ansible-roles/roles/vaultwarden/defaults/main.yml

---

vaultwarden_version: 1.32.7
vaultwarden_archive_url: https://github.com/dani-garcia/vaultwarden/archive/{{ vaultwarden_version }}.tar.gz
vaultwarden_archive_sha256: 9452e9acf5ebbbf71ea1427750b4c39f3a4a6989edcced1d0dc7e1a47086c6df

vaultwarden_web_version: 2024.6.2c
vaultwarden_web_archive_url: https://github.com/dani-garcia/bw_web_builds/releases/download/v{{ vaultwarden_web_version }}/bw_web_v{{ vaultwarden_web_version }}.tar.gz
vaultwarden_web_archive_sha256: ff26268b6ff667d7db93891381b029a599aa59f8ecd56c6756ab7205b0e4c854

vaultwarden_root_dir: /opt/vaultwarden
vaultwarden_user: vaultwarden

# Database : can be sqlite or mysql
vaultwarden_db_engine: sqlite
vaultwarden_db_server: "{{ mysql_server | default('localhost') }}"
vaultwarden_db_port: 3306
vaultwarden_db_name: vaultwarden
vaultwarden_db_user: vaultwarden
# A random one will be created if not defined
# bitwaren_db_pass: S3cr3t.

# Port on which vaultwarden will bind
vaultwarden_http_port: 8000
# List of IP addresses (can be CIDR notation) which will be able to
# access vaultwarden ports
vaultwarden_src_ip: []
vaultwarden_web_src_ip: []

# Public URL on which vaultwarden will be accessible
vaultwarden_public_url: http://{{ inventory_hostname }}:{{ vaultwarden_http_port }}

# Should registration be enabled
vaultwarden_registration: False
# List of domain names for which registration will be accepted
# Those domains will be accepted for registration even if vaultwarden_registration is set to False
vaultwarden_domains_whitelist:
  - "{{ ansible_domain }}"

# Admin Token to access /admin. A random one is created if not defined
# vaultwarden_admin_token: S3cr3t.

# Or you can just disable the admin token. But you have to protect /admin yourself (eg, on a reverse proxy)
vaultwarden_disable_admin_token: False

# YubiKey settings
# vaultwarden_yubico_client_id: XXXX
# vaultwarden_yubico_secret_key: XXXX