Galaxy
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

vaultwarden_docker

Source Code Build Status License: MIT

Role to setup a Vaultwarden password safe. Vaultwarden is a community Bitwarden API server implementation written in Rust.


Default Variables

vaultwarden_admin_token

Default value

vaultwarden_admin_token: _unset_

vaultwarden_authenticator_disable_time_drift

Default value

vaultwarden_authenticator_disable_time_drift: false

vaultwarden_base_url

Default value

vaultwarden_base_url: http://localhost/

vaultwarden_cap_add

Default value

vaultwarden_cap_add: []

vaultwarden_cap_drop

Default value

vaultwarden_cap_drop: []

vaultwarden_container_name

Default value

vaultwarden_container_name: vaultwarden

vaultwarden_cpu_shares

Default value

vaultwarden_cpu_shares: _unset_

Example usage

vaultwarden_cpu_shares: '1024'

vaultwarden_db_name

Default value

vaultwarden_db_name: vaultwarden

vaultwarden_db_password

Default value

vaultwarden_db_password: secure

vaultwarden_db_port

Default value

vaultwarden_db_port: 5432

vaultwarden_db_server

This ansible roles does only support postgresql as database"

Default value

vaultwarden_db_server: localhost

vaultwarden_db_ssl_mode

Default value

vaultwarden_db_ssl_mode: disable

vaultwarden_db_ssl_rootcert

Default value

vaultwarden_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt

vaultwarden_db_user

Default value

vaultwarden_db_user: pgvaultwarden

vaultwarden_disable_2fa_remember

Default value

vaultwarden_disable_2fa_remember: false

vaultwarden_disable_icon_download

Default value

vaultwarden_disable_icon_download: false

vaultwarden_exposed_ports

Default value

vaultwarden_exposed_ports:
  - 127.0.0.1:8080:8080

Example usage

vaultwarden_exposed_ports:
  - "127.0.0.1:8080:8080"
  - "127.0.0.1:3012:3012"

vaultwarden_extended_logging

Default value

vaultwarden_extended_logging: true

vaultwarden_extra_hosts

Default value

vaultwarden_extra_hosts: []

vaultwarden_healthcheck

Default value

vaultwarden_healthcheck:
  test: '["CMD", "/usr/local/bin/healthcheck"]'
  interval: 10s
  timeout: 3s
  retries: 3

vaultwarden_icon_blacklist_non_global_ips

Default value

vaultwarden_icon_blacklist_non_global_ips: true

vaultwarden_icon_blacklist_regexl

Default value

vaultwarden_icon_blacklist_regexl: _unset_

vaultwarden_icon_cache_negttl

Default value

vaultwarden_icon_cache_negttl: '{{ vaultwarden_icon_cache_ttl }}'

vaultwarden_icon_cache_ttl

Default value

vaultwarden_icon_cache_ttl: 2592000

vaultwarden_icon_download_timeout

Default value

vaultwarden_icon_download_timeout: 10

vaultwarden_image

Default value

vaultwarden_image: thegeeklab/vaultwarden:{{ vaultwarden_version }}

vaultwarden_invitations_allowed

Default value

vaultwarden_invitations_allowed: true

vaultwarden_ip_header

Default value

vaultwarden_ip_header: X-Forwarded-For

vaultwarden_log_level

Default value

vaultwarden_log_level: Info

vaultwarden_memory_limit

Default value

vaultwarden_memory_limit: _unset_

Example usage

vaultwarden_memory_limit: 512m

vaultwarden_memory_reservation

Default value

vaultwarden_memory_reservation: _unset_

Example usage

vaultwarden_memory_reservation: 256m

vaultwarden_networks

Default value

vaultwarden_networks:
  - name: default

Example usage

vaultwarden_networks:
  - name: default
    # optional network driver, defaults to 'bride'
    driver: host

vaultwarden_networks_applied

Default value

vaultwarden_networks_applied:
  - default

vaultwarden_org_attachment_limit

Default value

vaultwarden_org_attachment_limit: 1024

vaultwarden_password_iterations

Default value

vaultwarden_password_iterations: 100000

vaultwarden_pids_limit

Default value

vaultwarden_pids_limit: _unset_

vaultwarden_reload_templates

Default value

vaultwarden_reload_templates: false

vaultwarden_restart_policy

Default value

vaultwarden_restart_policy: always

vaultwarden_security_opt

Default value

vaultwarden_security_opt: []

vaultwarden_service_directory

Default value

vaultwarden_service_directory: /var/lib/docker/services/vaultwarden

vaultwarden_service_stopped

Default value

vaultwarden_service_stopped: false

vaultwarden_show_password_hint

Default value

vaultwarden_show_password_hint: true

vaultwarden_signups_allowed

Default value

vaultwarden_signups_allowed: false

vaultwarden_signups_domains_whitelist

Default value

vaultwarden_signups_domains_whitelist: _unset_

vaultwarden_signups_verify

Default value

vaultwarden_signups_verify: false

vaultwarden_signups_verify_resend_limit

Default value

vaultwarden_signups_verify_resend_limit: 6

vaultwarden_signups_verify_resend_time

Default value

vaultwarden_signups_verify_resend_time: 3600

vaultwarden_smtp_auth_mechanism

Default value

vaultwarden_smtp_auth_mechanism: plain

vaultwarden_smtp_from

Default value

vaultwarden_smtp_from: vaultwarden@localhost

vaultwarden_smtp_from_name

Default value

vaultwarden_smtp_from_name: Vaultwarden

vaultwarden_smtp_host

Default value

vaultwarden_smtp_host: _unset_

vaultwarden_smtp_password

Default value

vaultwarden_smtp_password: _unset_

vaultwarden_smtp_port

Default value

vaultwarden_smtp_port: 465

vaultwarden_smtp_security

Default value

vaultwarden_smtp_security: force_tls

vaultwarden_smtp_timeout

Default value

vaultwarden_smtp_timeout: 15

vaultwarden_smtp_username

Default value

vaultwarden_smtp_username: _unset_

vaultwarden_templates_folder

Default value

vaultwarden_templates_folder: _unset_

vaultwarden_user_attachment_limit

Default value

vaultwarden_user_attachment_limit: 1024

vaultwarden_version

Default value

vaultwarden_version: latest

vaultwarden_volumes

Define required docker volumes.

Default value

vaultwarden_volumes:
  - name: data
    dest: /app/data
    bind: false

Example usage

vaultwarden_volumes:
  # Instead of the name you could specify a path on the container host system,
  # but you also have to enable bind mount for this volume
  - name: data
    # target location inside the container
    dest: /var/www/app/data
    # enable bind mount, if false volume will be configured as named volume
    # keep in mind you MUST set bind in any case
    bind: True

vaultwarden_web_vault_enabled

Default value

vaultwarden_web_vault_enabled: true

vaultwarden_websocket_enabled

If you enable websockets you also have to expose port 3012.

Default value

vaultwarden_websocket_enabled: false

Dependencies

None.