vaultwarden/variables.yml

---

# Name of this instance (job and service name)
instance: vaultwarden

vaultwarden:

  # Server settings
  server:

    # Version to deploy
    version: 1.30.5

    # Docker image to use
    image: vaultwarden/server:[[ .vaultwarden.server.version ]]-alpine

    # Number of instances to run
    count: 1


    # List of features to enable when building image
    # (not used for now)
    features:
      - postgresql

    # List of vault policies to attach to the task
    vault:
      policies:
        - '[[ .instance ]][[ .consul.suffix ]]'
      # A list of random secrets to generate if not present in vault kv store
      rand_secrets:
        fields:
          - admin_token

    # Postgres settings
    postgres:
      pooler:
        mode: session

    # Resources allocation
    resources:
      cpu: 300
      memory: 128

    # Consul settings
    consul:
      connect:
        upstreams:
          - destination_name: '[[ .mail.smtp_service_name ]]'
            local_bind_port: 25
          - destination_name: postgres[[ .consul.suffix ]]
            local_bind_port: 5432
    wait_for:
      - service: master.postgres[[ .consul.suffix ]]

    # Environment variables to set in the container
    env:
      ORG_EVENTS_ENABLED: 'true'
      EVENTS_DAYS_RETAIN: 720
      SIGNUPS_VERIFY: 'true'
      SMTP_HOST: localhost
      SMTP_PORT: 25
      SMTP_FROM: vaultwarden-no-reply@[[ .consul.domain ]]
      SMTP_SECURITY: off
      TRASH_AUTO_DELETE_DAYS: 7
      INCOMPLETE_2FA_TIME_LIMIT: 5
      USER_ATTACHMENT_LIMIT: 204800
  
    # Public URL of the service
    public_url: https://vaultwarden.example.org/

    # Traefik settings
    traefik:
      # Makes sure
      priority: 100
      csp:
        default-src: "'self'"
        img-src: "'self' data: https://www.gravatar.com"
        script-src: "'self' 'unsafe-inline' 'unsafe-eval'"
        style-src: "'self' 'unsafe-inline'"
        font-src: "'self' data:"
        connect-src: "'self' https://api.pwnedpasswords.com https://api.2fa.directory"

  # Settings for the /admin interface
  # Note that this interface is disabled unless ADMIN_TOKEN env var is set
  admin:
    public_url: '[[ .vaultwarden.server.public_url ]]/admin'
    # If enabled, we can set specific Traefik middlewares
    traefik:
      strip_prefix: false
      router: admin
      priority: 200

  # Volumes for data persistance
  volumes:
    data:
      type: csi
      source: vaultwarden-data
      access_mode: multi-node-multi-writer
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`---`

Cleanup 2023-12-21 23:32:14 +01:00			`# Name of this instance (job and service name)`
			`instance: vaultwarden`

Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`vaultwarden:`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00
			`# Server settings`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`server:`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00
Update to 1.30.2 2024-01-31 10:42:07 +01:00			`# Version to deploy`
Update to 1.30.5 2024-03-02 22:13:47 +01:00			`version: 1.30.5`
Update to 1.30.2 2024-01-31 10:42:07 +01:00
			`# Docker image to use`
			`image: vaultwarden/server:[[ .vaultwarden.server.version ]]-alpine`

Add comment + minor fixes 2023-11-18 23:19:27 +01:00			`# Number of instances to run`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`count: 1`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00

			`# List of features to enable when building image`
			`# (not used for now)`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`features:`
			`- postgresql`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`# List of vault policies to attach to the task`
			`vault:`
			`policies:`
			`- '[[ .instance ]][[ .consul.suffix ]]'`
Generate a random admin_token if needed 2024-01-31 11:51:52 +01:00			`# A list of random secrets to generate if not present in vault kv store`
			`rand_secrets:`
			`fields:`
			`- admin_token`
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00
			`# Postgres settings`
			`postgres:`
Force pooler in session mode 2024-01-13 14:23:03 +01:00			`pooler:`
			`mode: session`
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00
Add comment + minor fixes 2023-11-18 23:19:27 +01:00			`# Resources allocation`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`resources:`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00			`cpu: 300`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`memory: 128`

Add comment + minor fixes 2023-11-18 23:19:27 +01:00			`# Consul settings`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`consul:`
			`connect:`
			`upstreams:`
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`- destination_name: '[[ .mail.smtp_service_name ]]'`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`local_bind_port: 25`
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`- destination_name: postgres[[ .consul.suffix ]]`
			`local_bind_port: 5432`
			`wait_for:`
			`- service: master.postgres[[ .consul.suffix ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
Add comment + minor fixes 2023-11-18 23:19:27 +01:00			`# Environment variables to set in the container`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`env:`
			`ORG_EVENTS_ENABLED: 'true'`
			`EVENTS_DAYS_RETAIN: 720`
			`SIGNUPS_VERIFY: 'true'`
			`SMTP_HOST: localhost`
			`SMTP_PORT: 25`
			`SMTP_FROM: vaultwarden-no-reply@[[ .consul.domain ]]`
			`SMTP_SECURITY: off`
			`TRASH_AUTO_DELETE_DAYS: 7`
			`INCOMPLETE_2FA_TIME_LIMIT: 5`
			`USER_ATTACHMENT_LIMIT: 204800`

Add comment + minor fixes 2023-11-18 23:19:27 +01:00			`# Public URL of the service`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`public_url: https://vaultwarden.example.org/`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00
			`# Traefik settings`
Use traefik_tags template 2024-01-27 00:11:39 +01:00			`traefik:`
			`# Makes sure`
			`priority: 100`
			`csp:`
			`default-src: "'self'"`
			`img-src: "'self' data: https://www.gravatar.com"`
			`script-src: "'self' 'unsafe-inline' 'unsafe-eval'"`
			`style-src: "'self' 'unsafe-inline'"`
			`font-src: "'self' data:"`
			`connect-src: "'self' https://api.pwnedpasswords.com https://api.2fa.directory"`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00
			`# Settings for the /admin interface`
			`# Note that this interface is disabled unless ADMIN_TOKEN env var is set`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`admin:`
Use traefik_tags template 2024-01-27 00:11:39 +01:00			`public_url: '[[ .vaultwarden.server.public_url ]]/admin'`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00			`# If enabled, we can set specific Traefik middlewares`
Use traefik_tags template 2024-01-27 00:11:39 +01:00			`traefik:`
			`strip_prefix: false`
Update to 1.30.2 2024-01-31 10:42:07 +01:00			`router: admin`
Use traefik_tags template 2024-01-27 00:11:39 +01:00			`priority: 200`
Add comment + minor fixes 2023-11-18 23:19:27 +01:00
			`# Volumes for data persistance`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`volumes:`
			`data:`
			`type: csi`
			`source: vaultwarden-data`
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`access_mode: multi-node-multi-writer`