---
bitwardenrs_version: latest
bitwardenrs_service_directory: /var/lib/docker/services/bitwardenrs

bitwardenrs_container_name: bitwardenrs
bitwardenrs_image: "xoxys/bitwardenrs:{{ bitwardenrs_version }}"
bitwardenrs_restart_policy: on-failure
bitwardenrs_exposed_port: 80
bitwardenrs_exposed_ip: 127.0.0.1
bitwardenrs_extra_hosts: []
# @var bitwardenrs_volumes_extra:example: >
# bitwardenrs_volumes_extra:
#   - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z
# @end
bitwardenrs_volumes_extra: []

# @var bitwardenrs_memory_limit: $ "_unset_"
# @var bitwardenrs_memory_limit:example: $ "512m"
# @var bitwardenrs_memory_reservation: $ "_unset_"
# @var bitwardenrs_memory_reservation:example: $ "256m"
# @var bitwardenrs_cpu_shares: $ "_unset_"
# @var bitwardenrs_cpu_shares:example: $ "1024"

bitwardenrs_cap_add: []
bitwardenrs_cap_drop: []
bitwardenrs_security_opt: []
# @var bitwardenrs_pids_limit: $ "_unset_"

bitwardenrs_healthcheck:
  test: '["CMD", "/usr/local/bin/healthcheck.sh"]'
  interval: 10s
  timeout: 3s
  retries: 3

bitwardenrs_base_url: "http://localhost/"

bitwardenrs_websocket_enabled: False
bitwardenrs_websocket_exposed_port: 3012
bitwardenrs_websocket_exposed_ip: 127.0.0.1

# @var bitwardenrs_templates_folder: $ "_unset_"
bitwardenrs_reload_templates: False

bitwardenrs_ip_header: x-client-ip

bitwardenrs_icon_cache_ttl: 2592000
bitwardenrs_icon_cache_negttl: "{{ bitwardenrs_icon_cache_ttl }}"

bitwardenrs_web_vault_enabled: True

bitwardenrs_extended_logging: True
bitwardenrs_log_level: Info

bitwardenrs_disable_icon_download: False
bitwardenrs_icon_download_timeout: 10
# @var bitwardenrs_icon_blacklist_regexl: $ "_unset_"
bitwardenrs_icon_blacklist_non_global_ips: True

bitwardenrs_disable_2fa_remember: False

bitwardenrs_signups_allowed: False
bitwardenrs_signups_verify: False
bitwardenrs_signups_verify_resend_time: 3600
bitwardenrs_signups_verify_resend_limit: 6
# @var bitwardenrs_signups_domains_whitelist: $ "_unset_"

bitwardenrs_invitations_allowed: True

# @var bitwardenrs_admin_token: $ "_unset_"

bitwardenrs_password_iterations: 100000
bitwardenrs_show_password_hint: True

bitwardenrs_authenticator_disable_time_drift: False

# @var bitwardenrs_smtp_host: $ "_unset_"
bitwardenrs_smtp_from: "bitwardenrs@localhost"
bitwardenrs_smtp_from_name: "bitwarden_rs"
bitwardenrs_smtp_port: 587
bitwardenrs_smtp_ssl: True
# @var bitwardenrs_smtp_username: $ "_unset_"
# @var bitwardenrs_smtp_password: $ "_unset_"
bitwardenrs_smtp_auth_mechanism: plain
bitwardenrs_smtp_timeout: 15

# @var bitwardenrs_db_server:description: >
# This ansible roles does only support postgresql as database"
# @end
bitwardenrs_db_server: localhost
bitwardenrs_db_port: 5432
bitwardenrs_db_name: bitwardenrs
bitwardenrs_db_user: pgbitwardenrs
bitwardenrs_db_password: secure
bitwardenrs_db_ssl_mode: disable
bitwardenrs_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt

bitwardenrs_ldap_sync_enabled: False
bitwardenrs_ldap_container_name: bitwardenrs_ldap
bitwardenrs_ldap_version: latest
bitwardenrs_ldap_image: "xoxys/bitwardenrs_ldap:{{ bitwardenrs_ldap_version }}"
bitwardenrs_ldap_restart_policy: on-failure
# @var bitwardenrs_ldap_volumes_extra:example: >
# bitwardenrs_ldap_volumes_extra:
#   - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:Z
# @end
bitwardenrs_ldap_volumes_extra: []

# @var bitwardenrs_ldap_memory_limit: $ "_unset_"
# @var bitwardenrs_ldap_memory_limit:example: $ "512m"
# @var bitwardenrs_ldap_memory_reservation: $ "_unset_"
# @var bitwardenrs_ldap_memory_reservation:example: $ "256m"
# @var bitwardenrs_ldap_cpu_shares: $ "_unset_"
# @var bitwardenrs_ldap_cpu_shares:example: $ "1024"

bitwardenrs_ldap_cap_add: []
bitwardenrs_ldap_cap_drop: []
bitwardenrs_ldap_security_opt: []
# @var bitwardenrs_ldap_pids_limit: $ "_unset_"

bitwardenrs_ldap_bitwarden_url: "{{ bitwardenrs_base_url }}"
bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_admin_token | default('') }}"
# @var bitwardenrs_ldap_host: $ "_unset_"
# @var bitwardenrs_ldap_scheme: $ "_unset_"
bitwardenrs_ldap_ssl: True
# @var bitwardenrs_ldap_port: $ "_unset_"
# @var bitwardenrs_ldap_bind_dn: $ "_unset_"
# @var bitwardenrs_ldap_bind_password: $ "_unset_"
# @var bitwardenrs_ldap_search_base_dn: $ "_unset_"
bitwardenrs_ldap_search_filter: "(&(objectclass=*)(uid=*))"
bitwardenrs_ldap_mail_field: "mail"
bitwardenrs_ldap_sync_interval_seconds: 60
bitwardenrs_ldap_sync_loop: True

bitwardenrs_docker_compose_bin: /usr/local/bin/docker-compose