diff --git a/index.md b/index.md index f23fd1e..404ccfc 100644 --- a/index.md +++ b/index.md @@ -5,7 +5,7 @@ type: docs [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.bitwardenrs_docker) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.bitwardenrs_docker?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.bitwardenrs_docker) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.bitwardenrs_docker/src/branch/master/LICENSE) -Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) password safe. Bitwarden_RS is a community Bitwarden API server implementation written in Rust. This Role use Docker to setup [Bitwarden](https://gitea.rknet.org/docker/bitwarden_rs) and a [Bitwarden LDAP](https://gitea.rknet.org/docker/bitwarden_rs_ldap) Sync Service (optional). +Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) password safe. Bitwarden_RS is a community Bitwarden API server implementation written in Rust. * [Default Variables](#default-variables) * [bitwardenrs_admin_token](#bitwardenrs_admin_token) @@ -24,9 +24,7 @@ Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) pass * [bitwardenrs_db_user](#bitwardenrs_db_user) * [bitwardenrs_disable_2fa_remember](#bitwardenrs_disable_2fa_remember) * [bitwardenrs_disable_icon_download](#bitwardenrs_disable_icon_download) - * [bitwardenrs_docker_compose_bin](#bitwardenrs_docker_compose_bin) - * [bitwardenrs_exposed_ip](#bitwardenrs_exposed_ip) - * [bitwardenrs_exposed_port](#bitwardenrs_exposed_port) + * [bitwardenrs_exposed_ports](#bitwardenrs_exposed_ports) * [bitwardenrs_extended_logging](#bitwardenrs_extended_logging) * [bitwardenrs_extra_hosts](#bitwardenrs_extra_hosts) * [bitwardenrs_healthcheck](#bitwardenrs_healthcheck) @@ -38,35 +36,11 @@ Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) pass * [bitwardenrs_image](#bitwardenrs_image) * [bitwardenrs_invitations_allowed](#bitwardenrs_invitations_allowed) * [bitwardenrs_ip_header](#bitwardenrs_ip_header) - * [bitwardenrs_ldap_bind_dn](#bitwardenrs_ldap_bind_dn) - * [bitwardenrs_ldap_bind_password](#bitwardenrs_ldap_bind_password) - * [bitwardenrs_ldap_bitwarden_admin_token](#bitwardenrs_ldap_bitwarden_admin_token) - * [bitwardenrs_ldap_bitwarden_url](#bitwardenrs_ldap_bitwarden_url) - * [bitwardenrs_ldap_cap_add](#bitwardenrs_ldap_cap_add) - * [bitwardenrs_ldap_cap_drop](#bitwardenrs_ldap_cap_drop) - * [bitwardenrs_ldap_container_name](#bitwardenrs_ldap_container_name) - * [bitwardenrs_ldap_cpu_shares](#bitwardenrs_ldap_cpu_shares) - * [bitwardenrs_ldap_host](#bitwardenrs_ldap_host) - * [bitwardenrs_ldap_image](#bitwardenrs_ldap_image) - * [bitwardenrs_ldap_mail_field](#bitwardenrs_ldap_mail_field) - * [bitwardenrs_ldap_memory_limit](#bitwardenrs_ldap_memory_limit) - * [bitwardenrs_ldap_memory_reservation](#bitwardenrs_ldap_memory_reservation) - * [bitwardenrs_ldap_pids_limit](#bitwardenrs_ldap_pids_limit) - * [bitwardenrs_ldap_port](#bitwardenrs_ldap_port) - * [bitwardenrs_ldap_restart_policy](#bitwardenrs_ldap_restart_policy) - * [bitwardenrs_ldap_scheme](#bitwardenrs_ldap_scheme) - * [bitwardenrs_ldap_search_base_dn](#bitwardenrs_ldap_search_base_dn) - * [bitwardenrs_ldap_search_filter](#bitwardenrs_ldap_search_filter) - * [bitwardenrs_ldap_security_opt](#bitwardenrs_ldap_security_opt) - * [bitwardenrs_ldap_ssl](#bitwardenrs_ldap_ssl) - * [bitwardenrs_ldap_sync_enabled](#bitwardenrs_ldap_sync_enabled) - * [bitwardenrs_ldap_sync_interval_seconds](#bitwardenrs_ldap_sync_interval_seconds) - * [bitwardenrs_ldap_sync_loop](#bitwardenrs_ldap_sync_loop) - * [bitwardenrs_ldap_version](#bitwardenrs_ldap_version) - * [bitwardenrs_ldap_volumes_extra](#bitwardenrs_ldap_volumes_extra) * [bitwardenrs_log_level](#bitwardenrs_log_level) * [bitwardenrs_memory_limit](#bitwardenrs_memory_limit) * [bitwardenrs_memory_reservation](#bitwardenrs_memory_reservation) + * [bitwardenrs_networks](#bitwardenrs_networks) + * [bitwardenrs_networks_applied](#bitwardenrs_networks_applied) * [bitwardenrs_org_attachment_limit](#bitwardenrs_org_attachment_limit) * [bitwardenrs_password_iterations](#bitwardenrs_password_iterations) * [bitwardenrs_pids_limit](#bitwardenrs_pids_limit) @@ -74,6 +48,7 @@ Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) pass * [bitwardenrs_restart_policy](#bitwardenrs_restart_policy) * [bitwardenrs_security_opt](#bitwardenrs_security_opt) * [bitwardenrs_service_directory](#bitwardenrs_service_directory) + * [bitwardenrs_service_stopped](#bitwardenrs_service_stopped) * [bitwardenrs_show_password_hint](#bitwardenrs_show_password_hint) * [bitwardenrs_signups_allowed](#bitwardenrs_signups_allowed) * [bitwardenrs_signups_domains_whitelist](#bitwardenrs_signups_domains_whitelist) @@ -92,11 +67,9 @@ Role to setup a [Bitwarden RS](https://github.com/dani-garcia/bitwarden_rs) pass * [bitwardenrs_templates_folder](#bitwardenrs_templates_folder) * [bitwardenrs_user_attachment_limit](#bitwardenrs_user_attachment_limit) * [bitwardenrs_version](#bitwardenrs_version) - * [bitwardenrs_volumes_extra](#bitwardenrs_volumes_extra) + * [bitwardenrs_volumes](#bitwardenrs_volumes) * [bitwardenrs_web_vault_enabled](#bitwardenrs_web_vault_enabled) * [bitwardenrs_websocket_enabled](#bitwardenrs_websocket_enabled) - * [bitwardenrs_websocket_exposed_ip](#bitwardenrs_websocket_exposed_ip) - * [bitwardenrs_websocket_exposed_port](#bitwardenrs_websocket_exposed_port) * [Dependencies](#dependencies) --- @@ -239,28 +212,21 @@ bitwardenrs_disable_2fa_remember: false bitwardenrs_disable_icon_download: false ``` -### bitwardenrs_docker_compose_bin +### bitwardenrs_exposed_ports #### Default value ```YAML -bitwardenrs_docker_compose_bin: /usr/local/bin/docker-compose +bitwardenrs_exposed_ports: + - 127.0.0.1:8080:8080 ``` -### bitwardenrs_exposed_ip - -#### Default value +#### Example usage ```YAML -bitwardenrs_exposed_ip: 127.0.0.1 -``` - -### bitwardenrs_exposed_port - -#### Default value - -```YAML -bitwardenrs_exposed_port: 80 +bitwardenrs_exposed_ports: + - "127.0.0.1:8080:8080" + - "127.0.0.1:3012:3012" ``` ### bitwardenrs_extended_logging @@ -355,240 +321,6 @@ bitwardenrs_invitations_allowed: true bitwardenrs_ip_header: x-client-ip ``` -### bitwardenrs_ldap_bind_dn - -#### Default value - -```YAML -bitwardenrs_ldap_bind_dn: _unset_ -``` - -### bitwardenrs_ldap_bind_password - -#### Default value - -```YAML -bitwardenrs_ldap_bind_password: _unset_ -``` - -### bitwardenrs_ldap_bitwarden_admin_token - -#### Default value - -```YAML -bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_admin_token | default('')\ - \ }}" -``` - -### bitwardenrs_ldap_bitwarden_url - -#### Default value - -```YAML -bitwardenrs_ldap_bitwarden_url: '{{ bitwardenrs_base_url }}' -``` - -### bitwardenrs_ldap_cap_add - -#### Default value - -```YAML -bitwardenrs_ldap_cap_add: [] -``` - -### bitwardenrs_ldap_cap_drop - -#### Default value - -```YAML -bitwardenrs_ldap_cap_drop: [] -``` - -### bitwardenrs_ldap_container_name - -#### Default value - -```YAML -bitwardenrs_ldap_container_name: bitwardenrs_ldap -``` - -### bitwardenrs_ldap_cpu_shares - -#### Default value - -```YAML -bitwardenrs_ldap_cpu_shares: _unset_ -``` - -#### Example usage - -```YAML -bitwardenrs_ldap_cpu_shares: '1024' -``` - -### bitwardenrs_ldap_host - -#### Default value - -```YAML -bitwardenrs_ldap_host: _unset_ -``` - -### bitwardenrs_ldap_image - -#### Default value - -```YAML -bitwardenrs_ldap_image: xoxys/bitwardenrs_ldap:{{ bitwardenrs_ldap_version }} -``` - -### bitwardenrs_ldap_mail_field - -#### Default value - -```YAML -bitwardenrs_ldap_mail_field: mail -``` - -### bitwardenrs_ldap_memory_limit - -#### Default value - -```YAML -bitwardenrs_ldap_memory_limit: _unset_ -``` - -#### Example usage - -```YAML -bitwardenrs_ldap_memory_limit: 512m -``` - -### bitwardenrs_ldap_memory_reservation - -#### Default value - -```YAML -bitwardenrs_ldap_memory_reservation: _unset_ -``` - -#### Example usage - -```YAML -bitwardenrs_ldap_memory_reservation: 256m -``` - -### bitwardenrs_ldap_pids_limit - -#### Default value - -```YAML -bitwardenrs_ldap_pids_limit: _unset_ -``` - -### bitwardenrs_ldap_port - -#### Default value - -```YAML -bitwardenrs_ldap_port: _unset_ -``` - -### bitwardenrs_ldap_restart_policy - -#### Default value - -```YAML -bitwardenrs_ldap_restart_policy: on-failure -``` - -### bitwardenrs_ldap_scheme - -#### Default value - -```YAML -bitwardenrs_ldap_scheme: _unset_ -``` - -### bitwardenrs_ldap_search_base_dn - -#### Default value - -```YAML -bitwardenrs_ldap_search_base_dn: _unset_ -``` - -### bitwardenrs_ldap_search_filter - -#### Default value - -```YAML -bitwardenrs_ldap_search_filter: (&(objectclass=*)(uid=*)) -``` - -### bitwardenrs_ldap_security_opt - -#### Default value - -```YAML -bitwardenrs_ldap_security_opt: [] -``` - -### bitwardenrs_ldap_ssl - -#### Default value - -```YAML -bitwardenrs_ldap_ssl: true -``` - -### bitwardenrs_ldap_sync_enabled - -#### Default value - -```YAML -bitwardenrs_ldap_sync_enabled: false -``` - -### bitwardenrs_ldap_sync_interval_seconds - -#### Default value - -```YAML -bitwardenrs_ldap_sync_interval_seconds: 60 -``` - -### bitwardenrs_ldap_sync_loop - -#### Default value - -```YAML -bitwardenrs_ldap_sync_loop: true -``` - -### bitwardenrs_ldap_version - -#### Default value - -```YAML -bitwardenrs_ldap_version: latest -``` - -### bitwardenrs_ldap_volumes_extra - -#### Default value - -```YAML -bitwardenrs_ldap_volumes_extra: [] -``` - -#### Example usage - -```YAML -bitwardenrs_ldap_volumes_extra: - - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z -``` - ### bitwardenrs_log_level #### Default value @@ -625,6 +357,33 @@ bitwardenrs_memory_reservation: _unset_ bitwardenrs_memory_reservation: 256m ``` +### bitwardenrs_networks + +#### Default value + +```YAML +bitwardenrs_networks: + - name: default +``` + +#### Example usage + +```YAML +bitwardenrs_networks: + - name: default + # optional network driver, defaults to 'bride' + driver: host +``` + +### bitwardenrs_networks_applied + +#### Default value + +```YAML +bitwardenrs_networks_applied: + - default +``` + ### bitwardenrs_org_attachment_limit #### Default value @@ -662,7 +421,7 @@ bitwardenrs_reload_templates: false #### Default value ```YAML -bitwardenrs_restart_policy: on-failure +bitwardenrs_restart_policy: always ``` ### bitwardenrs_security_opt @@ -681,6 +440,14 @@ bitwardenrs_security_opt: [] bitwardenrs_service_directory: /var/lib/docker/services/bitwardenrs ``` +### bitwardenrs_service_stopped + +#### Default value + +```YAML +bitwardenrs_service_stopped: false +``` + ### bitwardenrs_show_password_hint #### Default value @@ -822,22 +589,34 @@ bitwardenrs_user_attachment_limit: 1024 #### Default value ```YAML -bitwardenrs_version: 1.13 +bitwardenrs_version: latest ``` -### bitwardenrs_volumes_extra +### bitwardenrs_volumes + +> Define required docker volumes. #### Default value ```YAML -bitwardenrs_volumes_extra: [] +bitwardenrs_volumes: + - name: data + dest: /app/data + bind: false ``` #### Example usage ```YAML -bitwardenrs_volumes_extra: - - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z +bitwardenrs_volumes: + # Instead of the name you could specify a path on the container host system, + # but you also have to enable bind mount for this volume + - name: data + # target location inside the container + dest: /var/www/app/data + # enable bind mount, if false volume will be configured as named volume + # keep in mind you MUST set bind in any case + bind: True ``` ### bitwardenrs_web_vault_enabled @@ -850,28 +629,14 @@ bitwardenrs_web_vault_enabled: true ### bitwardenrs_websocket_enabled +If you enable websockets you also have to expose port `3012`. + #### Default value ```YAML bitwardenrs_websocket_enabled: false ``` -### bitwardenrs_websocket_exposed_ip - -#### Default value - -```YAML -bitwardenrs_websocket_exposed_ip: 127.0.0.1 -``` - -### bitwardenrs_websocket_exposed_port - -#### Default value - -```YAML -bitwardenrs_websocket_exposed_port: 3012 -``` - ## Dependencies None.