forked from dadatuputi/bitwarden_gcloud
-
Notifications
You must be signed in to change notification settings - Fork 1
/
.env.template
139 lines (121 loc) · 4.66 KB
/
.env.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
### GLOBAL VARIABLES ###
# The fully-qualified domain name for Vaultwarden - what address do you want Vaultwarden accessible?
# Do not include the protocol (http/https), that is added when needed in docker-compose.yml
# Used for caddy proxy and ddns with Cloudflare
DOMAIN=
# Timezone - used by some containers for logs / cron
# Find your location on this list and use the value in TZ Database Name, e.g Europe/Rome:
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=
# SMTP settings for Vaultwarden and fail2ban
# Uncomment and fill in details if you want to use e-mail invitations from Vaultwarden and e-mail alerts with fail2ban
# SMTP_SECURITY should be either starttls, force_tls, or off
# (see https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration)
SMTP_HOST=
SMTP_FROM=
SMTP_PORT=
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_SECURITY=
## For fail2ban
## YES or NO
SMTP_TLS=
## Admin e-mail address
SMTP_ADMIN=
### VAULTWARDEN VARIABLES ###
# Setting up Vaultwarden for the first time can be done in two ways:
# Uncomment the method you want to use / comment the one you don't
# Method 1. [RECOMMENDED] because it avoids the admin page entirely; using the admin
# page overrides these environmental variables which can cause confusion.
# 1. Set up your primary account(s) while SIGNUPS_ALLOWED=true
# 2. Set SIGNUPS_ALLOWED=false
# 3. Set the SMTP details above to enable e-mail invitation
# 4. Invite other users from within Vaultwarden
# Keep ADMIN_TOKEN blank to disable access to the admin page entirely.
SIGNUPS_ALLOWED=true
ADMIN_TOKEN=
# Method 2. Use the admin page to create your first user(s) then disable it.
# 1. Set ADMIN_TOKEN using gthe command `openssl rand -base64 48`
# 2. Use the admin page (/admin) to create your initial user(s).
# 3. Disable the admin page by clearing the token (ADMIN_TOKEN=)
#SIGNUPS_ALLOWED=false
#ADMIN_TOKEN=
## Enables push notifications (requires key and id from https://bitwarden.com/host)
#PUSH_ENABLED=true
#PUSH_INSTALLATION_ID=
#PUSH_INSTALLATION_KEY=
## Don't change this unless you know what you're doing.
# PUSH_RELAY_BASE_URI=https://push.bitwarden.com
## Yubico (Yubikey) Settings
## You can generate it here: https://upgrade.yubico.com/getapikey/
YUBICO_CLIENT_ID=
YUBICO_SECRET_KEY=
YUBICO_SERVER=
## Duo Settings
## Create an account and protect an application as mentioned in this link (only the first step, not the rest):
## https://help.bitwarden.com/article/setup-two-step-login-duo/#create-a-duo-security-account
## Integration, Secret, and Hostname can be found in the Duo Admin Panel
DUO_IKEY=
DUO_SKEY=
DUO_HOST=
# Specfiy which user email addresses can create organizations
# Leave blank to allow all users
ORG_CREATION_USERS=
## HIBP Api Key
## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key
# HIBP_API_KEY=
## Vaultwarden Backup Options
#
#
# GENERAL OPTIONS:
#
# How often to run the backup script; default is daily at midnight
BACKUP_SCHEDULE=0 0 * * *
# How many days of backups to keep
BACKUP_DAYS=30
# Directory to place backups in (& sync from in rclone)
BACKUP_DIR=/data/backups
# Emails can be sent for either email backup or notifying of rclone|local backup
BACKUP_EMAIL_FROM_NAME="Vaultwarden Backup"
# Optional encryption key for backup
# BACKUP_ENCRYPTION_KEY="<key to encrypt backup - optional, bw data is encrypted at rest>"
# Email address to send backup (BACKUP=email) or notifications (BACKUP=rclone && BACKUP_RCLONE_NOTIFY=true)
BACKUP_EMAIL_TO="<email to send the backup to>"
# Send email notification for rclone|local backup jobs
BACKUP_EMAIL_NOTIFY=true
#
#
# Backup type is one of local|email|rclone - uncomment one:
#
# LOCAL BACKUP OPTIONS
#
# Just uncomment this
# BACKUP=local
#
# EMAIL BACKUP OPTIONS:
#
# Just uncomment this; uses email settings above
# BACKUP=email
#
# RCLONE BACKUP OPTIONS:
#
# rclone:
# 1. Uncomment lines below and `docker-compose up -d`
# 2. With vaultwarden running, configure rclone with the following command:
# sudo docker exec -it vaultwarden rclone config --config $BACKUP_RCLONE_CONF
# 3. Follow the prompts and instructions at https://rclone.org/remote_setup/ - you
# will most likely need to download a rclone on another computer (it is portable)
# to authorize
# 4. The script should run as normal with a working configuration file
# BACKUP=rclone
# BACKUP_RCLONE_CONF=/data/rclone.conf
# BACKUP_RCLONE_DEST=/bw_backup
### CLOUDFLARE VARIABLES ###
# Cloudflare User and API Token for Fail2Ban IP Bans
CF_USER=
CF_TOKEN=
# Cloudflare Tunnel Token
CF_TUNNEL_TOKEN=
### WATCHTOWER VARIABLES ###
# How often should watchtower check for updated container images? Default is every Sunday at 3am
WATCHTOWER_SCHEDULE=0 0 3 ? * 1