }}" 6 | state: installed 7 | loop: 8 | - git 9 | - ruby{{ rw_ruby_slug }}-bundler 10 | - sqlite3 11 | 12 | - name: add rubywarden group 13 | group: 14 | name: "{{ rw_group }}" 15 | state: present 16 | 17 | - name: add rubywarden user 18 | user: 19 | name: "{{ rw_user }}" 20 | state: present 21 | home: "{{ rw_home }}" 22 | group: "{{ rw_group }}" 23 | append: yes 24 | 25 | - name: remove rubywarden .ssh directory 26 | file: 27 | state: absent 28 | path: "{{ rw_home }}/.ssh" 29 | 30 | - name: get rubywarden code 31 | register: git_updated 32 | git: 33 | repo: "https://github.com/jcs/rubywarden.git" 34 | dest: "{{ rw_src }}" 35 | version: "{{ rw_commit }}" 36 | 37 | - name: run bundler 38 | bundler: 39 | executable: /usr/local/bin/bundle{{ rw_ruby_slug }} 40 | gem_path: "{{ rw_home }}/rb" 41 | binstub_directory: "{{ rw_home }}/rb/bin" 42 | chdir: "{{ rw_src }}" 43 | extra_args: "{% if rw_keepass %}--with keepass{% endif %}" 44 | state: present 45 | 46 | - name: make the {{ rw_env }} db dir 47 | file: 48 | path: "{{ rw_src }}/db/{{ rw_env }}" 49 | state: directory 50 | owner: "{{ rw_user }}" 51 | group: "{{ rw_group }}" 52 | recurse: yes 53 | register: migrate 54 | 55 | - name: run db:migrate 56 | when: git_updated.changed or migrate.changed 57 | command: "env RUBYWARDEN_ENV={{ rw_env }} bundle{{ rw_ruby_slug }} exec rake db:migrate" 58 | args: 59 | chdir: "{{ rw_src }}" 60 | 61 | - name: verify perms {{ rw_env }} db dir 62 | file: 63 | path: "{{ rw_src }}/db/{{ rw_env }}" 64 | state: directory 65 | owner: "{{ rw_user }}" 66 | group: "{{ rw_group }}" 67 | recurse: yes 68 | 69 | - name: create rubywarden rc script 70 | register: rc_status 71 | template: 72 | src: rubywarden.j2 73 | dest: /etc/rc.d/rubywarden 74 | owner: root 75 | group: wheel 76 | mode: 0755 77 | 78 | - name: enable rubywarden on boot 79 | register: started 80 | service: 81 | name: rubywarden 82 | state: started 83 | enabled: True 84 | 85 | - name: restart rubywarden 86 | when: git_updated.changed or (rc_status.changed and not started.changed) 87 | service: 88 | name: rubywarden 89 | state: restarted 90 | -------------------------------------------------------------------------------- /templates/rubywarden.j2: -------------------------------------------------------------------------------- 1 | #!/bin/ksh 2 | 3 | # {{ ansible_managed }} 4 | 5 | datadir="{{ rw_src }}" 6 | 7 | {% if rw_signups == True %} 8 | env="RUBYWARDEN_ENV={{ rw_env }} ALLOW_SIGNUPS=1 PATH=/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:{{ rw_home }}/rb/bin HOME={{ rw_home }}" 9 | {% else %} 10 | env="RUBYWARDEN_ENV={{ rw_env }} PATH=/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:{{ rw_home }}/rb/bin HOME={{ rw_home }}" 11 | {% endif %} 12 | daemon="/usr/local/bin/bundle{{ rw_ruby_slug }}" 13 | daemon_flags="exec rackup -p {{ rw_port }} config.ru" 14 | daemon_user="{{ rw_user }}" 15 | 16 | . /etc/rc.d/rc.subr 17 | 18 | rc_start() { 19 | ${rcexec} "cd {{ rw_home }}/src && env ${env} ${daemon} ${daemon_flags}" 20 | } 21 | 22 | pexp="ruby{{ rw_ruby_slug }} .*rackup -p {{ rw_port }} config.ru" 23 | 24 | rc_reload=NO 25 | rc_bg=YES 26 | 27 | rc_cmd $1 28 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - openbsd-rubywarden -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for openbsd-rubywarden --------------------------------------------------------------------------------