---
vaultwarden_version: latest
vaultwarden_image: "thegeeklab/vaultwarden:{{ vaultwarden_version }}"
vaultwarden_base_url: "http://localhost/"

vaultwarden_service_directory: /var/lib/docker/services/vaultwarden
vaultwarden_container_name: vaultwarden
vaultwarden_restart_policy: always
vaultwarden_service_stopped: False

# @var vaultwarden_networks:example: >
# vaultwarden_networks:
#   - name: default
#     # optional network driver, defaults to 'bride'
#     driver: host
# @end
vaultwarden_networks:
  - name: default

vaultwarden_networks_applied:
  - default

# @var vaultwarden_volumes:description: > Define required docker volumes.
# @end
# @var vaultwarden_volumes:example: >
# vaultwarden_volumes:
#   # Instead of the name you could specify a path on the container host system,
#   # but you also have to enable bind mount for this volume
#   - name: data
#     # target location inside the container
#     dest: /var/www/app/data
#     # enable bind mount, if false volume will be configured as named volume
#     # keep in mind you MUST set bind in any case
#     bind: True
# @end
vaultwarden_volumes:
  - name: data
    dest: /app/data
    bind: False

# @var vaultwarden_websocket_enabled:description: >
# If you enable websockets you also have to expose port `3012`.
# @end
vaultwarden_websocket_enabled: False

# @var vaultwarden_exposed_ports:example: >
# vaultwarden_exposed_ports:
#   - "127.0.0.1:8080:8080"
#   - "127.0.0.1:3012:3012"
# @end
vaultwarden_exposed_ports:
  - "127.0.0.1:8080:8080"

vaultwarden_extra_hosts: []

# @var vaultwarden_memory_limit: $ "_unset_"
# @var vaultwarden_memory_limit:example: $ "512m"
# @var vaultwarden_memory_reservation: $ "_unset_"
# @var vaultwarden_memory_reservation:example: $ "256m"
# @var vaultwarden_cpu_shares: $ "_unset_"
# @var vaultwarden_cpu_shares:example: $ "1024"

vaultwarden_cap_add: []
vaultwarden_cap_drop: []
vaultwarden_security_opt: []
# @var vaultwarden_pids_limit: $ "_unset_"

vaultwarden_healthcheck:
  test: '["CMD", "/usr/local/bin/healthcheck"]'
  interval: 10s
  timeout: 3s
  retries: 3

# @var vaultwarden_templates_folder: $ "_unset_"
vaultwarden_reload_templates: False

vaultwarden_ip_header: X-Forwarded-For

vaultwarden_icon_cache_ttl: 2592000
vaultwarden_icon_cache_negttl: "{{ vaultwarden_icon_cache_ttl }}"

vaultwarden_web_vault_enabled: True

vaultwarden_extended_logging: True
vaultwarden_log_level: Info

vaultwarden_disable_icon_download: False
vaultwarden_icon_download_timeout: 10
# @var vaultwarden_icon_blacklist_regexl: $ "_unset_"
vaultwarden_icon_blacklist_non_global_ips: True

vaultwarden_disable_2fa_remember: False

vaultwarden_signups_allowed: False
vaultwarden_signups_verify: False
vaultwarden_signups_verify_resend_time: 3600
vaultwarden_signups_verify_resend_limit: 6
# @var vaultwarden_signups_domains_whitelist: $ "_unset_"

vaultwarden_invitations_allowed: True

# @var vaultwarden_admin_token: $ "_unset_"

vaultwarden_password_iterations: 100000
vaultwarden_show_password_hint: True

vaultwarden_authenticator_disable_time_drift: False

vaultwarden_user_attachment_limit: 1024
vaultwarden_org_attachment_limit: 1024

# @var vaultwarden_smtp_host: $ "_unset_"
vaultwarden_smtp_from: "vaultwarden@localhost"
vaultwarden_smtp_from_name: "Vaultwarden"
vaultwarden_smtp_port: 465
vaultwarden_smtp_security: force_tls
# @var vaultwarden_smtp_username: $ "_unset_"
# @var vaultwarden_smtp_password: $ "_unset_"
vaultwarden_smtp_auth_mechanism: plain
vaultwarden_smtp_timeout: 15

# @var vaultwarden_db_server:description: >
# This ansible roles does only support postgresql as database"
# @end
vaultwarden_db_server: localhost
vaultwarden_db_port: 5432
vaultwarden_db_name: vaultwarden
vaultwarden_db_user: pgvaultwarden
vaultwarden_db_password: secure
vaultwarden_db_ssl_mode: disable
vaultwarden_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt