ec740f458f
- Introduced SMTP settings for Vaultwarden including host, port, security, and authentication details. - Added variables for signup verification, 2FA settings, password hints, and logging options. - Updated Vaultwarden deployment to utilize new SMTP configurations. - Enhanced Grafana module to support dynamic dashboard and datasource provisioning. - Added LLM proxy configuration for Open Web UI with necessary environment variables.
211 lines
4.7 KiB
Terraform
211 lines
4.7 KiB
Terraform
variable "persistent_folder" {
|
|
description = "Path for persistent data on the host"
|
|
type = string
|
|
}
|
|
|
|
variable "fqdn" {
|
|
description = "FQDN for the service"
|
|
type = string
|
|
}
|
|
|
|
variable "tag" {
|
|
description = "Image tag to deploy"
|
|
type = string
|
|
default = "latest"
|
|
}
|
|
|
|
variable "issuer" {
|
|
description = "The cert-manager cluster issuer"
|
|
type = string
|
|
default = "letsencrypt-prod"
|
|
}
|
|
|
|
variable "tls_enabled" {
|
|
description = "Enable TLS in ingress"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "signup_enabled" {
|
|
description = "Allow new user signups"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "signup_verify" {
|
|
description = "Require email verification on signup (defense-in-depth)"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "disable_2fa_remember" {
|
|
description = "Force 2FA on every login, no 'remember this browser'"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "show_password_hint" {
|
|
description = "Show password hints on web login (no SMTP configured)"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "password_hints_allowed" {
|
|
description = "Allow users to set password hints"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "disable_icon_download" {
|
|
description = "Disable external icon downloads to prevent network leaks"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "icon_service" {
|
|
description = "Icon service to use (internal, bitwarden, duckduckgo, google)"
|
|
type = string
|
|
default = "internal"
|
|
}
|
|
|
|
variable "http_request_block_non_global_ips" {
|
|
description = "Block requests to private/reserved IP addresses"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "extended_logging" {
|
|
description = "Enable extended logging with timestamps for audit"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "websocket_enabled" {
|
|
description = "Enable WebSocket notifications for real-time sync"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "sends_allowed" {
|
|
description = "Allow users to create Bitwarden Sends"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "trash_auto_delete_days" {
|
|
description = "Days before auto-deleting trashed items (empty = never)"
|
|
type = string
|
|
default = "30"
|
|
}
|
|
|
|
variable "events_days_retain" {
|
|
description = "Days to retain event logs (empty = indefinitely)"
|
|
type = string
|
|
default = "90"
|
|
}
|
|
|
|
variable "admin_session_lifetime" {
|
|
description = "Admin session lifetime in minutes"
|
|
type = number
|
|
default = 20
|
|
}
|
|
|
|
variable "admin_token" {
|
|
description = "Admin token for VaultWarden"
|
|
type = string
|
|
sensitive = true
|
|
}
|
|
|
|
variable "db_folder" {
|
|
description = "Path for the database folder (default: persistent_folder)"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
# --- SMTP / Email settings ---
|
|
|
|
variable "smtp_host" {
|
|
description = "SMTP host for sending emails"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "smtp_port" {
|
|
description = "SMTP port (default: 587 for starttls, 465 for force_tls, 25 for off)"
|
|
type = number
|
|
default = 587
|
|
}
|
|
|
|
variable "smtp_security" {
|
|
description = "SMTP security mode: starttls, force_tls, or off"
|
|
type = string
|
|
default = "starttls"
|
|
}
|
|
|
|
variable "smtp_from" {
|
|
description = "Email address to send from"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "smtp_from_name" {
|
|
description = "Sender name for outgoing emails"
|
|
type = string
|
|
default = "Vaultwarden"
|
|
}
|
|
|
|
variable "smtp_username" {
|
|
description = "SMTP username for authentication"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "smtp_password" {
|
|
description = "SMTP password for authentication"
|
|
type = string
|
|
sensitive = true
|
|
default = ""
|
|
}
|
|
|
|
variable "smtp_timeout" {
|
|
description = "SMTP connection timeout in seconds"
|
|
type = number
|
|
default = 15
|
|
}
|
|
|
|
variable "smtp_auth_mechanism" {
|
|
description = "SMTP authentication mechanisms (e.g., Plain, Login, Xoauth2, comma-separated)"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "smtp_helo_name" {
|
|
description = "Server name sent during SMTP HELO"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "smtp_embed_images" {
|
|
description = "Embed images as email attachments"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "smtp_debug" {
|
|
description = "Enable detailed SMTP debug output (warning: may contain sensitive data)"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "smtp_accept_invalid_certs" {
|
|
description = "Accept invalid SMTP server certificates (dangerous, not recommended)"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "smtp_accept_invalid_hostnames" {
|
|
description = "Accept invalid SMTP server hostnames (dangerous, not recommended)"
|
|
type = bool
|
|
default = false
|
|
}
|