vaultwarden_docker
Role to setup a Vaultwarden password safe. Vaultwarden is a community Bitwarden API server implementation written in Rust.
- Default Variables
- vaultwarden_admin_token
- vaultwarden_authenticator_disable_time_drift
- vaultwarden_base_url
- vaultwarden_cap_add
- vaultwarden_cap_drop
- vaultwarden_container_name
- vaultwarden_cpu_shares
- vaultwarden_db_name
- vaultwarden_db_password
- vaultwarden_db_port
- vaultwarden_db_server
- vaultwarden_db_ssl_mode
- vaultwarden_db_ssl_rootcert
- vaultwarden_db_user
- vaultwarden_disable_2fa_remember
- vaultwarden_disable_icon_download
- vaultwarden_exposed_ports
- vaultwarden_extended_logging
- vaultwarden_extra_hosts
- vaultwarden_healthcheck
- vaultwarden_icon_blacklist_non_global_ips
- vaultwarden_icon_blacklist_regexl
- vaultwarden_icon_cache_negttl
- vaultwarden_icon_cache_ttl
- vaultwarden_icon_download_timeout
- vaultwarden_image
- vaultwarden_invitations_allowed
- vaultwarden_ip_header
- vaultwarden_log_level
- vaultwarden_memory_limit
- vaultwarden_memory_reservation
- vaultwarden_networks
- vaultwarden_networks_applied
- vaultwarden_org_attachment_limit
- vaultwarden_password_iterations
- vaultwarden_pids_limit
- vaultwarden_reload_templates
- vaultwarden_restart_policy
- vaultwarden_security_opt
- vaultwarden_service_directory
- vaultwarden_service_stopped
- vaultwarden_show_password_hint
- vaultwarden_signups_allowed
- vaultwarden_signups_domains_whitelist
- vaultwarden_signups_verify
- vaultwarden_signups_verify_resend_limit
- vaultwarden_signups_verify_resend_time
- vaultwarden_smtp_auth_mechanism
- vaultwarden_smtp_from
- vaultwarden_smtp_from_name
- vaultwarden_smtp_host
- vaultwarden_smtp_password
- vaultwarden_smtp_port
- vaultwarden_smtp_security
- vaultwarden_smtp_timeout
- vaultwarden_smtp_username
- vaultwarden_templates_folder
- vaultwarden_user_attachment_limit
- vaultwarden_version
- vaultwarden_volumes
- vaultwarden_web_vault_enabled
- vaultwarden_websocket_enabled
- Dependencies
vaultwarden_admin_token: _unset_
vaultwarden_authenticator_disable_time_drift: false
vaultwarden_base_url: http://localhost/
vaultwarden_cap_add: []
vaultwarden_cap_drop: []
vaultwarden_container_name: vaultwarden
vaultwarden_cpu_shares: _unset_
vaultwarden_cpu_shares: '1024'
vaultwarden_db_name: vaultwarden
vaultwarden_db_password: secure
vaultwarden_db_port: 5432
This ansible roles does only support postgresql as database"
vaultwarden_db_server: localhost
vaultwarden_db_ssl_mode: disable
vaultwarden_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
vaultwarden_db_user: pgvaultwarden
vaultwarden_disable_2fa_remember: false
vaultwarden_disable_icon_download: false
vaultwarden_exposed_ports:
- 127.0.0.1:8080:8080
vaultwarden_exposed_ports:
- "127.0.0.1:8080:8080"
- "127.0.0.1:3012:3012"
vaultwarden_extended_logging: true
vaultwarden_extra_hosts: []
vaultwarden_healthcheck:
test: '["CMD", "/usr/local/bin/healthcheck"]'
interval: 10s
timeout: 3s
retries: 3
vaultwarden_icon_blacklist_non_global_ips: true
vaultwarden_icon_blacklist_regexl: _unset_
vaultwarden_icon_cache_negttl: '{{ vaultwarden_icon_cache_ttl }}'
vaultwarden_icon_cache_ttl: 2592000
vaultwarden_icon_download_timeout: 10
vaultwarden_image: thegeeklab/vaultwarden:{{ vaultwarden_version }}
vaultwarden_invitations_allowed: true
vaultwarden_ip_header: X-Forwarded-For
vaultwarden_log_level: Info
vaultwarden_memory_limit: _unset_
vaultwarden_memory_limit: 512m
vaultwarden_memory_reservation: _unset_
vaultwarden_memory_reservation: 256m
vaultwarden_networks:
- name: default
vaultwarden_networks:
- name: default
# optional network driver, defaults to 'bride'
driver: host
vaultwarden_networks_applied:
- default
vaultwarden_org_attachment_limit: 1024
vaultwarden_password_iterations: 100000
vaultwarden_pids_limit: _unset_
vaultwarden_reload_templates: false
vaultwarden_restart_policy: always
vaultwarden_security_opt: []
vaultwarden_service_directory: /var/lib/docker/services/vaultwarden
vaultwarden_service_stopped: false
vaultwarden_show_password_hint: true
vaultwarden_signups_allowed: false
vaultwarden_signups_domains_whitelist: _unset_
vaultwarden_signups_verify: false
vaultwarden_signups_verify_resend_limit: 6
vaultwarden_signups_verify_resend_time: 3600
vaultwarden_smtp_auth_mechanism: plain
vaultwarden_smtp_from: vaultwarden@localhost
vaultwarden_smtp_from_name: Vaultwarden
vaultwarden_smtp_host: _unset_
vaultwarden_smtp_password: _unset_
vaultwarden_smtp_port: 465
vaultwarden_smtp_security: force_tls
vaultwarden_smtp_timeout: 15
vaultwarden_smtp_username: _unset_
vaultwarden_templates_folder: _unset_
vaultwarden_user_attachment_limit: 1024
vaultwarden_version: latest
Define required docker volumes.
vaultwarden_volumes:
- name: data
dest: /app/data
bind: false
vaultwarden_volumes:
# Instead of the name you could specify a path on the container host system,
# but you also have to enable bind mount for this volume
- name: data
# target location inside the container
dest: /var/www/app/data
# enable bind mount, if false volume will be configured as named volume
# keep in mind you MUST set bind in any case
bind: True
vaultwarden_web_vault_enabled: true
If you enable websockets you also have to expose port 3012
.
vaultwarden_websocket_enabled: false
None.