• Mandatory variables
• Optional variables
  • SMTP Example:
  • Push relay example
  • Enable Yubico
• Improve compilation time
• Update

Mandatory variables

Variable	Description	Type of variable	Sample value
pg_version	major postgres version	int	14
vaultwarden_domain	servername	string	password-management.cosium.com

Optional variables

Variable	Description	Type of variable	Sample value
vaultwarden_version	version of vaultwarden core	string	1.25.0
vaultwarden_web_vault_version	version of vaultwarden web-vault	string	v2022.05.0
vaultwarden_ldap_version	version of vaultwarden ldap	string	v0.6.2
vaultwarden_rocket_address	bind ip of vaultwarden core	string	0.0.0.0
vaultwarden_websocket_address	bind ip for websocket	bool	True
vaultwarden_ldap	enable vaultwarden ldap	bool	True
vaultwarden_org_name	name shown in the invitation emails	string	Password Management Platform
vaultwarden_signups_domain_whitelist	controls if new users from a list of comma-separated domains can register	string	cosium.com
vaultwarden_push_installation_id	push relay token id	string	see documentation
vaultwarden_push_installation_key	push relay token key	string	see documentation
vaultwarden_yubico_id	enable yubico TOTP	string	see documentation
vaultwarden_smtp_config	config an email server to send invitation and other informations	list	see documentation

SMTP Example:

You can also override the SMTP configuration, here is the default configuration:

vaultwarden_smtp_config:
  SMTP_HOST: 127.0.0.1
  SMTP_FROM: "{{ ansible_hostname }}@infra.cosium.net"
  SMTP_PORT: 25
  SMTP_SECURITY: "off"

Push relay example

The "Push Relay" feature enables live auto-synchronization on mobile applications. Official Bitwarden Doc: https://bitwarden.com/help/configure-push-relay/

To activate it, generate a token (in EU region) on the Bitwarden website: https://bitwarden.com/host/ You will then need to define these variables, for example, by registering the key in hashicorpvault:

vaultwarden_push_installation_id: "f9f8a455-3eef-4395-a29d-b03b01010637"
vaultwarden_push_installation_key: "{{ lookup('hashi_vault', 'secret=cosium-kv/data/' + host_vars_location + '/' + ansible_hostname)['vaultwarden_push_installation_key'] }}"

Enable Yubico

You need at least a yubico key to activate this feature.

1. First, generate an OTP code by following this documentation.
2. Once you have your OTP code, you can generate an API key to use the service.
3. You'll then need to set the vaultwarden_yubico_id variable to ansible and add the secret key to hashicropvault under the name vaultwarden_yubico_secret_key.
4. Run ansible

Improve compilation time

You can speed up the compilation of Vaultwarden for an installation or update by increasing its resources.

CPU	RAM	Compilation time
1	4GB	287.19s
4	4GB	249.40s
32	40GB	146.71s
128	40GB	113.26s

Update

To update vaultwarden, add this parameter: --extra-vars '{ "vaultwarden_update_now" : true }'. To update vaultwarden web-vault, add this parameter: --extra-vars '{ "vaultwarden_web_vault_update_now" : true }'. To update vaultwarden ldap, add this parameter: --extra-vars '{ "vaultwarden_ldap_update_now" : true }'.

This role will also update if this parameter is present: --extra-vars "global_update_now=true" , true is case sensitive since it's evaluated as a string in this case.