Robert Kaussow
eca2f1bf10
Author: Robert Kaussow <mail@thegeeklab.de> Date: Thu Mar 3 21:16:13 2022 +0100 chore: add auto-generated _docs folder to gitignore file
645 lines
12 KiB
Markdown
645 lines
12 KiB
Markdown
---
|
|
title: vaultwarden_docker
|
|
type: docs
|
|
---
|
|
|
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.vaultwarden_docker) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.vaultwarden_docker?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.vaultwarden_docker) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.vaultwarden_docker/src/branch/master/LICENSE)
|
|
|
|
Role to setup a [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password safe. Vaultwarden is a community Bitwarden API server implementation written in Rust.
|
|
|
|
- [Default Variables](#default-variables)
|
|
- [vaultwarden_admin_token](#vaultwarden_admin_token)
|
|
- [vaultwarden_authenticator_disable_time_drift](#vaultwarden_authenticator_disable_time_drift)
|
|
- [vaultwarden_base_url](#vaultwarden_base_url)
|
|
- [vaultwarden_cap_add](#vaultwarden_cap_add)
|
|
- [vaultwarden_cap_drop](#vaultwarden_cap_drop)
|
|
- [vaultwarden_container_name](#vaultwarden_container_name)
|
|
- [vaultwarden_cpu_shares](#vaultwarden_cpu_shares)
|
|
- [vaultwarden_db_name](#vaultwarden_db_name)
|
|
- [vaultwarden_db_password](#vaultwarden_db_password)
|
|
- [vaultwarden_db_port](#vaultwarden_db_port)
|
|
- [vaultwarden_db_server](#vaultwarden_db_server)
|
|
- [vaultwarden_db_ssl_mode](#vaultwarden_db_ssl_mode)
|
|
- [vaultwarden_db_ssl_rootcert](#vaultwarden_db_ssl_rootcert)
|
|
- [vaultwarden_db_user](#vaultwarden_db_user)
|
|
- [vaultwarden_disable_2fa_remember](#vaultwarden_disable_2fa_remember)
|
|
- [vaultwarden_disable_icon_download](#vaultwarden_disable_icon_download)
|
|
- [vaultwarden_exposed_ports](#vaultwarden_exposed_ports)
|
|
- [vaultwarden_extended_logging](#vaultwarden_extended_logging)
|
|
- [vaultwarden_extra_hosts](#vaultwarden_extra_hosts)
|
|
- [vaultwarden_healthcheck](#vaultwarden_healthcheck)
|
|
- [vaultwarden_icon_blacklist_non_global_ips](#vaultwarden_icon_blacklist_non_global_ips)
|
|
- [vaultwarden_icon_blacklist_regexl](#vaultwarden_icon_blacklist_regexl)
|
|
- [vaultwarden_icon_cache_negttl](#vaultwarden_icon_cache_negttl)
|
|
- [vaultwarden_icon_cache_ttl](#vaultwarden_icon_cache_ttl)
|
|
- [vaultwarden_icon_download_timeout](#vaultwarden_icon_download_timeout)
|
|
- [vaultwarden_image](#vaultwarden_image)
|
|
- [vaultwarden_invitations_allowed](#vaultwarden_invitations_allowed)
|
|
- [vaultwarden_ip_header](#vaultwarden_ip_header)
|
|
- [vaultwarden_log_level](#vaultwarden_log_level)
|
|
- [vaultwarden_memory_limit](#vaultwarden_memory_limit)
|
|
- [vaultwarden_memory_reservation](#vaultwarden_memory_reservation)
|
|
- [vaultwarden_networks](#vaultwarden_networks)
|
|
- [vaultwarden_networks_applied](#vaultwarden_networks_applied)
|
|
- [vaultwarden_org_attachment_limit](#vaultwarden_org_attachment_limit)
|
|
- [vaultwarden_password_iterations](#vaultwarden_password_iterations)
|
|
- [vaultwarden_pids_limit](#vaultwarden_pids_limit)
|
|
- [vaultwarden_reload_templates](#vaultwarden_reload_templates)
|
|
- [vaultwarden_restart_policy](#vaultwarden_restart_policy)
|
|
- [vaultwarden_security_opt](#vaultwarden_security_opt)
|
|
- [vaultwarden_service_directory](#vaultwarden_service_directory)
|
|
- [vaultwarden_service_stopped](#vaultwarden_service_stopped)
|
|
- [vaultwarden_show_password_hint](#vaultwarden_show_password_hint)
|
|
- [vaultwarden_signups_allowed](#vaultwarden_signups_allowed)
|
|
- [vaultwarden_signups_domains_whitelist](#vaultwarden_signups_domains_whitelist)
|
|
- [vaultwarden_signups_verify](#vaultwarden_signups_verify)
|
|
- [vaultwarden_signups_verify_resend_limit](#vaultwarden_signups_verify_resend_limit)
|
|
- [vaultwarden_signups_verify_resend_time](#vaultwarden_signups_verify_resend_time)
|
|
- [vaultwarden_smtp_auth_mechanism](#vaultwarden_smtp_auth_mechanism)
|
|
- [vaultwarden_smtp_from](#vaultwarden_smtp_from)
|
|
- [vaultwarden_smtp_from_name](#vaultwarden_smtp_from_name)
|
|
- [vaultwarden_smtp_host](#vaultwarden_smtp_host)
|
|
- [vaultwarden_smtp_password](#vaultwarden_smtp_password)
|
|
- [vaultwarden_smtp_port](#vaultwarden_smtp_port)
|
|
- [vaultwarden_smtp_ssl](#vaultwarden_smtp_ssl)
|
|
- [vaultwarden_smtp_timeout](#vaultwarden_smtp_timeout)
|
|
- [vaultwarden_smtp_username](#vaultwarden_smtp_username)
|
|
- [vaultwarden_templates_folder](#vaultwarden_templates_folder)
|
|
- [vaultwarden_user_attachment_limit](#vaultwarden_user_attachment_limit)
|
|
- [vaultwarden_version](#vaultwarden_version)
|
|
- [vaultwarden_volumes](#vaultwarden_volumes)
|
|
- [vaultwarden_web_vault_enabled](#vaultwarden_web_vault_enabled)
|
|
- [vaultwarden_websocket_enabled](#vaultwarden_websocket_enabled)
|
|
- [Dependencies](#dependencies)
|
|
|
|
---
|
|
|
|
## Default Variables
|
|
|
|
### vaultwarden_admin_token
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_admin_token: _unset_
|
|
```
|
|
|
|
### vaultwarden_authenticator_disable_time_drift
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_authenticator_disable_time_drift: false
|
|
```
|
|
|
|
### vaultwarden_base_url
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_base_url: http://localhost/
|
|
```
|
|
|
|
### vaultwarden_cap_add
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_cap_add: []
|
|
```
|
|
|
|
### vaultwarden_cap_drop
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_cap_drop: []
|
|
```
|
|
|
|
### vaultwarden_container_name
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_container_name: vaultwarden
|
|
```
|
|
|
|
### vaultwarden_cpu_shares
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_cpu_shares: _unset_
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
vaultwarden_cpu_shares: '1024'
|
|
```
|
|
|
|
### vaultwarden_db_name
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_db_name: vaultwarden
|
|
```
|
|
|
|
### vaultwarden_db_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_db_password: secure
|
|
```
|
|
|
|
### vaultwarden_db_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_db_port: 5432
|
|
```
|
|
|
|
### vaultwarden_db_server
|
|
|
|
This ansible roles does only support postgresql as database"
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_db_server: localhost
|
|
```
|
|
|
|
### vaultwarden_db_ssl_mode
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_db_ssl_mode: disable
|
|
```
|
|
|
|
### vaultwarden_db_ssl_rootcert
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
|
|
```
|
|
|
|
### vaultwarden_db_user
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_db_user: pgvaultwarden
|
|
```
|
|
|
|
### vaultwarden_disable_2fa_remember
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_disable_2fa_remember: false
|
|
```
|
|
|
|
### vaultwarden_disable_icon_download
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_disable_icon_download: false
|
|
```
|
|
|
|
### vaultwarden_exposed_ports
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_exposed_ports:
|
|
- 127.0.0.1:8080:8080
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
vaultwarden_exposed_ports:
|
|
- "127.0.0.1:8080:8080"
|
|
- "127.0.0.1:3012:3012"
|
|
```
|
|
|
|
### vaultwarden_extended_logging
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_extended_logging: true
|
|
```
|
|
|
|
### vaultwarden_extra_hosts
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_extra_hosts: []
|
|
```
|
|
|
|
### vaultwarden_healthcheck
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_healthcheck:
|
|
test: '["CMD", "/usr/local/bin/healthcheck"]'
|
|
interval: 10s
|
|
timeout: 3s
|
|
retries: 3
|
|
```
|
|
|
|
### vaultwarden_icon_blacklist_non_global_ips
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_icon_blacklist_non_global_ips: true
|
|
```
|
|
|
|
### vaultwarden_icon_blacklist_regexl
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_icon_blacklist_regexl: _unset_
|
|
```
|
|
|
|
### vaultwarden_icon_cache_negttl
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_icon_cache_negttl: '{{ vaultwarden_icon_cache_ttl }}'
|
|
```
|
|
|
|
### vaultwarden_icon_cache_ttl
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_icon_cache_ttl: 2592000
|
|
```
|
|
|
|
### vaultwarden_icon_download_timeout
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_icon_download_timeout: 10
|
|
```
|
|
|
|
### vaultwarden_image
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_image: thegeeklab/vaultwarden:{{ vaultwarden_version }}
|
|
```
|
|
|
|
### vaultwarden_invitations_allowed
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_invitations_allowed: true
|
|
```
|
|
|
|
### vaultwarden_ip_header
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_ip_header: x-client-ip
|
|
```
|
|
|
|
### vaultwarden_log_level
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_log_level: Info
|
|
```
|
|
|
|
### vaultwarden_memory_limit
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_memory_limit: _unset_
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
vaultwarden_memory_limit: 512m
|
|
```
|
|
|
|
### vaultwarden_memory_reservation
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_memory_reservation: _unset_
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
vaultwarden_memory_reservation: 256m
|
|
```
|
|
|
|
