47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
services:
|
|
vaultwarden:
|
|
image: vaultwarden/server:1.36.0@sha256:d626d04934cd1192ad8ced1adb975099fca78cec33ab467d2d3c923cde7f3b0c
|
|
container_name: vaultwarden
|
|
restart: unless-stopped
|
|
|
|
environment:
|
|
TZ: Europe/Berlin
|
|
DOMAIN: https://vault.kaleschke.info
|
|
WEBSOCKET_ENABLED: "true"
|
|
SIGNUPS_ALLOWED: "false"
|
|
INVITATIONS_ALLOWED: "false"
|
|
ADMIN_TOKEN_FILE: /run/secrets/admin_token
|
|
ROCKET_PORT: 80
|
|
ROCKET_ADDRESS: 0.0.0.0
|
|
|
|
volumes:
|
|
- /mnt/user/appdata/vaultwarden:/data
|
|
- /mnt/user/appdata/secrets/vaultwarden_admin_token.txt:/run/secrets/admin_token:ro
|
|
|
|
networks:
|
|
- frontend_net
|
|
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
healthcheck:
|
|
# vaultwarden image ships curl, not wget
|
|
test: ["CMD-SHELL", "curl -fsS http://localhost:80/alive || exit 1"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 30s
|
|
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=frontend_net
|
|
- traefik.http.routers.vaultwarden.rule=Host(`vault.kaleschke.info`)
|
|
- traefik.http.routers.vaultwarden.entrypoints=websecure
|
|
- traefik.http.routers.vaultwarden.tls=true
|
|
- traefik.http.routers.vaultwarden.tls.certresolver=le
|
|
- traefik.http.services.vaultwarden.loadbalancer.server.port=80
|
|
|
|
networks:
|
|
frontend_net:
|
|
external: true
|