## Vaultwarden Configuration File ## Uncomment any of the following lines to change the defaults ## ## Be aware that most of these settings will be overridden if they were changed ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json . ## Main data folder DATA_FOLDER=/srv/vaultwarden ## Database URL ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3 # DATABASE_URL=data/db.sqlite3 ## When using MySQL, specify an appropriate connection URI. ## Details: https://docs.diesel.rs/diesel/mysql/struct.MysqlConnection.html # DATABASE_URL=mysql://user:password@host[:port]/database_name ## When using PostgreSQL, specify an appropriate connection URI (recommended) ## or keyword/value connection string. ## Details: ## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING # DATABASE_URL=postgresql://user:password@host[:port]/database_name #>GNUNUX DATABASE_URL=postgresql://{{ general.postgresql.pg_client_username }}:{{ general.postgresql.pg_client_password }}@{{ general.postgresql.pg_client_server_domainname }}/{{ general.postgresql.pg_client_database }}?sslmode=verify-full&sslcert={{ general.tls_cert_directory }}/postgresql.crt&sslkey={{ general.tls_key_directory }}/postgresql.key&sslrootcert={{ general.tls_ca_directory }}/PostgreSQL.crt #GNUNUX IP_HEADER=X-Real-IP #GNUNUX INVITATION_ORG_NAME={{ general.vaultwarden.vaultwarden_org_name }} #GNUNUX {% set location = general.revprox.revprox_client.revprox_client_external_domainnames[0].revprox_client_location %} {% if location.endswith('/') %} {% set location = location[:-1] %} {% endif %} DOMAIN=https://{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}{{ location }} # # DUO_SKEY= # DUO_HOST= ## After that, you should be able to follow the rest of the guide linked above, ## ignoring the fields that ask for the values that you already configured beforehand. ## Authenticator Settings ## Disable authenticator time drifted codes to be valid. ## TOTP codes of the previous and next 30 seconds will be invalid ## ## According to the RFC6238 (https://tools.ietf.org/html/rfc6238), ## we allow by default the TOTP code which was valid one step back and one in the future. ## This can however allow attackers to be a bit more lucky with there attempts because there are 3 valid codes. ## You can disable this, so that only the current TOTP Code is allowed. ## Keep in mind that when a sever drifts out of time, valid codes could be marked as invalid. ## In any case, if a code has been used it can not be used again, also codes which predates it will be invalid. # AUTHENTICATOR_DISABLE_TIME_DRIFT=false ## Rocket specific settings ## See https://rocket.rs/v0.4/guide/configuration/ for more details. # ROCKET_ADDRESS=0.0.0.0 # ROCKET_PORT=80 # Defaults to 80 in the Docker images, or 8000 otherwise. # ROCKET_WORKERS=10 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} #>GNUNUX ROCKET_ADDRESS=0.0.0.0 ROCKET_PORT=443 ROCKET_TLS='{certs="/etc/pki/tls/certs/revprox.crt",key="/etc/pki/tls/private/revprox.key"}' #GNUNUX SMTP_HOST={{ general.smtp.smtp_relay_address }} SMTP_FROM={{ general.vaultwarden.vaultwarden_admin_email }} SMTP_FROM_NAME={{ general.network.interface_0.domain_name_eth0 }} SMTP_PORT=25 SMTP_SSL=true #SMTP_EXPLICIT_TLS=true SMTP_TIMEOUT=15 SMTP_USERNAME={{ general.smtp.smtp_relay_user }}@{{ general.smtp.smtp_client_ip }} SMTP_PASSWORD={{ general.smtp.smtp_relay_password }} #