Update roles/vaultwarden/tasks/main.yml

.gitea/workflows/deploy-k8s.yml

@@ -35,6 +35,7 @@ jobs:
           bw login --apikey
           echo "session"
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
+          echo "BW_SESSION=$BW_SESSION" >> $GITEA_ENV
           
 
       - name: Cloning ansible repository
@@ -55,4 +56,6 @@ jobs:
       - name: Run Ansible Playbook
         working-directory: ansible/iac
         run: |
-          ansible-playbook -i inventory.ini playbook.yml
+          ansible-playbook -i inventory.ini playbook.yml
+        env:
+          BW_SESSION: ${{ env.BW_SESSION }}

playbook.yml

@@ -3,6 +3,7 @@
   become: yes
   roles:
     - common
+    - vaultwarden
     - kubernetes
     - kube-master
     - stolon
@@ -12,5 +13,6 @@
   become: yes
   roles:
     - common
+    - vaultwarden
     - kubernetes
     - kube-node

roles/stolon/tasks/main.yml

@@ -21,6 +21,18 @@
   shell: ls -l /tmp/stolon/kubernetes-files/files
   register: resultado_ls
 
+- name: Obter várias notas do Bitwarden
+  shell: |
+    export BW_SESSION={{ lookup('env', 'BW_SESSION') }}
+    bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
+  loop:
+    - { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" }
+    - { id: "iac.ansible.stolon.repl.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-repl-secret.yaml" }
+    - { id: "iac.ansible.stolon.keeper.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml" }
+  args:
+    executable: /bin/bash
+
+
 - name: Mostrar resultado do ls
   debug:
     var: resultado_ls.stdout_lines

roles/vaultwarden/tasks/main.yml

@@ -0,0 +1,65 @@
+- name: Atualizar pacotes e instalar dependências básicas
+  become: true
+  apt:
+    name:
+      - curl
+      - git
+      - unzip
+      - jq
+      - gnupg
+      - ca-certificates
+    state: present
+    update_cache: true
+
+- name: Adicionar repositório NodeSource para Node.js 20
+  become: true
+  shell: curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+  args:
+    executable: /bin/bash
+
+- name: Instalar Node.js 20
+  become: true
+  apt:
+    name: nodejs
+    state: present
+    update_cache: true
+
+- name: Verificar versão do Node.js
+  command: node -v
+  register: node_version
+  changed_when: false
+
+- name: Verificar versão do npm
+  command: npm -v
+  register: npm_version
+  changed_when: false
+  
+- name: Instalar Bitwarden CLI via npm
+  become: true
+  shell: npm install -g @bitwarden/cli
+  args:
+    executable: /bin/bash
+
+- name: Verificar instalação do Bitwarden CLI
+  command: bw --version
+  register: bw_version
+  failed_when: bw_version.rc != 0
+
+- name: Fazer login no Bitwarden
+  shell: | 
+    echo "config"
+    echo "VAULTWARDEN_LINK: {{ VAULTWARDEN_LINK }}"
+    bw config server {{ VAULTWARDEN_LINK }}
+    echo "login"
+    bw login --apikey
+  args:
+    executable: /bin/bash
+  register: bw_login
+
+- name: Desbloquear cofre e guardar sessão
+  shell: bw unlock --password {{ bw_password }} --raw
+  register: bw_session
+
+- name: Exportar sessão para ambiente local
+  shell: echo "export BW_SESSION={{ bw_session.stdout }}" >> /etc/profile.d/bw-session.sh
+  become: true

roles/vaultwarden/vars/main.yml

@@ -0,0 +1,4 @@
+bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
+VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
+BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
+BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"