ansible/roles/bitwarden/defaults/main.yaml

94 lines
3.5 KiB
YAML
Raw Normal View History

2021-01-09 17:54:42 +00:00
bitwarden_enabled: true
bitwarden_publish: false
bitwarden_use_external_db: true
bitwarden_default_values:
fullnameOverride: "bitwarden"
bitwarden:
domain: "https://bitwarden.{{ domain }}"
signupsAllowed: true
invitationsAllowed: true
gui:
# If you set a different port here, you must also provide it under env
port: 80
websockets:
enabled: true
port: 3012
admin:
enabled: false
disableAdminToken: true
existingSecret:
enabled: false
name: ""
tokenKey: ""
# External database configuration.
# Requires bitwardenrs/server >= 1.17.0 or bitwardenrs/server-{mysql,postgres} images
# ref: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-MySQL-Backend
# https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-PostgreSQL-Backend
externalDatabase:
enabled: true
# Supported values: 'mysql', 'postgresql'.
type: "postgresql"
# Database host. Required if external database is enabled.
host: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
# Database port. Optional, default value is specific to the database backend.
port: "5432"
# Database name.
database: "{{ bitwarden_db_name | default ('bitwarden') }}"
# Database user.
user: "{{ bitwarden_db_username }}"
# Database password. Special characters must be escaped with percent encoding.
password: "{{ bitwarden_db_password }}"
# Use existing secret for database credentials.
existingSecret:
enabled: false
name: ""
userKey: ""
# Special characters in the password value must be escaped with percent encoding.
passwordKey: ""
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
smtp:
enabled: true
# SMTP hostname, required if SMTP is enabled
host: "mail.{{ domain }}"
# SMTP sender e-mail address, required if SMTP is enabled
from: "bitwarden@{{ domain }}"
# SMTP sender name, defaults to 'Bitwarden_RS'
fromName: "bitwarden"
# Enable SSL connection
ssl: true
# Enable EXPLICIT_TLS
explicitTLS: true
# SMTP port
port: 465
# SMTP username
user: "bitwarden@{{ domain }}"
# SMTP password. Required is user is specified, ignored if no user provided
password: "{{ bitwarden_ldap_pass | default(bitwarden_ldap_password) }}"
timeout: 120
2021-01-09 17:54:42 +00:00
env:
LOG_LEVEL: "debug"
# If you plan to run the WebUI on a port other than port 80, specify that here:
# For example, if running the container as a non-root user.
# ROCKET_PORT: "80"
persistence:
enabled: true
accessMode: "{{ bitwarden_storage_mode | default('ReadWriteMany') }}"
size: "{{ bitwarden_size | default('8Gi') }}"
storageClass: "{{ bitwarden_storage | default('nfs-ssd') }}"
type: deployment
2021-01-09 17:54:42 +00:00
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
cert-manager.io/acme-dns01-provider: "rfc2136"
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/tls-acme: "true"
hosts:
- host: "bitwarden.{{ domain }}"
paths: ["/"]
2021-01-09 17:54:42 +00:00
tls:
- secretName: "bitwarden.{{ domain }}-tls"
hosts:
- "bitwarden.{{ domain }}"