variable "persistent_folder" { description = "Path for persistent data on the host" type = string } variable "fqdn" { description = "FQDN for the service" type = string } variable "tag" { description = "Image tag to deploy" type = string default = "latest" } variable "issuer" { description = "The cert-manager cluster issuer" type = string default = "letsencrypt-prod" } variable "tls_enabled" { description = "Enable TLS in ingress" type = bool default = true } variable "signup_enabled" { description = "Allow new user signups" type = bool default = false } variable "signup_verify" { description = "Require email verification on signup (defense-in-depth)" type = bool default = true } variable "disable_2fa_remember" { description = "Force 2FA on every login, no 'remember this browser'" type = bool default = true } variable "show_password_hint" { description = "Show password hints on web login (no SMTP configured)" type = bool default = false } variable "password_hints_allowed" { description = "Allow users to set password hints" type = bool default = false } variable "disable_icon_download" { description = "Disable external icon downloads to prevent network leaks" type = bool default = true } variable "icon_service" { description = "Icon service to use (internal, bitwarden, duckduckgo, google)" type = string default = "internal" } variable "http_request_block_non_global_ips" { description = "Block requests to private/reserved IP addresses" type = bool default = true } variable "extended_logging" { description = "Enable extended logging with timestamps for audit" type = bool default = true } variable "websocket_enabled" { description = "Enable WebSocket notifications for real-time sync" type = bool default = true } variable "sends_allowed" { description = "Allow users to create Bitwarden Sends" type = bool default = true } variable "trash_auto_delete_days" { description = "Days before auto-deleting trashed items (empty = never)" type = string default = "30" } variable "events_days_retain" { description = "Days to retain event logs (empty = indefinitely)" type = string default = "90" } variable "admin_session_lifetime" { description = "Admin session lifetime in minutes" type = number default = 20 } variable "admin_token" { description = "Admin token for VaultWarden" type = string sensitive = true } variable "db_folder" { description = "Path for the database folder (default: persistent_folder)" type = string default = "" } # --- SMTP / Email settings --- variable "smtp_host" { description = "SMTP host for sending emails" type = string default = "" } variable "smtp_port" { description = "SMTP port (default: 587 for starttls, 465 for force_tls, 25 for off)" type = number default = 587 } variable "smtp_security" { description = "SMTP security mode: starttls, force_tls, or off" type = string default = "starttls" } variable "smtp_from" { description = "Email address to send from" type = string default = "" } variable "smtp_from_name" { description = "Sender name for outgoing emails" type = string default = "Vaultwarden" } variable "smtp_username" { description = "SMTP username for authentication" type = string default = "" } variable "smtp_password" { description = "SMTP password for authentication" type = string sensitive = true default = "" } variable "smtp_timeout" { description = "SMTP connection timeout in seconds" type = number default = 15 } variable "smtp_auth_mechanism" { description = "SMTP authentication mechanisms (e.g., Plain, Login, Xoauth2, comma-separated)" type = string default = "" } variable "smtp_helo_name" { description = "Server name sent during SMTP HELO" type = string default = "" } variable "smtp_embed_images" { description = "Embed images as email attachments" type = bool default = true } variable "smtp_debug" { description = "Enable detailed SMTP debug output (warning: may contain sensitive data)" type = bool default = false } variable "smtp_accept_invalid_certs" { description = "Accept invalid SMTP server certificates (dangerous, not recommended)" type = bool default = false } variable "smtp_accept_invalid_hostnames" { description = "Accept invalid SMTP server hostnames (dangerous, not recommended)" type = bool default = false }