From f5cbb7b43f01e9c24beeb2fa8a0150ebe82c3b65 Mon Sep 17 00:00:00 2001
From: Viyurz <viyurz@viyurz.fr>
Date: Sat, 6 Jul 2024 11:21:23 +0200
Subject: [PATCH] [vaultwarden] Migrate to PostgreSQL

---
 roles/vaultwarden/tasks/backup.yml | 49 ++++++++++++++----------------
 roles/vaultwarden/templates/.env   |  3 ++
 secrets.yml.example                |  3 ++
 3 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/roles/vaultwarden/tasks/backup.yml b/roles/vaultwarden/tasks/backup.yml
index 20e5971..f64a876 100644
--- a/roles/vaultwarden/tasks/backup.yml
+++ b/roles/vaultwarden/tasks/backup.yml
@@ -1,29 +1,24 @@
-- name:
+- name: "Backup PostgreSQL vaultwarden database"
+  shell: >
+    docker exec postgres
+    pg_dump -c {{ role_name }} |
+    borg create
+    --compression lzma
+    "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
+    -
+    --stdin-name dump_{{ role_name }}.sql
+  environment:
+    DOCKER_HOST: "{{ docker_host }}"
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
   become: true
-  block:
-    - name: Backup SQLite database
-      command:
-        cmd: |
-          sqlite3
-          "{{ volumes['vaultwarden_datadir'] }}/db.sqlite3"
-          ".backup {{ volumes['vaultwarden_datadir'] }}/db-backup.sqlite3"
 
-    - name: Create borg backup
-      command:
-        cmd: |
-          borg create
-          --compression=lzma
-          "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
-          {{ volumes['vaultwarden_datadir'] }}/db-backup.sqlite3
-      environment:
-        BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
-
-    - name: Prune borg repository
-      command:
-        cmd: |
-          borg prune
-          --glob-archives='{{ role_name }}-*'
-          {{ borg_prune_options }}
-          {{ borg_repodir }}
-      environment:
-        BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+- name: Prune borg repository
+  command:
+    cmd: |
+      borg prune
+      --glob-archives='{{ role_name }}-*'
+      {{ borg_prune_options }}
+      {{ borg_repodir }}
+  environment:
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
diff --git a/roles/vaultwarden/templates/.env b/roles/vaultwarden/templates/.env
index 90f9059..1224388 100644
--- a/roles/vaultwarden/templates/.env
+++ b/roles/vaultwarden/templates/.env
@@ -1,6 +1,9 @@
 ADMIN_TOKEN='{{ vaultwarden_secrets["admin_token_hash"] }}'
 DOMAIN=https://vw.{{ domain }}
 SIGNUPS_ALLOWED=false
+
+DATABASE_URL=postgresql://{{ vaultwarden_secrets['postgres_user'] }}:{{ vaultwarden_secrets['postgres_password'] }}@postgres.{{ domain }}:{{ ports['postgres'] }}/vaultwarden
+
 SMTP_HOST=mail.{{ domain }}
 SMTP_FROM=vaultwarden@{{ domain }}
 SMTP_PORT={{ ports['mailserver_smtps'] }}
diff --git a/secrets.yml.example b/secrets.yml.example
index 1168e04..16a3b3c 100644
--- a/secrets.yml.example
+++ b/secrets.yml.example
@@ -41,5 +41,8 @@ synapse_secrets:
 vaultwarden_secrets:
   # Generate with: docker exec --rm -ti docker.io/vaultwarden/server:alpine /vaultwarden hash
   admin_token_hash:
+  # https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
+  postgres_user:
+  postgres_password:
   smtp_username:
   smtp_password: