bitwarden: user customization

- ability to set whitelist IP's to allow access to bitwarden using
  `bitwarden_ip_whitelist`
This commit is contained in:
Primoz Cankar 2021-11-11 16:14:06 +01:00 committed by Primoz Cankar
parent 639dc47806
commit bf797e525b
2 changed files with 5 additions and 0 deletions

View file

@ -5,6 +5,7 @@ bitwarden_data_directory: "{{ docker_home }}/bitwarden"
bitwarden_port_a: "19080" bitwarden_port_a: "19080"
bitwarden_port_b: "3012" bitwarden_port_b: "3012"
bitwarden_hostname: "bitwarden" bitwarden_hostname: "bitwarden"
bitwarden_ip_whitelist: "0.0.0.0/0"
# Keep this token secret, this is password to access admin area of your server! # Keep this token secret, this is password to access admin area of your server!
# This token can be anything, but it's recommended to use a long, randomly generated string of characters, # This token can be anything, but it's recommended to use a long, randomly generated string of characters,

View file

@ -3,6 +3,7 @@
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
mode: '0755'
with_items: with_items:
- "{{ bitwarden_data_directory }}" - "{{ bitwarden_data_directory }}"
@ -28,13 +29,16 @@
traefik.http.routers.bitwarden.tls.domains[0].main: "{{ ansible_nas_domain }}" traefik.http.routers.bitwarden.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.bitwarden.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" traefik.http.routers.bitwarden.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.routers.bitwarden.service: "bitwarden" traefik.http.routers.bitwarden.service: "bitwarden"
traefik.http.routers.bitwarden.middlewares: "bitwarden-ipwhitelist@docker"
traefik.http.services.bitwarden.loadbalancer.server.port: "80" traefik.http.services.bitwarden.loadbalancer.server.port: "80"
traefik.http.routers.bitwarden-ws.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`) && Path(`/notifications/hub`)" traefik.http.routers.bitwarden-ws.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`) && Path(`/notifications/hub`)"
traefik.http.routers.bitwarden-ws.tls.certresolver: "letsencrypt" traefik.http.routers.bitwarden-ws.tls.certresolver: "letsencrypt"
traefik.http.routers.bitwarden-ws.tls.domains[0].main: "{{ ansible_nas_domain }}" traefik.http.routers.bitwarden-ws.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.bitwarden-ws.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" traefik.http.routers.bitwarden-ws.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.routers.bitwarden-ws.service: "bitwarden-ws" traefik.http.routers.bitwarden-ws.service: "bitwarden-ws"
traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipwhitelist@docker"
traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012" traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012"
traefik.http.middlewares.bitwarden-ipwhitelist.ipwhitelist.sourcerange: "{{ bitwarden_ip_whitelist }}"
memory: "{{ bitwarden_memory }}" memory: "{{ bitwarden_memory }}"
restart_policy: unless-stopped restart_policy: unless-stopped