tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity
2cac213380
infrastructure/ansible/plays/services/vaultwarden/docker-compose.yaml
Tobias Manske 847ccd7ac8
Admin via Proxy
2024-03-02 23:27:16 +01:00

63 lines
2.1 KiB
YAML
Raw Blame History

{% import 'macro/postgres.j2' as pg with context %}
---
version: '3'
services:
vault:
# Make sure to use the latest release from https://hedgedoc.org/latest-release
image: vaultwarden/server:latest
user: 65100:65100
environment:
DATABASE_URL: "postgresql://{{ vault.db.user }}:{{ vault.db.password }}@db/{{ vault.db.name }}"
WEBSOCKET_ENABLED: "false"
DOMAIN: "https://vault.unruhig.eu"
SENDS_ALLOWED: "true"
PUSH_ENABLED: "true"
SIGNUPS_ALLOWED: "false"
ORG_EVENTS_ENABLED: "true"
ORG_CREATION_USERS: "{{ vault.admin.mail }}"
ADMIN_TOKEN: "{{ vault.admin.token }}"
PUSH_INSTALLATION_ID: "{{ vault.push.id }}"
PUSH_INSTALLATION_KEY: "{{ vault.push.key }}"
PUSH_RELAY_URI: https://push.bitwarden.eu
PUSH_IDENTITY_URI: https://identity.bitwarden.eu
SMTP_HOST: "{{ vault.smtp.host }}"
SMTP_FROM: "{{ vault.smtp.from }}"
SMTP_PORT: "{{ vault.smtp.port }}"
SMTP_SECURITY: "force_tls"
SMTP_USERNAME: "{{ vault.smtp.username }}"
SMTP_PASSWORD: "{{ vault.smtp.password }}"
ROCKET_PORT: "8080"
restart: always
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.vault.rule=Host(`vault.unruhig.eu`)"
- "traefik.http.routers.vault.entryPoints=websecure"
- "traefik.http.routers.vault.service=vault"
- "traefik.http.services.vault.loadbalancer.server.port=8080"
- "traefik.http.routers.vaultwarden-admin.service=vault"
- "traefik.http.routers.vaultwarden-admin.rule=Host(`vault.unruhig.eu`) && PathPrefix(`/admin`)"
- "traefik.http.routers.vaultwarden-admin.entryPoints=websecure"
- "traefik.http.routers.vaultwarden-admin.middlewares=vpn-ipwhitelist@file"
depends_on:
db:
condition: service_healthy
volumes:
- vault_data:/data
networks:
- backend
- default # traefik
{{ pg.postgres("db", vault.db.user, vault.db.password, vault.db.name, ["backend"]) }}
volumes:
db_data:
vault_data:
networks:
backend:
internal: true
postgres:
internal: true
...
Reference in New Issue View Git Blame Copy Permalink