61 lines
1.9 KiB
YAML
61 lines
1.9 KiB
YAML
{% import 'macro/postgres.j2' as pg with context %}
|
|
---
|
|
version: '3'
|
|
services:
|
|
vault:
|
|
# Make sure to use the latest release from https://hedgedoc.org/latest-release
|
|
image: vaultwarden/server:latest
|
|
user: 65100:65100
|
|
environment:
|
|
DATABASE_URL: "postgresql://{{ vault.db.user }}:{{ vault.db.password }}@db/{{ vault.db.name }}"
|
|
WEBSOCKET_ENABLED: "false"
|
|
DOMAIN: "https://vault.unruhig.eu"
|
|
SENDS_ALLOWED: "true"
|
|
PUSH_ENABLED: "true"
|
|
SIGNUPS_ALLOWED: "false"
|
|
ORG_EVENTS_ENABLED: "true"
|
|
ORG_CREATION_USERS: "{{ vault.admin.mail }}"
|
|
ADMIN_TOKEN: "{{ vault.admin.token }}"
|
|
PUSH_INSTALLATION_ID: "{{ vault.push.id }}"
|
|
PUSH_INSTALLATION_KEY: "{{ vault.push.key }}"
|
|
PUSH_RELAY_URI: https://push.bitwarden.eu
|
|
PUSH_IDENTITY_URI: https://identity.bitwarden.eu
|
|
SMTP_HOST: "{{ vault.smtp.host }}"
|
|
SMTP_FROM: "{{ vault.smtp.from }}"
|
|
SMTP_PORT: "{{ vault.smtp.port }}"
|
|
SMTP_SECURITY: "force_tls"
|
|
SMTP_USERNAME: "{{ vault.smtp.username }}"
|
|
SMTP_PASSWORD: "{{ vault.smtp.password }}"
|
|
ROCKET_PORT: "8080"
|
|
restart: always
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
|
|
- "traefik.http.routers.vault.rule=Host(`vault.unruhig.eu`)"
|
|
# - "traefik.http.routers.vault.middlewares=deny-metrics@file"
|
|
- "traefik.http.routers.vault.entryPoints=websecure"
|
|
- "traefik.http.services.vault.loadbalancer.server.port=8080"
|
|
# - "prometheus-scrape.enabled=true"
|
|
# - "prometheus-scrape.port=3000"
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
volumes:
|
|
- vault_data:/data
|
|
networks:
|
|
- backend
|
|
- default # traefik
|
|
|
|
{{ pg.postgres("db", vault.db.user, vault.db.password, vault.db.name, ["backend"]) }}
|
|
|
|
volumes:
|
|
db_data:
|
|
vault_data:
|
|
|
|
networks:
|
|
backend:
|
|
internal: true
|
|
postgres:
|
|
internal: true
|
|
...
|