95 lines
3.1 KiB
YAML
95 lines
3.1 KiB
YAML
---
|
|
|
|
# Version to deploy
|
|
psono_server_version: 1.13.5
|
|
psono_server_archive_url: https://gitlab.com/psono/psono-server/-/archive/v{{ psono_server_version }}/psono-server-v{{ psono_server_version }}.tar.gz
|
|
psono_server_archive_sha1: 49ebacb389e01b7a6007b6c94468d60714cae658
|
|
|
|
psono_client_version: 1.15.6
|
|
psono_client_archive_url: https://psono.jfrog.io/psono/psono/client/v{{ psono_client_version }}/webclient.zip
|
|
psono_client_archive_sha1: 8ab1a2270afb6a3542bdb618b4c11dc21f869a40
|
|
|
|
psono_admin_version: 1.1.0
|
|
psono_admin_archive_url: https://psono.jfrog.io/psono/psono/admin-client/v1.1.0/webclient.zip
|
|
psono_admin_archive_sha1: 43b5621c43da2604eb1ec827ab8f9b7d8729aef0
|
|
|
|
# Should ansible manage upgrades or only initial install
|
|
psono_manage_upgrade: True
|
|
|
|
# Directory where psono will be installed
|
|
psono_root_dir: /opt/psono
|
|
|
|
# Psono database settings
|
|
psono_db_server: "{{ pg_server | default('localhost') }}"
|
|
psono_db_port: 5432
|
|
psono_db_name: psono
|
|
psono_db_user: psono
|
|
# Will be generated if not defined
|
|
#psono_db_pass: S3crEt.
|
|
|
|
# Unix account under which psono will run
|
|
psono_user: psono
|
|
|
|
# TCP port on which psono server will bind
|
|
psono_server_port: 5130
|
|
# List of IP / cidr for which the port will be opened
|
|
psono_server_src_ip: []
|
|
# LIst of IP / cidr for which access through nginx will be allowed
|
|
psono_web_src_ip: []
|
|
|
|
# psono_secret_key:
|
|
# psono_activtion_link_secret:
|
|
# psono_db_secret:
|
|
# psono_email_secret_salt:
|
|
# psono_private_key:
|
|
# psono_public_key:
|
|
|
|
psono_allowed_hosts:
|
|
- '*'
|
|
psono_allowed_domains:
|
|
- "{{ ansible_domain }}"
|
|
- "{{ psono_public_url | urlsplit('hostname') }}"
|
|
|
|
psono_allow_lost_password: False
|
|
# Should user registration be allowed
|
|
psono_allow_registration: True
|
|
# Optional list of email domains which will be accepted for registration
|
|
# psono_registration_email_filter: []
|
|
|
|
# Public URL on which you can access psono
|
|
# will most likely need to be adapted (point on your rev proxy)
|
|
psono_public_url: http://{{ inventory_hostname }}:{{ psono_server_port }}
|
|
|
|
# Certificate for nginx proxy
|
|
# You can either specify a path for cert and key
|
|
# psono_cert_path: /path/to/cert.pem
|
|
# psono_key_path: /path/to/key.pem
|
|
#
|
|
# Or you can set this to the name of a certificate obtained with dehydrated
|
|
# psono_letsencrypt_cert: psono.domain.tld
|
|
#
|
|
# Or you can just set it to True so Let's Encrypt cert will be created based on the hostname in the public_url
|
|
# psono_letsencrypt_cert: True
|
|
psono_letsencrypt_cert: False
|
|
|
|
# From email used
|
|
psono_from_email: psono-noreply@{{ ansible_domain }}
|
|
|
|
# Psono can use redis to cache stuff
|
|
psono_redis_server: redis://localhost:6379/3
|
|
|
|
# config.json for both client and admin
|
|
psono_client_base_config:
|
|
backend_servers:
|
|
- title: Psono Password Manager
|
|
url: "{{ psono_public_url | default('') }}"
|
|
base_url: "{{ psono_public_url | default('') }}"
|
|
allow_custom_server: False
|
|
allow_registration: "{{ psono_allow_registration }}"
|
|
allow_lost_password: "{{ psono_allow_lost_password }}"
|
|
authentication_methods:
|
|
- AUTHKEY
|
|
psono_client_extra_conf: {}
|
|
psono_client_conf: "{{ psono_client_base_config | combine(psono_client_extra_conf, recursive=True) }}"
|
|
|