Initial infra setup: Terraform, Ansible, backup roles

ansible/roles/vaultwarden/templates/docker-compose.yml.j2

@@ -0,0 +1,16 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    volumes:
+      - {{ vaultwarden_data_dir }}/data:/data
+    environment:
+      DOMAIN: "https://{{ vaultwarden_domain }}"
+      SIGNUPS_ALLOWED: "{{ vaultwarden_signups_allowed | lower }}"
+      ADMIN_TOKEN: "{{ vaultwarden_admin_token }}"
+{% if vaultwarden_database_url %}
+      DATABASE_URL: "{{ vaultwarden_database_url }}"
+{% endif %}
+    ports:
+      - "127.0.0.1:{{ vaultwarden_port }}:80"

ansible/roles/vaultwarden/templates/nginx.conf.j2

@@ -0,0 +1,27 @@
+server {
+    listen 80;
+    server_name {{ vaultwarden_domain }};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name {{ vaultwarden_domain }};
+
+    ssl_certificate     /etc/nginx/ssl/cf-origin.pem;
+    ssl_certificate_key /etc/nginx/ssl/cf-origin.key;
+
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+
+    # Required for Bitwarden web vault
+    client_max_body_size 525m;
+
+    location / {
+        proxy_pass         http://127.0.0.1:{{ vaultwarden_port }};
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+    }
+}