Compare commits
No commits in common. "bc40fcae370f2867b89b8dca02df29d11c4299bf" and "a1ff343f7da23e92381a756bf3c6a8a80fa8087f" have entirely different histories.
bc40fcae37
...
a1ff343f7d
@ -8,6 +8,3 @@ PIHOLE_WEBPWD=
|
|||||||
STEP_CA_ROOT_PASSWORD=
|
STEP_CA_ROOT_PASSWORD=
|
||||||
STEP_CA_INTERMEDIATE_PASSWORD=
|
STEP_CA_INTERMEDIATE_PASSWORD=
|
||||||
OPENVPN_USER=
|
OPENVPN_USER=
|
||||||
|
|
||||||
VAULTWARDEN_ADMIN_TOKEN=
|
|
||||||
INFO_FROM_PASSWORD=
|
|
@ -1,4 +0,0 @@
|
|||||||
- name: vaultwarden setup
|
|
||||||
hosts: vaultwarden
|
|
||||||
roles:
|
|
||||||
- vaultwarden
|
|
@ -1,3 +0,0 @@
|
|||||||
---
|
|
||||||
vaultwarden_admin_token: "{{ lookup('env', 'VAULTWARDEN_ADMIN_TOKEN') }}"
|
|
||||||
email_password: "{{ lookup('env', 'INFO_FROM_PASSWORD') }}"
|
|
@ -34,9 +34,6 @@ johan ansible_user=root ansible_connection=ssh
|
|||||||
[pihole]
|
[pihole]
|
||||||
johan ansible_user=root ansible_connection=ssh
|
johan ansible_user=root ansible_connection=ssh
|
||||||
|
|
||||||
[vaultwarden]
|
|
||||||
johan ansible_user=root ansible_connection=ssh
|
|
||||||
|
|
||||||
[lldap]
|
[lldap]
|
||||||
johan ansible_user=root ansible_connection=ssh
|
johan ansible_user=root ansible_connection=ssh
|
||||||
|
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name vaultwarden.internal.simponic.xyz;
|
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
|
||||||
root /var/www/letsencrypt;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
rewrite ^ https://vaultwarden.internal.simponic.xyz$request_uri? permanent;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,32 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
server_name vaultwarden.internal.simponic.xyz;
|
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/vaultwarden.internal.simponic.xyz/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/vaultwarden.internal.simponic.xyz/privkey.pem;
|
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/vaultwarden.internal.simponic.xyz/fullchain.pem;
|
|
||||||
|
|
||||||
ssl_session_cache shared:SSL:50m;
|
|
||||||
ssl_session_timeout 5m;
|
|
||||||
ssl_stapling on;
|
|
||||||
ssl_stapling_verify on;
|
|
||||||
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
||||||
|
|
||||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:8652;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header Host $server_name;
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
||||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
- name: ensure vaultwarden docker/compose exist
|
|
||||||
file:
|
|
||||||
path: /etc/docker/compose/vaultwarden
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0700
|
|
||||||
|
|
||||||
- name: build vaultwarden docker-compose.yml.j2
|
|
||||||
template:
|
|
||||||
src: ../templates/docker-compose.yml.j2
|
|
||||||
dest: /etc/docker/compose/vaultwarden/docker-compose.yml
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=r
|
|
||||||
|
|
||||||
- name: daemon-reload and enable vaultwarden
|
|
||||||
ansible.builtin.systemd_service:
|
|
||||||
state: restarted
|
|
||||||
enabled: true
|
|
||||||
name: docker-compose@vaultwarden
|
|
@ -1,36 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
vaultwarden:
|
|
||||||
container_name: vaultwarden
|
|
||||||
image: vaultwarden/server:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- ./data/:/data/
|
|
||||||
ports:
|
|
||||||
- 8652:80
|
|
||||||
environment:
|
|
||||||
- DOMAIN=https://vaultwarden.internal.simponic.xyz
|
|
||||||
- LOGIN_RATELIMIT_MAX_BURST=10
|
|
||||||
- LOGIN_RATELIMIT_SECONDS=60
|
|
||||||
- ADMIN_RATELIMIT_MAX_BURST=10
|
|
||||||
- ADMIN_RATELIMIT_SECONDS=60
|
|
||||||
- ADMIN_TOKEN={{ vaultwarden_admin_token }}
|
|
||||||
- SENDS_ALLOWED=true
|
|
||||||
- EMERGENCY_ACCESS_ALLOWED=true
|
|
||||||
- WEB_VAULT_ENABLED=true
|
|
||||||
|
|
||||||
- SIGNUPS_ALLOWED=false
|
|
||||||
- SIGNUPS_VERIFY=true
|
|
||||||
- SIGNUPS_VERIFY_RESEND_TIME=3600
|
|
||||||
- SIGNUPS_VERIFY_RESEND_LIMIT=5
|
|
||||||
- SIGNUPS_DOMAINS_WHITELIST=simponic.xyz
|
|
||||||
|
|
||||||
- SMTP_HOST=mail.simponic.xyz
|
|
||||||
- SMTP_FROM=info@simponic.xyz
|
|
||||||
- SMTP_FROM_NAME=VaultWarden
|
|
||||||
- SMTP_SECURITY=starttls
|
|
||||||
- SMTP_PORT=587
|
|
||||||
- SMTP_USERNAME=info@simponic.xyz
|
|
||||||
- SMTP_PASSWORD={{ email_password }}
|
|
||||||
- SMTP_AUTH_MECHANISM="Plain"
|
|
Loading…
Reference in New Issue
Block a user