Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

95 lines
3.1 KiB

---
# Version to deploy
psono_server_version: 1.13.5
psono_server_archive_url: https://gitlab.com/psono/psono-server/-/archive/v{{ psono_server_version }}/psono-server-v{{ psono_server_version }}.tar.gz
psono_server_archive_sha1: 49ebacb389e01b7a6007b6c94468d60714cae658
psono_client_version: 1.15.6
psono_client_archive_url: https://psono.jfrog.io/psono/psono/client/v{{ psono_client_version }}/webclient.zip
psono_client_archive_sha1: 8ab1a2270afb6a3542bdb618b4c11dc21f869a40
psono_admin_version: 1.1.0
psono_admin_archive_url: https://psono.jfrog.io/psono/psono/admin-client/v1.1.0/webclient.zip
psono_admin_archive_sha1: 43b5621c43da2604eb1ec827ab8f9b7d8729aef0
# Should ansible manage upgrades or only initial install
psono_manage_upgrade: True
# Directory where psono will be installed
psono_root_dir: /opt/psono
# Psono database settings
psono_db_server: "{{ pg_server | default('localhost') }}"
psono_db_port: 5432
psono_db_name: psono
psono_db_user: psono
# Will be generated if not defined
#psono_db_pass: S3crEt.
# Unix account under which psono will run
psono_user: psono
# TCP port on which psono server will bind
psono_server_port: 5130
# List of IP / cidr for which the port will be opened
psono_server_src_ip: []
# LIst of IP / cidr for which access through nginx will be allowed
psono_web_src_ip: []
# psono_secret_key:
# psono_activtion_link_secret:
# psono_db_secret:
# psono_email_secret_salt:
# psono_private_key:
# psono_public_key:
psono_allowed_hosts:
- '*'
psono_allowed_domains:
- "{{ ansible_domain }}"
- "{{ psono_public_url | urlsplit('hostname') }}"
psono_allow_lost_password: False
# Should user registration be allowed
psono_allow_registration: True
# Optional list of email domains which will be accepted for registration
# psono_registration_email_filter: []
# Public URL on which you can access psono
# will most likely need to be adapted (point on your rev proxy)
psono_public_url: http://{{ inventory_hostname }}:{{ psono_server_port }}
# Certificate for nginx proxy
# You can either specify a path for cert and key
# psono_cert_path: /path/to/cert.pem
# psono_key_path: /path/to/key.pem
#
# Or you can set this to the name of a certificate obtained with dehydrated
# psono_letsencrypt_cert: psono.domain.tld
#
# Or you can just set it to True so Let's Encrypt cert will be created based on the hostname in the public_url
# psono_letsencrypt_cert: True
psono_letsencrypt_cert: False
# From email used
psono_from_email: psono-noreply@{{ ansible_domain }}
# Psono can use redis to cache stuff
psono_redis_server: redis://localhost:6379/3
# config.json for both client and admin
psono_client_base_config:
backend_servers:
- title: Psono Password Manager
url: "{{ psono_public_url | default('') }}"
base_url: "{{ psono_public_url | default('') }}"
allow_custom_server: False
allow_registration: "{{ psono_allow_registration }}"
allow_lost_password: "{{ psono_allow_lost_password }}"
authentication_methods:
- AUTHKEY
psono_client_extra_conf: {}
psono_client_conf: "{{ psono_client_base_config | combine(psono_client_extra_conf, recursive=True) }}"