Include full contents of all nested repositories

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

letsbe-ansible-runner/stacks/vaultwarden/.env.example

@@ -0,0 +1,12 @@
+# Vaultwarden Environment Configuration
+# Copy to .env and configure
+
+# Admin token for /admin panel access
+# Generate with: openssl rand -base64 48
+ADMIN_TOKEN=
+
+# SMTP password for sending invite emails
+SMTP_PASSWORD=
+
+# SSO Client Secret (when Keycloak is enabled)
+# SSO_CLIENT_SECRET=

letsbe-ansible-runner/stacks/vaultwarden/docker-compose.yaml

@@ -0,0 +1,73 @@
+services:
+  vaultwarden:
+    container_name: {{ customer }}-vaultwarden
+    image: vaultwarden/server:latest
+    restart: unless-stopped
+    environment:
+      # Domain configuration
+      DOMAIN: https://vault.{{ domain }}
+
+      # Admin panel - generate secure token: openssl rand -base64 48
+      ADMIN_TOKEN: ${ADMIN_TOKEN}
+
+      # Signup controls - enable for initial setup, disable after first user created
+      SIGNUPS_ALLOWED: "true"
+      INVITATIONS_ALLOWED: "true"
+      SHOW_PASSWORD_HINT: "false"
+
+      # SSO/OpenID Connect (Keycloak integration) - disabled for initial testing
+      # Enable after Keycloak is configured with vaultwarden client
+      SSO_ENABLED: "false"
+      # SSO_ONLY: "false"
+      # SSO_AUTHORITY: https://auth.{{ domain }}/realms/{{ customer }}
+      # SSO_CLIENT_ID: vaultwarden
+      # SSO_CLIENT_SECRET: ${SSO_CLIENT_SECRET}
+      # SSO_PKCE: "true"
+
+      # SMTP configuration
+      SMTP_HOST: mail.{{ domain }}
+      SMTP_FROM: noreply@{{ domain }}
+      SMTP_USERNAME: noreply@{{ domain }}
+      SMTP_PASSWORD: ${SMTP_PASSWORD}
+      SMTP_FROM_NAME: {{ customer | title }} Vault
+      SMTP_PORT: 587
+      SMTP_SECURITY: starttls
+      SMTP_AUTH_MECHANISM: Login
+
+      # Database (SQLite by default, in volume)
+      DATABASE_URL: /data/db.sqlite3
+
+      # Logging
+      LOG_LEVEL: info
+      EXTENDED_LOGGING: "true"
+
+      # Security
+      DISABLE_ADMIN_TOKEN: "false"
+      PASSWORD_ITERATIONS: 600000
+
+      # WebSocket for live sync
+      WEBSOCKET_ENABLED: "true"
+
+    volumes:
+      - {{ customer }}-vaultwarden-data:/data
+    ports:
+      - "127.0.0.1:3071:80"
+      - "127.0.0.1:3072:3012"
+    networks:
+      {{ customer }}-vaultwarden:
+        ipv4_address: 172.20.34.2
+    labels:
+      - "diun.enable=true"
+
+networks:
+  {{ customer }}-vaultwarden:
+    name: {{ customer }}-vaultwarden
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.20.34.0/28
+          gateway: 172.20.34.1
+
+volumes:
+  {{ customer }}-vaultwarden-data: