systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 17 Activity Actions

Vaguely harden vaultwarden config
All checks were successful
/ terraform (push) Successful in 45s
Details
/ ansible (push) Successful in 2m8s
Details

Browse source
This commit is contained in:
Jake Howard 2023-08-16 22:03:22 +01:00
parent 1b24578fe6
commit 266601d6f5
Signed by: jake
GPG key ID: 57AFB45680EDD477
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ansible/roles/vaultwarden/files/docker-compose.yml
View file

@ -17,7 +17,7 @@ services:
- traefik.http.services.vaultwarden.loadbalancer.server.port=80 - traefik.http.services.vaultwarden.loadbalancer.server.port=80
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5 - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=1000 - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=200
- traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit - traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit
environment: environment:
@ -26,7 +26,9 @@ services:
- SHOW_PASSWORD_HINT=false - SHOW_PASSWORD_HINT=false
- DATABASE_URL=postgres://vaultwarden:{{ vaultwarden_database_password }}@db/vaultwarden - DATABASE_URL=postgres://vaultwarden:{{ vaultwarden_database_password }}@db/vaultwarden
- INVITATIONS_ALLOWED=false - INVITATIONS_ALLOWED=false
- ROCKET_WORKERS={{ ansible_processor_nproc // 2 }} - ROCKET_WORKERS=2
- EMERGENCY_ACCESS_ALLOWED=false
- AUTHENTICATOR_DISABLE_TIME_DRIFT=true
networks: networks:
- default - default
- traefik - traefik