blob: bb4742a9f71f6c6766c3962e16dbd4d9b8fb8005 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
Vaultwarden
===========
Description
-----------
The `vaultwarden` role installs [Vaultwarden](https://github.com/dani-garcia/vaultwarden),
an unofficial Bitwarden-compatible server written in Rust.
This role configures the Rust application only; it does not set up a reverse
proxy.
Variables
---------
This role **accepts** the following variables:
Variable | Default | Description
---------------------------------------|----------------------------------------|------------
`vaultwarden_version` | see [defaults](defaults/vars.yml) | Git version of Vaultwarden to install
`vaultwarden_web_version` | see [defaults](defaults/vars.yml) | Git version of web vault to install
`vaultwarden_port` | 8008 | Local listening port
`vaultwarden_websocket_port` | 8009 | Local websocket port
`vaultwarden_server_name` | `{{ ansible_fqdn }}` | Canonical HTTP hostname
`vaultwarden_user` | `s-vaultwarden` | FreeIPA user (will be created)
`vaultwarden_db_name` | `vaultwarden` | PostgreSQL database (will be created)
`vaultwarden_db_host` | `{{ postgresql_host }}` | PostgreSQL host
`vaultwarden_verify_signups` | yes | Confirm email address of new users
`vaultwarden_signup_domain_whitelist` | `['{{ email_domain }}']` | Allowed email domains (empty list to allow all)
`vaultwarden_invitations_allowed` | no | Allow admins to invite users
`vaultwarden_user_attachment_limit_kb` | 1048576 | Per-user attachment size limit (KB)
`vaultwarden_admin_group` | `role-bitwarden-admin` | FreeIPA group for Vaultwarden administrators (will be created)
`vaultwarden_smtp_host` | `127.0.0.1` | SMTP host
`vaultwarden_smtp_from` | `bitwarden-noreply@{{ email_domain }}` | Email `From:` address
`vaultwarden_smtp_from_name` | `Bitwarden` | Email `From:` name
This role **exports** the following variables:
Variable | Description
----------------------------|------------
`vaultwarden_apache_config` | Apache config block for reverse proxy
Usage
-----
Example playbook:
````yaml
- name: configure vaultwarden
hosts: vaultwarden_servers
roles:
- role: vaultwarden
vars:
vaultwarden_db_host: postgres.ipa.example.com
vaultwarden_verify_signups: yes
vaultwarden_signup_domain_whitelist: []
vaultwarden_admin_group: vaultwarden-admins
- role: apache
vars:
apache_default_vhost: yes
apache_canonical_hostname: '{{ vaultwarden_server_name }}'
apache_config: '{{ vaultwarden_apache_config }}'
````
|