Compare commits
1 Commits
43fd798712
...
0e99378514
| Author | SHA1 | Date | |
|---|---|---|---|
0e99378514
|
@ -1,12 +1,5 @@
|
|||||||
# `finallycoffee.services.vaultwarden` ansible role
|
# `finallycoffee.services.vaultwarden` ansible role
|
||||||
|
|
||||||
Vaultwarden is an unofficial (not associated with Bitwarden) bitwarden API compatible
|
|
||||||
server backend, formally called `bitwarden_rs`, written in rust.
|
|
||||||
|
|
||||||
This ansible role can deploy and configure `vaultwarden`, and supports removing
|
|
||||||
itself using `vaultwarden_state: absent` (Warning: It does not ask for confirmation,
|
|
||||||
and will remove all user data when instructed to remove it).
|
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
To use this role, the following variables need to be populated:
|
To use this role, the following variables need to be populated:
|
||||||
@ -14,14 +7,9 @@ To use this role, the following variables need to be populated:
|
|||||||
- `vaultwarden_config_domain` - always. Changing this will lead to two-factor not working for two-factor methods registered in the past.
|
- `vaultwarden_config_domain` - always. Changing this will lead to two-factor not working for two-factor methods registered in the past.
|
||||||
- `vaultwarden_config_admin_token` - if `vaultwarden_config_disable_admin_token` is `false`.
|
- `vaultwarden_config_admin_token` - if `vaultwarden_config_disable_admin_token` is `false`.
|
||||||
|
|
||||||
Setting other configuration values for vaultwarden can be done using role-provided flattened keys in the
|
|
||||||
`vaultwarden_config_*` namespace (see [`defaults/main/config.yml`](defaults/main/config.yml) for available variables),
|
|
||||||
or by setting the configuration directly in the same structure as the `config.json` would be in `vaultwarden_config`.
|
|
||||||
|
|
||||||
### Email
|
### Email
|
||||||
|
|
||||||
Configure mailing by first enabling SMTP using `vaultwarden_config_enable_smtp: true`,
|
Configure mailing by first enabling SMTP using `vaultwarden_config_enable_smtp: true`, then configure your email server like this:
|
||||||
then configure your email server like this:
|
|
||||||
```yaml
|
```yaml
|
||||||
vaultwarden_config:
|
vaultwarden_config:
|
||||||
smtp_host: "mail.example.com"
|
smtp_host: "mail.example.com"
|
||||||
@ -36,8 +24,7 @@ vaultwarden_config:
|
|||||||
|
|
||||||
### 2FA via email
|
### 2FA via email
|
||||||
|
|
||||||
To enable email-based two-factor-authentication, set `vaultwarden_config_enable_email_2fa: true`
|
To enable email-based two-factor-authentication, set `vaultwarden_config_enable_email_2fa: true` and optionally set the following configuration:
|
||||||
and optionally set the following configuration:
|
|
||||||
```yaml
|
```yaml
|
||||||
vaultwarden_config:
|
vaultwarden_config:
|
||||||
email_token_size: 8
|
email_token_size: 8
|
||||||
@ -45,10 +32,3 @@ vaultwarden_config:
|
|||||||
email_attempts_limit: 3
|
email_attempts_limit: 3
|
||||||
```
|
```
|
||||||
|
|
||||||
### Feature flags
|
|
||||||
|
|
||||||
To enable more authentication methods, toggles are provided in
|
|
||||||
[`vaultwarden_config_enable_*`](defaults/main/config.yml#L18).
|
|
||||||
It is genereally recommended to simply keep unused methods off.
|
|
||||||
|
|
||||||
Per default, 'Sends' are allowed.
|
|
||||||
|
|||||||
Reference in New Issue
Block a user