[vaultwarden] Migrate to PostgreSQL

2024-07-06 11:21:23 +02:00 · 2024-07-06 11:21:23 +02:00 · f5cbb7b43f
commit f5cbb7b43f
parent c0d1ad7611
3 changed files with 28 additions and 27 deletions
--- a/roles/vaultwarden/tasks/backup.yml
+++ b/roles/vaultwarden/tasks/backup.yml
@ -1,29 +1,24 @@
- name:
+- name: "Backup PostgreSQL vaultwarden database"
+  shell: >
+    docker exec postgres
+    pg_dump -c {{ role_name }} |
+    borg create
+    --compression lzma
+    "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
+    -
+    --stdin-name dump_{{ role_name }}.sql
+  environment:
+    DOCKER_HOST: "{{ docker_host }}"
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
  become: true
-  block:
-    - name: Backup SQLite database
-      command:
-        cmd: |
-          sqlite3
-          "{{ volumes['vaultwarden_datadir'] }}/db.sqlite3"
-          ".backup {{ volumes['vaultwarden_datadir'] }}/db-backup.sqlite3"

-    - name: Create borg backup
-      command:
-        cmd: |
-          borg create
-          --compression=lzma
-          "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
-          {{ volumes['vaultwarden_datadir'] }}/db-backup.sqlite3
-      environment:
-        BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
-
-    - name: Prune borg repository
-      command:
-        cmd: |
-          borg prune
-          --glob-archives='{{ role_name }}-*'
-          {{ borg_prune_options }}
-          {{ borg_repodir }}
-      environment:
-        BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+- name: Prune borg repository
+  command:
+    cmd: |
+      borg prune
+      --glob-archives='{{ role_name }}-*'
+      {{ borg_prune_options }}
+      {{ borg_repodir }}
+  environment:
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
--- a/roles/vaultwarden/templates/.env
+++ b/roles/vaultwarden/templates/.env
@ -1,6 +1,9 @@
 ADMIN_TOKEN='{{ vaultwarden_secrets["admin_token_hash"] }}'
 DOMAIN=https://vw.{{ domain }}
 SIGNUPS_ALLOWED=false
+
+DATABASE_URL=postgresql://{{ vaultwarden_secrets['postgres_user'] }}:{{ vaultwarden_secrets['postgres_password'] }}@postgres.{{ domain }}:{{ ports['postgres'] }}/vaultwarden
+
 SMTP_HOST=mail.{{ domain }}
 SMTP_FROM=vaultwarden@{{ domain }}
 SMTP_PORT={{ ports['mailserver_smtps'] }}
--- a/secrets.yml.example
+++ b/secrets.yml.example
@ -41,5 +41,8 @@ synapse_secrets:
 vaultwarden_secrets:
  # Generate with: docker exec --rm -ti docker.io/vaultwarden/server:alpine /vaultwarden hash
  admin_token_hash:
+  # https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
+  postgres_user:
+  postgres_password:
  smtp_username:
  smtp_password: