From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 roles/vaultwarden/vars/main.yml | 54 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 roles/vaultwarden/vars/main.yml

(limited to 'roles/vaultwarden/vars/main.yml')

diff --git a/roles/vaultwarden/vars/main.yml b/roles/vaultwarden/vars/main.yml
new file mode 100644
index 0000000..5c232ad
--- /dev/null
+++ b/roles/vaultwarden/vars/main.yml
@@ -0,0 +1,54 @@
+vaultwarden_packages:
+  - mariadb-connector-c
+  - libpq
+  - libpq-devel
+  - openssl-devel
+  - git
+  - npm
+  - nodejs
+  - gcc
+
+vaultwarden_home: /opt/vaultwarden
+
+vaultwarden_git_repo: https://github.com/dani-garcia/vaultwarden
+vaultwarden_source_dir: '{{ vaultwarden_home }}/vaultwarden'
+
+vaultwarden_web_url: https://github.com/dani-garcia/bw_web_builds/releases/download/v{{ vaultwarden_web_version }}/bw_web_v{{ vaultwarden_web_version }}.tar.gz
+vaultwarden_web_dir: '{{ vaultwarden_home }}/web-vault'
+
+vaultwarden_data_dir: /var/lib/vaultwarden
+vaultwarden_keytab: /var/lib/gssproxy/clients/{{ vaultwarden_user }}.keytab
+
+vaultwarden_admin_hbac_hostgroup: bitwarden_servers
+vaultwarden_admin_hbac_service: bitwarden-admin
+
+vaultwarden_apache_config: |
+  {{ apache_proxy_config }}
+  <Location />
+    ProxyPass        http://127.0.0.1:{{ vaultwarden_port }}/
+    ProxyPassReverse http://127.0.0.1:{{ vaultwarden_port }}/
+  </Location>
+
+  <Location /notifications/hub>
+      ProxyPass        http://127.0.0.1:{{ vaultwarden_websocket_port }}/
+      ProxyPassReverse http://127.0.0.1:{{ vaultwarden_websocket_port }}/
+
+      RewriteEngine on
+      RewriteCond %{HTTP:Upgrade} websocket [NC]
+      RewriteCond %{HTTP:Connection} upgrade [NC]
+      RewriteRule ^/?(.*) "ws://127.0.0.1:{{ vaultwarden_websocket_port }}/$1" [P,L]
+  </Location>
+
+  <Location /notifications/hub/negotiate>
+      ProxyPass        http://127.0.0.1:{{ vaultwarden_port }}/
+      ProxyPassReverse http://127.0.0.1:{{ vaultwarden_port }}/
+  </Location>
+
+  <Location /admin>
+      AuthType GSSAPI
+      AuthName "FreeIPA Single Sign-On"
+      GssapiLocalName On
+      {{ apache_gssapi_session_config }}
+      {{ apache_ldap_config }}
+      Require ldap-attribute memberof=cn={{ vaultwarden_admin_group }},{{ freeipa_group_basedn }}
+  </Location>
-- 
cgit