skylab/skylab-ansible
Archived
2
0
Fork 0
Code Pull Requests Releases Activity
This repository has been archived on 2023-05-19. You can view files and clone it, but cannot push or open issues or pull requests.
Files
5af818c3872735ea1b16ac7bcbfc3b326598a40c
skylab-ansible/resources/docker-compose/bitwarden.yaml.j2

215 lines
6.6 KiB
Django/Jinja
Raw Blame History

---
version: "{{ skylab_compose_version }}"
x-global-env: &globalenv
LOCAL_UID: "{{ _app_account.uid }}"
LOCAL_GID: "{{ _app_account.uid }}"
ASPNETCORE_ENVIRONMENT: Production
globalSettings__selfHosted: "true"
globalSettings__baseServiceUri__vault: https://{{ app.domain }}
globalSettings__baseServiceUri__api: https://{{ app.domain }}/api
globalSettings__baseServiceUri__identity: https://{{ app.domain }}/identity
globalSettings__baseServiceUri__admin: https://{{ app.domain }}/admin
globalSettings__baseServiceUri__notifications: https://{{ app.domain }}/notifications
globalSettings__baseServiceUri__internalNotifications: http://bitwarden_notifications:5000
globalSettings__baseServiceUri__internalAdmin: http://bitwarden_admin:5000
globalSettings__baseServiceUri__internalIdentity: http://bitwarden_identity:5000
globalSettings__baseServiceUri__internalApi: http://bitwarden_api:5000
globalSettings__baseServiceUri__internalVault: http://bitwarden_web:5000
globalSettings__pushRelayBaseUri: https://push.bitwarden.com
globalSettings__installation__identityUri: https://identity.bitwarden.com
globalSettings__sqlServer__connectionString: "Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=e934c0bb-3b5a-4e6b-b525-cd6d83004e1a;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True"
globalSettings__identityServer__certificatePassword: {{ app.settings.certificatePassword }}
globalSettings__attachment__baseDirectory: /etc/bitwarden/core/attachments
globalSettings__attachment__baseUrl: https://{{ app.domain }}/attachments
globalSettings__dataProtection__directory: /etc/bitwarden/core/aspnet-dataprotection
globalSettings__logDirectory: /etc/bitwarden/logs
globalSettings__licenseDirectory: /etc/bitwarden/core/licenses
globalSettings__internalIdentityKey: {{ app.settings.internalIdentityKey }}
globalSettings__duo__aKey: {{ app.settings.duo__aKey }}
globalSettings__installation__id: {{ app.settings.installation__id }}
globalSettings__installation__key: {{ app.settings.installation__key }}
globalSettings__yubico__clientId: REPLACE
globalSettings__yubico__key: REPLACE
globalSettings__mail__replyToEmail: noreply@enp.one
globalSettings__mail__smtp__host: REPLACE
globalSettings__mail__smtp__port: "587"
globalSettings__mail__smtp__ssl: "false"
globalSettings__mail__smtp__username: REPLACE
globalSettings__mail__smtp__password: REPLACE
globalSettings__disableUserRegistration: "false"
globalSettings__hibpApiKey: REPLACE
adminSettings__admins: ""
volumes:
{% for key, value in app.volumes.items() %}
bitwarden-{{ key }}:
name: datastore{{ value }}
driver: glusterfs
{% endfor %}
networks:
bitwarden_internal:
internal: true
name: bitwarden_internal
driver: overlay
ipam:
driver: default
config:
- subnet: {{ app.networks.internal }}
bitwarden_external:
internal: false
name: bitwarden_external
driver: overlay
ipam:
driver: default
config:
- subnet: {{ app.networks.external }}
services:
mssql:
image: bitwarden/mssql:{{ app.versions.mssql }}
stop_grace_period: 60s
networks:
- bitwarden_internal
volumes:
- bitwarden-db-data:/var/opt/mssql/data
- bitwarden-db-backup:/etc/bitwarden/mssql/backups
- bitwarden-logs-db:/var/opt/mssql/log
environment:
LOCAL_UID: "{{ _app_account.uid }}"
LOCAL_GID: "{{ _app_account.uid }}"
ACCEPT_EULA: "Y"
MSSQL_PID: Express
SA_PASSWORD: {{ app.settings.SA_PASSWORD }}
deploy:
replicas: 1
web:
image: bitwarden/web:{{ app.versions.web }}
networks:
- bitwarden_internal
volumes:
- bitwarden-web:/etc/bitwarden/web
environment: *globalenv
deploy:
replicas: 1
attachments:
image: bitwarden/attachments:{{ app.versions.attachments }}
networks:
- bitwarden_internal
volumes:
- bitwarden-core:/etc/bitwarden/core
environment: *globalenv
deploy:
replicas: 1
api:
image: bitwarden/api:{{ app.versions.api }}
volumes:
- bitwarden-core:/etc/bitwarden/core
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-api:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
identity:
image: bitwarden/identity:{{ app.versions.identity }}
volumes:
- bitwarden-identity:/etc/bitwarden/identity
- bitwarden-core:/etc/bitwarden/core
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-identity:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
admin:
image: bitwarden/admin:{{ app.versions.admin }}
depends_on:
- mssql
volumes:
- bitwarden-core:/etc/bitwarden/core
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-admin:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
icons:
image: bitwarden/icons:{{ app.versions.icons }}
volumes:
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-icons:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
notifications:
image: bitwarden/notifications:1.40.0
volumes:
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-notifications:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
events:
image: bitwarden/events:{{ app.versions.events }}
volumes:
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-events:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
nginx:
image: bitwarden/nginx:{{ app.versions.nginx }}
depends_on:
- web
- admin
- api
- identity
ports:
- published: {{ app.ports.8080 }}
target: 8080
protocol: tcp
mode: ingress
- published: {{ app.ports.8443 }}
target: 8443
protocol: tcp
mode: ingress
volumes:
- bitwarden-nginx-data:/etc/bitwarden/nginx
- bitwarden-ssl:/etc/ssl
- bitwarden-logs-nginx:/var/log/nginx
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
View Git Blame Copy Permalink