1 files changed, 56 insertions, 0 deletions

diff --git a/playbooks/roles/passwd/templates/stacks/docker-compose.yml b/playbooks/roles/passwd/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..7f2c373
--- /dev/null
+++ b/playbooks/roles/passwd/templates/stacks/docker-compose.yml
@@ -0,0 +1,56 @@
+---
+
+services:
+  passwd:
+    image: vaultwarden/server:latest
+    volumes:
+      - {{ passwd_base }}/volumes/data:/data
+    environment:
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ now() }}
+      - DOMAIN=https://{{ passwd_domain }}
+      - SENDS_ALLOWED=true
+      - EMERGENCY_ACCESS_ALLOWED=true
+      - WEB_VAULT_ENABLED=true
+
+      - SIGNUPS_ALLOWED=false
+      - SIGNUPS_VERIFY=true
+      - SIGNUPS_VERIFY_RESEND_TIME=3600
+      - SIGNUPS_VERIFY_RESEND_LIMIT=5
+      - SIGNUPS_DOMAINS_WHITELIST={{ domain }}
+
+      - SMTP_HOST={{ mail_domain }}
+      - SMTP_FROM={{ info_mail }}
+      - SMTP_FROM_NAME=VaultWarden
+      - SMTP_SECURITY=force_tls
+      - SMTP_PORT=465
+      - SMTP_USERNAME={{ info_mail_user }}
+      - SMTP_PASSWORD={{ info_mail_password }}
+
+      - YUBICO_SECRET_KEY={{ yubico_secret_key }}
+      - YUBICO_CLIENT_ID={{ yubico_client_id }}
+    networks:
+      - proxy
+    healthcheck:
+      test: ["CMD", "/healthcheck.sh"]
+      start_period: 10s
+    deploy:
+      mode: replicated
+      update_config:
+        parallelism: 1
+        failure_action: rollback
+        order: start-first
+        monitor: 90s
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.swarm.network=proxy
+        - traefik.http.routers.passwd.tls=true
+        - traefik.http.routers.passwd.tls.certResolver=letsencrypt
+        - traefik.http.routers.passwd.rule=Host(`{{ passwd_domain }}`)
+        - traefik.http.routers.passwd.entrypoints=websecure
+        - traefik.http.services.passwd.loadbalancer.server.port=80
+
+networks:
+  proxy:
+    external: true