blob: 5c232ade44014530c3bd930fb13d6bd5287ca137 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
vaultwarden_packages:
- mariadb-connector-c
- libpq
- libpq-devel
- openssl-devel
- git
- npm
- nodejs
- gcc
vaultwarden_home: /opt/vaultwarden
vaultwarden_git_repo: https://github.com/dani-garcia/vaultwarden
vaultwarden_source_dir: '{{ vaultwarden_home }}/vaultwarden'
vaultwarden_web_url: https://github.com/dani-garcia/bw_web_builds/releases/download/v{{ vaultwarden_web_version }}/bw_web_v{{ vaultwarden_web_version }}.tar.gz
vaultwarden_web_dir: '{{ vaultwarden_home }}/web-vault'
vaultwarden_data_dir: /var/lib/vaultwarden
vaultwarden_keytab: /var/lib/gssproxy/clients/{{ vaultwarden_user }}.keytab
vaultwarden_admin_hbac_hostgroup: bitwarden_servers
vaultwarden_admin_hbac_service: bitwarden-admin
vaultwarden_apache_config: |
{{ apache_proxy_config }}
<Location />
ProxyPass http://127.0.0.1:{{ vaultwarden_port }}/
ProxyPassReverse http://127.0.0.1:{{ vaultwarden_port }}/
</Location>
<Location /notifications/hub>
ProxyPass http://127.0.0.1:{{ vaultwarden_websocket_port }}/
ProxyPassReverse http://127.0.0.1:{{ vaultwarden_websocket_port }}/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:{{ vaultwarden_websocket_port }}/$1" [P,L]
</Location>
<Location /notifications/hub/negotiate>
ProxyPass http://127.0.0.1:{{ vaultwarden_port }}/
ProxyPassReverse http://127.0.0.1:{{ vaultwarden_port }}/
</Location>
<Location /admin>
AuthType GSSAPI
AuthName "FreeIPA Single Sign-On"
GssapiLocalName On
{{ apache_gssapi_session_config }}
{{ apache_ldap_config }}
Require ldap-attribute memberof=cn={{ vaultwarden_admin_group }},{{ freeipa_group_basedn }}
</Location>
|
