From ce94b5dcab8d8bbc6338beaa6f64ee465b95c1d5 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 9 Jul 2023 18:33:14 +0300
Subject: [PATCH] Upgrade (1.28.1 -> 1.29.0) and remove dedicated WebSocket
 port

As per https://github.com/dani-garcia/vaultwarden/pull/3404,
we no longer need a dedicated websocket port.
---
 defaults/main.yml                | 16 +---------------
 tasks/validate_config.yml        | 12 ++++++++++++
 templates/env.j2                 |  3 ---
 templates/labels.j2              | 11 -----------
 templates/vaultwarden.service.j2 |  3 ---
 5 files changed, 13 insertions(+), 32 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 442b7b4..20b9654 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,7 +4,7 @@ vaultwarden_enabled: true
 
 vaultwarden_identifier: vaultwarden
 
-vaultwarden_version: 1.28.1
+vaultwarden_version: 1.29.0
 
 # The fully-qualified name of your Vaultwarden server (e.g. `vaultwarden.example.com`)
 vaultwarden_hostname: ''
@@ -105,14 +105,6 @@ vaultwarden_config_admin_token: ''
 # which controls Vaultwarden's HTTP port in the container
 vaultwarden_config_rocket_port: 8080
 
-# vaultwarden_config_websocket_enabled controls the WEBSOCKET_ENABLED environment variable,
-# which controls if Vaultwarden enables websockets
-vaultwarden_config_websocket_enabled: true
-
-# vaultwarden_config_rocket_port controls the WEBSOCKET_PORT environment variable,
-# which controls Vaultwarden's Websocket port in the container
-vaultwarden_config_websocket_port: 3012
-
 # vaultwarden_config_rocket_limits controls the ROCKET_LIMITS environment variable,
 # which controls the maximum size of uploaded files.
 # See: vaultwarden_max_json_mb
@@ -237,7 +229,6 @@ vaultwarden_container_labels_traefik_hostname: "{{ vaultwarden_hostname }}"
 # The path prefix must either be `/` or not end with a slash (e.g. `/vaultwarden`).
 vaultwarden_container_labels_traefik_path_prefix: "{{ vaultwarden_path_prefix }}"
 vaultwarden_container_labels_traefik_rule_ui: "Host(`{{ vaultwarden_container_labels_traefik_hostname }}`){% if vaultwarden_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ vaultwarden_container_labels_traefik_path_prefix | quote }}`){% endif %}"
-vaultwarden_container_labels_traefik_rule_websocket: 'Host(`{{ vaultwarden_container_labels_traefik_hostname }}`) && Path(`{{ vaultwarden_container_labels_traefik_path_prefix | quote }}{{ "" if vaultwarden_container_labels_traefik_path_prefix == "/" else "/" }}notifications/hub`)'
 vaultwarden_container_labels_traefik_priority: 0
 vaultwarden_container_labels_traefik_entrypoints: web-secure
 vaultwarden_container_labels_traefik_tls_certResolver: default  # noqa var-naming
@@ -262,11 +253,6 @@ vaultwarden_container_labels_traefik_additional_response_headers_custom: {}
 # Example values: `127.0.0.1:8080`, `0.0.0.0:8080`, `8080`.
 vaultwarden_container_http_bind_port: ''
 
-# vaultwarden_container_websocket_bind_port controls whether (and how) the container exposes its websocket port (`vaultwarden_config_websocket_port`).
-# Leave empty to not expose it.
-# Example values: `127.0.0.1:3012`, `0.0.0.0:3012`, `3012`.
-vaultwarden_container_websocket_bind_port: ''
-
 # vaultwarden_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
diff --git a/tasks/validate_config.yml b/tasks/validate_config.yml
index c3a8441..449ec72 100644
--- a/tasks/validate_config.yml
+++ b/tasks/validate_config.yml
@@ -1,5 +1,17 @@
 ---
 
