[vaultwarden] Migrate to PostgreSQL

roles/vaultwarden/tasks/backup.yml

@@ -1,22 +1,16 @@
-- name:
+- name: "Backup PostgreSQL vaultwarden database"
-  become: true
+  shell: >
-  block:
+    docker exec postgres
-    - name: Backup SQLite database
+    pg_dump -c {{ role_name }} |
-      command:
-        cmd: |
-          sqlite3
-          "{{ volumes['vaultwarden_datadir'] }}/db.sqlite3"
-          ".backup {{ volumes['vaultwarden_datadir'] }}/db-backup.sqlite3"
-
-    - name: Create borg backup
-      command:
-        cmd: |
     borg create
-          --compression=lzma
+    --compression lzma
     "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
-          {{ volumes['vaultwarden_datadir'] }}/db-backup.sqlite3
+    -
+    --stdin-name dump_{{ role_name }}.sql
   environment:
+    DOCKER_HOST: "{{ docker_host }}"
     BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
 
 - name: Prune borg repository
   command:
@@ -27,3 +21,4 @@
       {{ borg_repodir }}
   environment:
     BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true

roles/vaultwarden/templates/.env

@@ -1,6 +1,9 @@
 ADMIN_TOKEN='{{ vaultwarden_secrets["admin_token_hash"] }}'
 DOMAIN=https://vw.{{ domain }}
 SIGNUPS_ALLOWED=false
+
+DATABASE_URL=postgresql://{{ vaultwarden_secrets['postgres_user'] }}:{{ vaultwarden_secrets['postgres_password'] }}@postgres.{{ domain }}:{{ ports['postgres'] }}/vaultwarden
+
 SMTP_HOST=mail.{{ domain }}
 SMTP_FROM=vaultwarden@{{ domain }}
 SMTP_PORT={{ ports['mailserver_smtps'] }}

secrets.yml.example

@@ -41,5 +41,8 @@ synapse_secrets:
 vaultwarden_secrets:
   # Generate with: docker exec --rm -ti docker.io/vaultwarden/server:alpine /vaultwarden hash
   admin_token_hash:
+  # https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
+  postgres_user:
+  postgres_password:
   smtp_username:
   smtp_password: