Compare commits
1 Commits
0e99378514
...
43fd798712
| Author | SHA1 | Date | |
|---|---|---|---|
43fd798712
|
@ -1,5 +1,12 @@
|
|||||||
# `finallycoffee.services.vaultwarden` ansible role
|
# `finallycoffee.services.vaultwarden` ansible role
|
||||||
|
|
||||||
|
Vaultwarden is an unofficial (not associated with Bitwarden) bitwarden API compatible
|
||||||
|
server backend, formally called `bitwarden_rs`, written in rust.
|
||||||
|
|
||||||
|
This ansible role can deploy and configure `vaultwarden`, and supports removing
|
||||||
|
itself using `vaultwarden_state: absent` (Warning: It does not ask for confirmation,
|
||||||
|
and will remove all user data when instructed to remove it).
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
To use this role, the following variables need to be populated:
|
To use this role, the following variables need to be populated:
|
||||||
@ -7,9 +14,14 @@ To use this role, the following variables need to be populated:
|
|||||||
- `vaultwarden_config_domain` - always. Changing this will lead to two-factor not working for two-factor methods registered in the past.
|
- `vaultwarden_config_domain` - always. Changing this will lead to two-factor not working for two-factor methods registered in the past.
|
||||||
- `vaultwarden_config_admin_token` - if `vaultwarden_config_disable_admin_token` is `false`.
|
- `vaultwarden_config_admin_token` - if `vaultwarden_config_disable_admin_token` is `false`.
|
||||||
|
|
||||||
|
Setting other configuration values for vaultwarden can be done using role-provided flattened keys in the
|
||||||
|
`vaultwarden_config_*` namespace (see [`defaults/main/config.yml`](defaults/main/config.yml) for available variables),
|
||||||
|
or by setting the configuration directly in the same structure as the `config.json` would be in `vaultwarden_config`.
|
||||||
|
|
||||||
### Email
|
### Email
|
||||||
|
|
||||||
Configure mailing by first enabling SMTP using `vaultwarden_config_enable_smtp: true`, then configure your email server like this:
|
Configure mailing by first enabling SMTP using `vaultwarden_config_enable_smtp: true`,
|
||||||
|
then configure your email server like this:
|
||||||
```yaml
|
```yaml
|
||||||
vaultwarden_config:
|
vaultwarden_config:
|
||||||
smtp_host: "mail.example.com"
|
smtp_host: "mail.example.com"
|
||||||
@ -24,7 +36,8 @@ vaultwarden_config:
|
|||||||
|
|
||||||
### 2FA via email
|
### 2FA via email
|
||||||
|
|
||||||
To enable email-based two-factor-authentication, set `vaultwarden_config_enable_email_2fa: true` and optionally set the following configuration:
|
To enable email-based two-factor-authentication, set `vaultwarden_config_enable_email_2fa: true`
|
||||||
|
and optionally set the following configuration:
|
||||||
```yaml
|
```yaml
|
||||||
vaultwarden_config:
|
vaultwarden_config:
|
||||||
email_token_size: 8
|
email_token_size: 8
|
||||||
@ -32,3 +45,10 @@ vaultwarden_config:
|
|||||||
email_attempts_limit: 3
|
email_attempts_limit: 3
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Feature flags
|
||||||
|
|
||||||
|
To enable more authentication methods, toggles are provided in
|
||||||
|
[`vaultwarden_config_enable_*`](defaults/main/config.yml#L18).
|
||||||
|
It is genereally recommended to simply keep unused methods off.
|
||||||
|
|
||||||
|
Per default, 'Sends' are allowed.
|
||||||
|
|||||||
Reference in New Issue
Block a user