services: vaultwarden: image: vaultwarden/server:1.32.3-alpine restart: unless-stopped user: "{{ docker_user.id }}:{{ docker_user.id }}" volumes: - "{{ app_data_dir }}/vaultwarden/:/data" depends_on: - db dns: - 9.9.9.9 - 149.112.112.112 labels: - traefik.enable=true - traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.jakehoward.tech`) - traefik.http.routers.vaultwarden.service=vaultwarden - traefik.http.services.vaultwarden.loadbalancer.server.port=80 - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5 - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=200 - traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit,tailscale-only@file environment: - SIGNUPS_ALLOWED=false - DOMAIN=https://vaultwarden.jakehoward.tech - SHOW_PASSWORD_HINT=false - DATABASE_URL=postgres://vaultwarden:{{ vaultwarden_database_password }}@db/vaultwarden - INVITATIONS_ALLOWED=false - ROCKET_WORKERS=2 - EMERGENCY_ACCESS_ALLOWED=false - AUTHENTICATOR_DISABLE_TIME_DRIFT=true networks: - default - traefik db: image: postgres:14-alpine restart: unless-stopped volumes: - /mnt/speed/dbs/postgres/vaultwarden/:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD={{ vaultwarden_database_password }} - POSTGRES_USER=vaultwarden networks: traefik: external: true