{% import 'macro/postgres.j2' as pg with context %} --- version: '3' services: vault: # Make sure to use the latest release from https://hedgedoc.org/latest-release image: vaultwarden/server:latest user: 65100:65100 environment: DATABASE_URL: "postgresql://{{ vault.db.user }}:{{ vault.db.password }}@db/{{ vault.db.name }}" WEBSOCKET_ENABLED: "false" DOMAIN: "https://vault.unruhig.eu" SENDS_ALLOWED: "true" PUSH_ENABLED: "true" SIGNUPS_ALLOWED: "false" ORG_EVENTS_ENABLED: "true" ORG_CREATION_USERS: "{{ vault.admin.mail }}" ADMIN_TOKEN: "{{ vault.admin.token }}" PUSH_INSTALLATION_ID: "{{ vault.push.id }}" PUSH_INSTALLATION_KEY: "{{ vault.push.key }}" PUSH_RELAY_URI: https://push.bitwarden.eu PUSH_IDENTITY_URI: https://identity.bitwarden.eu SMTP_HOST: "{{ vault.smtp.host }}" SMTP_FROM: "{{ vault.smtp.from }}" SMTP_PORT: "{{ vault.smtp.port }}" SMTP_SECURITY: "force_tls" SMTP_USERNAME: "{{ vault.smtp.username }}" SMTP_PASSWORD: "{{ vault.smtp.password }}" ROCKET_PORT: "8080" restart: always labels: - "traefik.enable=true" - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.vault.rule=Host(`vault.unruhig.eu`)" - "traefik.http.routers.vault.entryPoints=websecure" - "traefik.http.routers.vault.service=vault" - "traefik.http.services.vault.loadbalancer.server.port=8080" - "traefik.http.routers.vaultwarden-admin.service=vault" - "traefik.http.routers.vaultwarden-admin.rule=Host(`vault.unruhig.eu`) && PathPrefix(`/admin`)" - "traefik.http.routers.vaultwarden-admin.entryPoints=websecure" - "traefik.http.routers.vaultwarden-admin.middlewares=vpn-ipwhitelist@file" depends_on: db: condition: service_healthy volumes: - vault_data:/data networks: - backend - default # traefik {{ pg.postgres("db", vault.db.user, vault.db.password, vault.db.name, ["backend"]) }} volumes: db_data: vault_data: networks: backend: internal: true postgres: internal: true ...