dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
configpolicy/roles
History
Dustin e3b5b4d5ff r/bitwarden_rs: Migrate to podman 
Docker is effectively deprecated by Fedora/Red Hat.  It is a pain in the
ass to work with anyway.  Podman integrates better with systemd, and is
in general more aligned with how I prefer to deploy and manage
applications.

I am following the same pattern here that I have used for Home
Assistant, ZWaveJS2MQTT, etc.  The systemd service starts the container
with `podman`, passing the necessary arguments for UID/GID mapping, etc.
Note that, by default, Vaultwarden expects to be able to bind to port
80; since the container is unprivileged, we have to configure it (or
rather, its embedded HTTP server [Rocket](https://rocket.rs)) to listen
on a different port.  We also configure it to listen only on the
loopback, since it is being proxied by Apache to the outside network.

To migrate the data from the Docker volume, we just have to copy the
files and fix their ownership.

The *bitwarden_rs* project was recently renamed to *Vaultwarden*, so I
took this opportunity to update the name in most places within the
*bitwarden_rs* role.
 		2021-11-06 19:33:33 -05:00
..
ansible/tasks roles/ansible: Install python-netaddr 2018-04-08 12:33:54 -05:00
apache Add HTTPS certificate for hass2.p.b 2021-07-24 18:39:45 -05:00
aria2 aria2: Deploy aria2 download manager 2018-08-19 14:17:48 -05:00
base r/base: Set SSH authorized keys for root 2021-10-16 15:39:19 -05:00
bitwarden_rs r/bitwarden_rs: Migrate to podman 2021-11-06 19:33:33 -05:00
burp-client burp-client: Use burp.p.b name 2020-01-18 12:10:53 -06:00
burp-server roles/burp-server: switch to version_compare test 2020-01-25 13:54:42 -06:00
cert/tasks roles/cert: Add handler topic notification 2020-12-26 10:38:17 -06:00
certbot roles/certbot: Ensure certbot is configured first 2019-09-19 19:50:35 -05:00
collectd r/collectd: Add custom types database 2021-10-30 16:47:29 -05:00
collectd-nut r/collectd-nut: Configure nut plugin for collectd 2021-10-31 14:26:26 -05:00
collectd-prometheus r/collectd-prometheus: Allow scraping from outside 2021-10-30 16:41:17 -05:00
collectd-version r/collectd-version: Add OS version plugin 2021-10-30 16:50:37 -05:00
cronie/tasks roles/cronie: Install cronie 2018-08-08 21:38:56 -05:00
dch-gw dch-gw: Restrict traffic from Management network 2018-07-15 12:16:43 -05:00
dch-openvpn-server dch-openvpn: Support road-warrior clients 2018-10-07 21:42:18 -05:00
dch-proxy websites: Add chmod777.sh 2020-03-09 20:29:52 -05:00
dch-storage-net roles/dch-storage-net: Add After device dependency 2018-07-29 10:14:00 -05:00
dch-vpn-server roles/strongswan: Update service name 2020-07-04 14:32:22 -05:00
dhcpcd roles/dhcpcd: Always send FQDN 2018-07-23 17:35:10 -05:00
dhcpd roles/dhcpd: Support UniFi DHCP option 43 2019-03-22 09:29:56 -05:00
docker roles/docker: Install and set up Docker daemon 2019-09-19 19:27:12 -05:00
elasticsearch roles/elasticsearch: Add Elasticsearch deployment 2019-10-28 18:33:37 -05:00
fileserver roles/fileserver: Deploy Samba file server 2018-08-01 22:04:07 -05:00
freeradius hosts: dc2: Add RADIUS server certificate 2021-10-17 14:03:52 -05:00
frigate r/frigate: Add role to deploy Frigate 2021-08-21 17:16:58 -05:00
gitea r/gitea: Enable Prometheus metrics 2021-10-18 10:11:44 -05:00
grafana roles/grafana: Deploy Grafana 2021-07-02 21:47:33 -05:00
graylog roles/graylog: Update Graylog repository RPM URL 2021-01-31 15:33:42 -06:00
haproxy roles/haproxy: Fix undefined var on Fedora hosts 2020-03-03 19:27:19 -06:00
hass-dhcp r/hass-dhcp: Clean up DHCP/DNS service 2021-07-24 18:33:15 -05:00
hassdb/tasks roles/hassdb: Deploy Home Assistant database 2020-07-14 11:38:30 -05:00
homeassistant Add ability to update HA-related containers 2021-08-12 19:02:34 -05:00
hostname hostname: Also write /etc/hosts 2018-04-08 10:11:43 -05:00
jenkins-slave jenkins-slave: Allow Jenkins to connect to Docker 2019-09-19 19:50:35 -05:00
kerberos roles/kerberos: Configure mit-krb5 2018-01-29 15:05:51 -06:00
koji-builder roles/koji-builder: Deploy the Koji builder 2018-08-12 10:14:25 -05:00
koji-client roles/koji-client: Configure the koji client 2018-08-12 10:05:56 -05:00
koji-gc roles/koji-gc: Deploy the Koji garbage collector 2018-08-12 09:58:56 -05:00
koji-hub roles/koji-hub: Deploy the Koji Hub 2018-08-12 09:33:08 -05:00
koji-web roles/koji-web: Deploy the Koji Web UI 2018-08-12 10:08:01 -05:00
kojira roles/kojira: Deploy the Koji repository agent 2018-08-12 10:04:23 -05:00
logrotate/tasks roles/logrotate: Install and enable logrotate 2020-12-08 20:59:40 -06:00
mongodb roles/mongodb: Add MongoDB deployment 2019-10-28 18:34:45 -05:00
mosquitto roles/mosquitto: Update for Mosquitto 2.x 2021-07-19 15:58:58 -05:00
motioneye motioneye: Deploy motionEye camera software 2020-10-03 11:29:39 -05:00
named roles/named: Send application logs to syslog 2020-12-26 11:36:15 -06:00
net-ifaces roles/net-ifaces: Update VLAN for pyrocufflink.blue 2020-05-25 09:17:24 -05:00
nextcloud roles/nextcloud: Configure outbound email 2021-06-25 11:12:38 -05:00
nftables roles/nftables: Basic nftables configuration 2018-03-27 20:44:43 -05:00
nginx roles/nginx: Add role for nginx 2021-06-29 21:00:46 -05:00
nsswitch roles/nsswitch: Configure glibc name service 2018-03-11 18:16:17 -05:00
ntpd ntp: Initial PB and role to set up ntpd 2018-04-22 11:19:22 -05:00
nut r/nut: Add role for Network UPS Tools 2021-10-31 14:25:59 -05:00
postfix roles/postfix: Vary shlib directory by arch 2018-08-07 19:51:09 -05:00
postgresql-server roles/postgresql-server: Remove postgresql-setup 2020-07-14 10:56:01 -05:00
protonvpn r/protonvpn: watchdog: reconfigure at startup 2021-10-31 01:24:52 -05:00
rabbitmq/tasks roles/rabbitmq: Deploy RabbitMQ 2019-03-07 13:29:29 -06:00
radvd roles/radvd: Support multiple prefixes per network 2018-04-06 20:16:02 -05:00
redis/tasks roles/redis: Add role to deploy Redis 2021-06-25 11:10:10 -05:00
rhel-network roles/rhel-network: Add static route support 2018-03-27 20:44:43 -05:00
samba roles/samba: Support selecting interfaces 2018-06-23 14:42:45 -05:00
samba-dc r/samba-dc: Use rfc2307 on all DCs 2021-10-31 21:07:49 -05:00
serial-console r/serial-console: Enable getty on serial console 2021-10-16 14:34:51 -05:00
squid squid: Add role and PB to deploy Squid 2018-08-12 16:00:32 -05:00
ssh-hostkeys hosts: Add serial0.pyrocufflink.blue 2021-10-31 00:54:10 -05:00
sshd roles/sshd: Configure OpenSSH daemon 2018-06-06 21:44:28 -05:00
strongswan roles/strongswan: Update service name 2020-07-04 14:32:22 -05:00
strongswan-swanctl roles/strongswan-swanctl: Load esp4 module at boot 2021-02-17 20:33:41 -06:00
sudo roles/sudo: Configure sudo and policy 2018-03-11 18:16:17 -05:00
synapse r/synapse: Enable Prometheus metrics 2021-10-18 18:08:50 -05:00
system-auth roles/system-auth: Configure PAM system authentication 2018-03-11 18:16:17 -05:00
systemd-networkd r/systemd-networkd: Enable and start the service 2021-10-31 14:29:30 -05:00
taiga roles/taiga: Fix HTTP->HTTPS redirect 2019-03-22 09:29:56 -05:00
trustca roles/trustca: Generic role for adding CA certs 2018-06-04 20:03:55 -05:00
vmhost r/vmhost: Install libvirt storage driver 2021-11-06 18:10:32 -05:00
websites r/web/p-nextcloud: Set ProxyPreserveHost 2021-10-02 11:27:49 -05:00
wheelhost wheelhost: Publish wheels built by Jenkins 2019-03-22 10:19:27 -05:00
winbind r/winbind: Add domain-join tag 2021-11-06 18:12:29 -05:00
zabbix-agent roles/zabbix: Add support for Debian 2019-03-22 09:29:56 -05:00
zabbix-server roles/zabbix-server: Redirect HTTP -> HTTPS 2018-06-09 14:35:22 -05:00
zezere zezere: role/playbook to deploy Zezere 2021-07-05 09:34:25 -05:00
zigbee2mqtt Add ability to update HA-related containers 2021-08-12 19:02:34 -05:00
zwavejs2mqtt Add ability to update HA-related containers 2021-08-12 19:02:34 -05:00