35 lines
1.2 KiB
YAML
35 lines
1.2 KiB
YAML
services:
|
|
vaultwarden:
|
|
extends:
|
|
file: ${TEMPLATES_PATH}
|
|
service: default
|
|
image: vaultwarden/server
|
|
container_name: vaultwarden
|
|
ports:
|
|
- 4018:80
|
|
networks:
|
|
- ip6net
|
|
environment:
|
|
DOMAIN: "https://vaultwarden.${PUBLIC_DOMAIN}"
|
|
SIGNUPS_ALLOWED: false
|
|
INVITATIONS_ALLOWED: false
|
|
SSO_ENABLED: false # for now sso does only help companies for role management and the master password is still necessary
|
|
SSO_ONLY: false
|
|
SSO_AUTHORITY: https://auth.${PUBLIC_DOMAIN}
|
|
SSO_SCOPES: profile email offline_access
|
|
SSO_CLIENT_ID: vaultwarden
|
|
SSO_CLIENT_SECRET: ${VAULTWARDEN_OIDC_CLIENT_SECRET}
|
|
volumes:
|
|
- ${EXTERNAL_STORAGE}/passwords:/data/
|
|
labels:
|
|
# Watchtower
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
# Traefik
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${PUBLIC_DOMAIN}`)"
|
|
- "traefik.http.routers.vaultwarden.entrypoints=https"
|
|
- "traefik.http.routers.vaultwarden.tls=true"
|
|
- "traefik.http.routers.vaultwarden.tls.certresolver=myresolver"
|
|
# Middlewares
|
|
- "traefik.http.routers.vaultwarden.middlewares=crowdsec-bouncer@file"
|