### vaultwarden_networks
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_networks:
|
|
- name: default
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
vaultwarden_networks:
|
|
- name: default
|
|
# optional network driver, defaults to 'bride'
|
|
driver: host
|
|
```
|
|
|
|
### vaultwarden_networks_applied
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_networks_applied:
|
|
- default
|
|
```
|
|
|
|
### vaultwarden_org_attachment_limit
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_org_attachment_limit: 1024
|
|
```
|
|
|
|
### vaultwarden_password_iterations
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_password_iterations: 100000
|
|
```
|
|
|
|
### vaultwarden_pids_limit
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_pids_limit: _unset_
|
|
```
|
|
|
|
### vaultwarden_reload_templates
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_reload_templates: false
|
|
```
|
|
|
|
### vaultwarden_restart_policy
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_restart_policy: always
|
|
```
|
|
|
|
### vaultwarden_security_opt
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_security_opt: []
|
|
```
|
|
|
|
### vaultwarden_service_directory
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_service_directory: /var/lib/docker/services/vaultwarden
|
|
```
|
|
|
|
### vaultwarden_service_stopped
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_service_stopped: false
|
|
```
|
|
|
|
### vaultwarden_show_password_hint
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_show_password_hint: true
|
|
```
|
|
|
|
### vaultwarden_signups_allowed
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_signups_allowed: false
|
|
```
|
|
|
|
### vaultwarden_signups_domains_whitelist
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_signups_domains_whitelist: _unset_
|
|
```
|
|
|
|
### vaultwarden_signups_verify
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_signups_verify: false
|
|
```
|
|
|
|
### vaultwarden_signups_verify_resend_limit
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_signups_verify_resend_limit: 6
|
|
```
|
|
|
|
### vaultwarden_signups_verify_resend_time
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_signups_verify_resend_time: 3600
|
|
```
|
|
|
|
### vaultwarden_smtp_auth_mechanism
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_auth_mechanism: plain
|
|
```
|
|
|
|
### vaultwarden_smtp_from
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_from: vaultwarden@localhost
|
|
```
|
|
|
|
### vaultwarden_smtp_from_name
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_from_name: Vaultwarden
|
|
```
|
|
|
|
### vaultwarden_smtp_host
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_host: _unset_
|
|
```
|
|
|
|
### vaultwarden_smtp_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_password: _unset_
|
|
```
|
|
|
|
### vaultwarden_smtp_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_port: 587
|
|
```
|
|
|
|
### vaultwarden_smtp_ssl
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_ssl: true
|
|
```
|
|
|
|
### vaultwarden_smtp_timeout
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_timeout: 15
|
|
```
|
|
|
|
### vaultwarden_smtp_username
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_smtp_username: _unset_
|
|
```
|
|
|
|
### vaultwarden_templates_folder
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_templates_folder: _unset_
|
|
```
|
|
|
|
### vaultwarden_user_attachment_limit
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_user_attachment_limit: 1024
|
|
```
|
|
|
|
### vaultwarden_version
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_version: latest
|
|
```
|
|
|
|
### vaultwarden_volumes
|
|
|
|
> Define required docker volumes.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_volumes:
|
|
- name: data
|
|
dest: /app/data
|
|
bind: false
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
vaultwarden_volumes:
|
|
# Instead of the name you could specify a path on the container host system,
|
|
# but you also have to enable bind mount for this volume
|
|
- name: data
|
|
# target location inside the container
|
|
dest: /var/www/app/data
|
|
# enable bind mount, if false volume will be configured as named volume
|
|
# keep in mind you MUST set bind in any case
|
|
bind: True
|
|
```
|
|
|
|
### vaultwarden_web_vault_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_web_vault_enabled: true
|
|
```
|
|
|
|
### vaultwarden_websocket_enabled
|
|
|
|
If you enable websockets you also have to expose port `3012`.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
vaultwarden_websocket_enabled: false
|
|
```
|
|
|
|
|
|
|
|
## Dependencies
|
|
|
|
None.
|