[vaultwarden] Migrate to PostgreSQL

This commit is contained in:
Viyurz 2024-07-06 11:21:23 +02:00
parent c0d1ad7611
commit f5cbb7b43f
Signed by: Viyurz
SSH key fingerprint: SHA256:IskOHTmhHSJIvAt04N6aaxd5SZCVWW1Guf9tEcxIMj8
3 changed files with 28 additions and 27 deletions

View file

@ -1,22 +1,16 @@
- name: - name: "Backup PostgreSQL vaultwarden database"
become: true shell: >
block: docker exec postgres
- name: Backup SQLite database pg_dump -c {{ role_name }} |
command:
cmd: |
sqlite3
"{{ volumes['vaultwarden_datadir'] }}/db.sqlite3"
".backup {{ volumes['vaultwarden_datadir'] }}/db-backup.sqlite3"
- name: Create borg backup
command:
cmd: |
borg create borg create
--compression=lzma --compression lzma
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}" "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
{{ volumes['vaultwarden_datadir'] }}/db-backup.sqlite3 -
--stdin-name dump_{{ role_name }}.sql
environment: environment:
DOCKER_HOST: "{{ docker_host }}"
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true
- name: Prune borg repository - name: Prune borg repository
command: command:
@ -27,3 +21,4 @@
{{ borg_repodir }} {{ borg_repodir }}
environment: environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true

View file

@ -1,6 +1,9 @@
ADMIN_TOKEN='{{ vaultwarden_secrets["admin_token_hash"] }}' ADMIN_TOKEN='{{ vaultwarden_secrets["admin_token_hash"] }}'
DOMAIN=https://vw.{{ domain }} DOMAIN=https://vw.{{ domain }}
SIGNUPS_ALLOWED=false SIGNUPS_ALLOWED=false
DATABASE_URL=postgresql://{{ vaultwarden_secrets['postgres_user'] }}:{{ vaultwarden_secrets['postgres_password'] }}@postgres.{{ domain }}:{{ ports['postgres'] }}/vaultwarden
SMTP_HOST=mail.{{ domain }} SMTP_HOST=mail.{{ domain }}
SMTP_FROM=vaultwarden@{{ domain }} SMTP_FROM=vaultwarden@{{ domain }}
SMTP_PORT={{ ports['mailserver_smtps'] }} SMTP_PORT={{ ports['mailserver_smtps'] }}

View file

@ -41,5 +41,8 @@ synapse_secrets:
vaultwarden_secrets: vaultwarden_secrets:
# Generate with: docker exec --rm -ti docker.io/vaultwarden/server:alpine /vaultwarden hash # Generate with: docker exec --rm -ti docker.io/vaultwarden/server:alpine /vaultwarden hash
admin_token_hash: admin_token_hash:
# https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
postgres_user:
postgres_password:
smtp_username: smtp_username:
smtp_password: smtp_password: