r/bitwarden_rs: Migrate to podman
Docker is effectively deprecated by Fedora/Red Hat. It is a pain in the ass to work with anyway. Podman integrates better with systemd, and is in general more aligned with how I prefer to deploy and manage applications. I am following the same pattern here that I have used for Home Assistant, ZWaveJS2MQTT, etc. The systemd service starts the container with `podman`, passing the necessary arguments for UID/GID mapping, etc. Note that, by default, Vaultwarden expects to be able to bind to port 80; since the container is unprivileged, we have to configure it (or rather, its embedded HTTP server [Rocket](https://rocket.rs)) to listen on a different port. We also configure it to listen only on the loopback, since it is being proxied by Apache to the outside network. To migrate the data from the Docker volume, we just have to copy the files and fix their ownership. The *bitwarden_rs* project was recently renamed to *Vaultwarden*, so I took this opportunity to update the name in most places within the *bitwarden_rs* role.
This commit is contained in:
19
roles/bitwarden_rs/tasks/migration.yml
Normal file
19
roles/bitwarden_rs/tasks/migration.yml
Normal file
@@ -0,0 +1,19 @@
|
||||
- name: ensure bitwarden_rs docker container is stopped
|
||||
docker_container:
|
||||
name: bitwarden
|
||||
state: absent
|
||||
ignore_errors: true
|
||||
- name: ensure bitwarden_rs data directory is moved
|
||||
script: migrate-volume.sh
|
||||
args:
|
||||
creates: /var/lib/vaultwarden/data
|
||||
- name: ensure docker service is disabled
|
||||
service:
|
||||
name: docker
|
||||
state: stopped
|
||||
enabled: false
|
||||
ignore_errors: true
|
||||
- name: ensure docker is not installed
|
||||
package:
|
||||
name: docker
|
||||
state: absent
|
||||
Reference in New Issue
Block a user