30 lines
1001 B
YAML
30 lines
1001 B
YAML
services:
|
|
vaultwarden:
|
|
extends:
|
|
file: ${TEMPLATES_PATH}
|
|
service: default
|
|
image: vaultwarden/server:1.35.4
|
|
container_name: vaultwarden
|
|
ports:
|
|
- 4018:80
|
|
networks:
|
|
- ip6net
|
|
environment:
|
|
DOMAIN: "https://vaultwarden.${PUBLIC_DOMAIN}"
|
|
SIGNUPS_ALLOWED: false
|
|
INVITATIONS_ALLOWED: false
|
|
SSO_ENABLED: false # for now sso does only help companies for role management and the master password is still necessary
|
|
SSO_ONLY: false
|
|
SSO_AUTHORITY: https://auth.${PUBLIC_DOMAIN}
|
|
SSO_SCOPES: profile email offline_access
|
|
SSO_CLIENT_ID: vaultwarden
|
|
SSO_CLIENT_SECRET: ${VAULTWARDEN_OIDC_CLIENT_SECRET}
|
|
volumes:
|
|
- ${EXTERNAL_STORAGE}/passwords:/data/
|
|
labels:
|
|
# Traefik
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${PUBLIC_DOMAIN}`)"
|
|
- "traefik.http.routers.vaultwarden.entrypoints=https"
|
|
- "traefik.http.routers.vaultwarden.tls=true"
|