+- name: (Deprecation) Catch and report renamed settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'vaultwarden_container_labels_traefik_rule_websocket', 'new': '<Removed. See https://github.com/dani-garcia/vaultwarden/pull/3404>'}
+    - {'old': 'vaultwarden_config_websocket_enabled', 'new': '<Removed. See https://github.com/dani-garcia/vaultwarden/pull/3404>'}
+    - {'old': 'vaultwarden_config_websocket_port', 'new': '<Removed. See https://github.com/dani-garcia/vaultwarden/pull/3404>'}
+    - {'old': 'vaultwarden_container_websocket_bind_port', 'new': '<Removed. See https://github.com/dani-garcia/vaultwarden/pull/3404>'}
+
 - name: Fail if required Vaultwarden settings not defined
   ansible.builtin.fail:
     msg: >-
diff --git a/templates/env.j2 b/templates/env.j2
index 9af64f8..be37372 100644
--- a/templates/env.j2
+++ b/templates/env.j2
@@ -17,9 +17,6 @@ ADMIN_TOKEN={{ vaultwarden_config_admin_token }}
 ROCKET_PORT={{ vaultwarden_config_rocket_port }}
 ROCKET_LIMITS={{ vaultwarden_config_rocket_limits }}
 
-WEBSOCKET_ENABLED={{ vaultwarden_config_websocket_enabled | to_json }}
-WEBSOCKET_PORT={{ vaultwarden_config_websocket_port }}
-
 SMTP_FROM={{ vaultwarden_config_smtp_from }}
 SMTP_HOST={{ vaultwarden_config_smtp_host }}
 SMTP_PORT={{ vaultwarden_config_smtp_port }}
diff --git a/templates/labels.j2 b/templates/labels.j2
index 00b4e2a..c90da5b 100644
--- a/templates/labels.j2
+++ b/templates/labels.j2
@@ -29,17 +29,6 @@ traefik.http.routers.{{ vaultwarden_identifier }}-ui.service={{ vaultwarden_iden
 traefik.http.routers.{{ vaultwarden_identifier }}-ui.tls.certResolver={{ vaultwarden_container_labels_traefik_tls_certResolver }}
 traefik.http.routers.{{ vaultwarden_identifier }}-ui.entrypoints={{ vaultwarden_container_labels_traefik_entrypoints }}
 traefik.http.services.{{ vaultwarden_identifier }}-ui.loadbalancer.server.port={{ vaultwarden_config_rocket_port }}
-
-
-{# Vaultwarden Websocket API #}
-traefik.http.routers.{{ vaultwarden_identifier }}-websocket.rule={{ vaultwarden_container_labels_traefik_rule_websocket }}
-{% if vaultwarden_container_labels_traefik_priority | int > 0 %}
-traefik.http.routers.{{ vaultwarden_identifier }}-websocket.priority={{ vaultwarden_container_labels_traefik_priority }}
-{% endif %}
-traefik.http.routers.{{ vaultwarden_identifier }}-websocket.service={{ vaultwarden_identifier }}-websocket
-traefik.http.routers.{{ vaultwarden_identifier }}-websocket.tls.certResolver={{ vaultwarden_container_labels_traefik_tls_certResolver }}
-traefik.http.routers.{{ vaultwarden_identifier }}-websocket.entrypoints={{ vaultwarden_container_labels_traefik_entrypoints }}
-traefik.http.services.{{ vaultwarden_identifier }}-websocket.loadbalancer.server.port={{ vaultwarden_config_websocket_port }}
 {% endif %}
 
 {{ vaultwarden_container_labels_additional_labels }}
diff --git a/templates/vaultwarden.service.j2 b/templates/vaultwarden.service.j2
index 1c1885d..5464ca8 100644
--- a/templates/vaultwarden.service.j2
+++ b/templates/vaultwarden.service.j2
@@ -30,9 +30,6 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% if vaultwarden_container_http_bind_port %}
 			-p {{ vaultwarden_container_http_bind_port }}:{{ vaultwarden_config_rocket_port }} \
 			{% endif %}
-			{% if vaultwarden_container_websocket_bind_port %}
-			-p {{ vaultwarden_container_websocket_bind_port }}:{{ vaultwarden_config_websocket_port }} \
-			{% endif %}
 			--health-interval=10s \
 			--env-file={{ vaultwarden_base_path }}/env \
 			--label-file={{ vaultwarden_base_path }}/labels \