summaryrefslogtreecommitdiff
path: root/playbooks/roles/passwd/templates/stacks/docker-compose.yml
blob: 7f2c373f38f07459a9e5569fbe96b756428bd87e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

---

services:
  passwd:
    image: vaultwarden/server:latest
    volumes:
      - {{ passwd_base }}/volumes/data:/data
    environment:
      - TZ={{ timezone }}
      - DEPLOYMENT_TIME={{ now() }}
      - DOMAIN=https://{{ passwd_domain }}
      - SENDS_ALLOWED=true
      - EMERGENCY_ACCESS_ALLOWED=true
      - WEB_VAULT_ENABLED=true

      - SIGNUPS_ALLOWED=false
      - SIGNUPS_VERIFY=true
      - SIGNUPS_VERIFY_RESEND_TIME=3600
      - SIGNUPS_VERIFY_RESEND_LIMIT=5
      - SIGNUPS_DOMAINS_WHITELIST={{ domain }}

      - SMTP_HOST={{ mail_domain }}
      - SMTP_FROM={{ info_mail }}
      - SMTP_FROM_NAME=VaultWarden
      - SMTP_SECURITY=force_tls
      - SMTP_PORT=465
      - SMTP_USERNAME={{ info_mail_user }}
      - SMTP_PASSWORD={{ info_mail_password }}

      - YUBICO_SECRET_KEY={{ yubico_secret_key }}
      - YUBICO_CLIENT_ID={{ yubico_client_id }}
    networks:
      - proxy
    healthcheck:
      test: ["CMD", "/healthcheck.sh"]
      start_period: 10s
    deploy:
      mode: replicated
      update_config:
        parallelism: 1
        failure_action: rollback
        order: start-first
        monitor: 90s
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.swarm.network=proxy
        - traefik.http.routers.passwd.tls=true
        - traefik.http.routers.passwd.tls.certResolver=letsencrypt
        - traefik.http.routers.passwd.rule=Host(`{{ passwd_domain }}`)
        - traefik.http.routers.passwd.entrypoints=websecure
        - traefik.http.services.passwd.loadbalancer.server.port=80

networks:
  proxy:
    external: true
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-21 17:13:47 +0000