infrastructure/ansible/roles/vaultwarden/files/docker-compose.yml

version: "2.3"

services:
  vaultwarden:
    image: vaultwarden/server:1.29.0-alpine
    restart: unless-stopped
    user: "{{ docker_user.id }}:{{ docker_user.id }}"
    volumes:
      - "{{ app_data_dir }}/vaultwarden/:/data"
    depends_on:
      - db
    labels:
      - traefik.enable=true

      - traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.jakehoward.tech`)
      - traefik.http.routers.vaultwarden.service=vaultwarden
      - traefik.http.services.vaultwarden.loadbalancer.server.port=80

      - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5
      - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=1000

      - traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit
    environment:
      - SIGNUPS_ALLOWED=false
      - DOMAIN=https://vaultwarden.jakehoward.tech
      - SHOW_PASSWORD_HINT=false
      - DATABASE_URL=postgres://vaultwarden:{{ vaultwarden_database_password }}@db/vaultwarden
      - INVITATIONS_ALLOWED=false
      - ROCKET_WORKERS={{ ansible_processor_nproc // 2 }}
    networks:
      - default
      - traefik

  db:
    image: postgres:14-alpine
    restart: unless-stopped
    volumes:
      - /mnt/speed/dbs/postgres/vaultwarden/:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD={{ vaultwarden_database_password }}
      - POSTGRES_USER=vaultwarden

networks:
  traefik:
    external: true
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00			`version: "2.3"`

			`services:`
			`vaultwarden:`
Update Vaultwarden to 1.29.0 2023-07-10 13:41:56 +01:00			`image: vaultwarden/server:1.29.0-alpine`
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00			`restart: unless-stopped`
			`user: "{{ docker_user.id }}:{{ docker_user.id }}"`
			`volumes:`
			`- "{{ app_data_dir }}/vaultwarden/:/data"`
			`depends_on:`
			`- db`
			`labels:`
			`- traefik.enable=true`

Update Vaultwarden to 1.29.0 2023-07-10 13:41:56 +01:00			- traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.jakehoward.tech`)
			`- traefik.http.routers.vaultwarden.service=vaultwarden`
			`- traefik.http.services.vaultwarden.loadbalancer.server.port=80`
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00
			`- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5`
			`- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=1000`

Update Vaultwarden to 1.29.0 2023-07-10 13:41:56 +01:00			`- traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit`
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00			`environment:`
			`- SIGNUPS_ALLOWED=false`
Rename more bitwarden things Serving on both domains currently, i'll migrate clients and fix that 2021-05-18 22:18:05 +01:00			`- DOMAIN=https://vaultwarden.jakehoward.tech`
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00			`- SHOW_PASSWORD_HINT=false`
Rename more bitwarden things Serving on both domains currently, i'll migrate clients and fix that 2021-05-18 22:18:05 +01:00			`- DATABASE_URL=postgres://vaultwarden:{{ vaultwarden_database_password }}@db/vaultwarden`
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00			`- INVITATIONS_ALLOWED=false`
Rename more bitwarden things Serving on both domains currently, i'll migrate clients and fix that 2021-05-18 22:18:05 +01:00			`- ROCKET_WORKERS={{ ansible_processor_nproc // 2 }}`
Run traefik as dockeruser, and without host networking This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure! 2022-01-15 23:44:06 +00:00			`networks:`
			`- default`
			`- traefik`
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00
			`db:`
Update vaultwarden DB to postgres 14 2021-12-22 15:33:40 +00:00			`image: postgres:14-alpine`
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00			`restart: unless-stopped`
			`volumes:`
Move remaining DBs to SSD 2023-06-15 21:18:50 +01:00			`- /mnt/speed/dbs/postgres/vaultwarden/:/var/lib/postgresql/data`
Update bitwarden_rs to vaultwarden I'll do the full rename of everything another time 2021-05-01 23:00:37 +01:00			`environment:`
Rename more bitwarden things Serving on both domains currently, i'll migrate clients and fix that 2021-05-18 22:18:05 +01:00			`- POSTGRES_PASSWORD={{ vaultwarden_database_password }}`
			`- POSTGRES_USER=vaultwarden`
Run traefik as dockeruser, and without host networking This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure! 2022-01-15 23:44:06 +00:00
			`networks:`
			`traefik:`
			`external: true`