forked from dadatuputi/bitwarden_gcloud
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env.template
139 lines (115 loc) · 5.26 KB
/
.env.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
### GLOBAL VARIABLES ###
# The fully-qualified domain name for Bitwarden - what address do you want Bitwarden accessible?
# Do not include the protocol (http/https), that is added when needed in docker-compose.yml
# Used for caddy proxy and ddns with Cloudflare
DOMAIN=
# Timezone - used by some containers for logs / cron
# Find your location on this list and use the value in TZ Database Name, e.g Europe/Rome:
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=
# SMTP settings for Bitwarden and fail2ban
# Uncomment and fill in details if you want to use e-mail invitations from bitwarden and e-mail alerts with fail2ban
# SMTP_SECURITY should be either starttls, force_tls, or off
# (see https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration)
#SMTP_HOST=
#SMTP_FROM=
#SMTP_PORT=
#SMTP_USERNAME=
#SMTP_PASSWORD=
#SMTP_SECURITY=
# fail2ban-specific SMTP settings
# Use TLS to talk to the SMTP server (YES or NO, default NO)
#SMTP_TLS=
# Specify whether ssmtp does a EHLO/STARTTLS before starting SSL negotiation (YES or NO, default NO)
# Should probably be YES if SMTP_SECURITY=starttls above
#SSMTP_STARTTLS=
### BITWARDEN VARIABLES ###
# Setting up Bitwarden for the first time can be done in two ways:
# Uncomment the method you want to use / comment the one you don't
# Method 1. [RECOMMENDED] because it avoids the admin page entirely; using the admin
# page overrides these environmental variables which can cause confusion.
# 1. Set up your primary account(s) while SIGNUPS_ALLOWED=true
# 2. Set SIGNUPS_ALLOWED=false
# 3. Set the SMTP details above to enable e-mail invitation
# 4. Invite other users from within Bitwarden
# Keep ADMIN_TOKEN blank to disable access to the admin page entirely.
SIGNUPS_ALLOWED=true
ADMIN_TOKEN=
# Method 2. Use the admin page to create your first user(s) then disable it.
# 1. Set ADMIN_TOKEN using the command `openssl rand -base64 48`
# 2. Use the admin page (/admin) to create your initial user(s).
# 3. Disable the admin page by clearing the token (ADMIN_TOKEN=)
#SIGNUPS_ALLOWED=false
#ADMIN_TOKEN=
# Note on ADMIN_TOKEN: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
## Enables push notifications (requires key and id from https://bitwarden.com/host)
# PUSH_ENABLED=true
# PUSH_INSTALLATION_ID=
# PUSH_INSTALLATION_KEY=
## Don't change this unless you know what you're doing.
# PUSH_RELAY_BASE_URI=https://push.bitwarden.com
# Specify YUBIKEY info if desired
#YUBICO_CLIENT_ID=
#YUBICO_SECRET_KEY=
#YUBICO_SERVER=
# Specfiy which user email addresses can create organizations
# Leave blank to allow all users
ORG_CREATION_USERS=
# Bitwarden Backup Options
#
#
# GENERAL OPTIONS:
#
# How often to run the backup script; default is daily at midnight
BACKUP_SCHEDULE=0 0 * * *
# How many days of backups to keep
BACKUP_DAYS=30
# Directory to place backups in (& sync from in rclone)
BACKUP_DIR=/data/backups
# Optional - encryption key for backup
# bitwarden data is encrypted at rest, but if your backup includes this env file <BACKUP_ENV=true>, your backup will include sensitive data
#BACKUP_ENCRYPTION_KEY="<key to encrypt backup>"
# Backup env file - set to true to include your .env (this file) in the backup\
# only use this when also encrypting the backup with BACKUP_ENCRYPTION_KEY
BACKUP_ENV=false
# Email address to send backup (BACKUP=email) or notifications (BACKUP_NOTIFY=true)
BACKUP_EMAIL_TO="<email to send the backup to>"
# Send email notification for rclone|local backup jobs
BACKUP_EMAIL_NOTIFY=true
#
#
# Backup type is any combination of local|email|rclone - e.g., email,rclone
# If you use rclone, follow the instructions below
#BACKUP=
#
# RCLONE BACKUP OPTIONS:
#
# rclone first time run instructions:
# 1. Uncomment lines below and `docker-compose up -d`
# 2. With the backup container running, configure rclone with the following command:
# `sudo docker exec -it backup ash -c 'rclone config --config $BACKUP_RCLONE_CONF'`
# 3. Follow the prompts and instructions at https://rclone.org/remote_setup/ - you
# will most likely need to download a rclone on another computer (it is portable)
# to authorize.
# 4. The script should run as normal with a working configuration file
BACKUP_RCLONE_CONF=/data/rclone/rclone.conf
BACKUP_RCLONE_DEST=/bw_backup
### PROXY / CADDY VARIABLES ###
# EMAIL address to use with Let's Encrypt certificate provisioning
EMAIL=
### DDNS VARIABLES ###
# These variables are only necessary if you are using DDNS / comment them out if you don't use ddns
# Enter user id (use `id -u` to determine your user id)
PUID=
# Enter group id (use `id -g` to determine your group id)
PGID=
### COUNTRY BLOCKING VARIABLES ###
# Put any countries you want to block here using their ISO 3166-1 alpha-2 code (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
# Defaullt is China (CN), Hong Kong (HK), and Australia (AU) because gcloud free tier charges egress to those countries
# Data is pulled from www.ipdeny.com
COUNTRIES=CN HK AU
# How often to update the ip block list - default is daily at midnight; see https://en.wikipedia.org/wiki/Cron#CRON_expression
COUNTRYBLOCK_SCHEDULE=0 0 * * *
### WATCHTOWER VARIABLES ###
# How often should watchtower check for updated container images? Default is every Sunday at 3am
WATCHTOWER_SCHEDULE=0 0 3 ? * 0