iac_stack/ansible/roles/deploy_container_vaultwarden/templates/docker-compose.yml.j2

---
services:
    vaultwarden:
        image: ghcr.io/dani-garcia/vaultwarden:${VAULTWARDEN_VERSION}
        container_name: vaultwarden
        restart: always
        volumes:
            - './data/vaultwarden/:/data/'
            - './data/attachments/:/attachments/'
        networks:
          - traefik
        labels:
          - "traefik.enable=true"
          - "traefik.http.routers.vaultwarden.entrypoints=http"
          - "traefik.http.routers.vaultwarden.rule=Host(`${VAULTWARDEN_DOMAIN}`)"
          - "traefik.http.middlewares.vaultwarden-https-redirect.redirectscheme.scheme=https"
          - "traefik.http.routers.vaultwarden.middlewares=traefik-https-redirect"
          - "traefik.http.routers.vaultwarden-secure.entrypoints=https"
          - "traefik.http.routers.vaultwarden-secure.rule=Host(`${VAULTWARDEN_DOMAIN}`)"
          - "traefik.http.routers.vaultwarden-secure.tls=true"
          - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
          - "traefik.docker.network=traefik"
        environment:
          DOMAIN: "https://${VAULTWARDEN_DOMAIN}"
          #SIGNUPS_ALLOWED: false
          #INVITATIONS_ALLOWED: false
          ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN}
          SMTP_HOST: ${VAULTWARDEN_SMTP_HOST}
          SMTP_FROM: ${VAULTWARDEN_SMTP_FROM}
          SMTP_PORT: ${VAULTWARDEN_SMTP_PORT}
          SMTP_SECURITY: ${VAULTWARDEN_SMTP_SECURITY}
          SMTP_USERNAME: ${VAULTWARDEN_SMTP_USERNAME}
          SMTP_PASSWORD: ${VAULTWARDEN_SMTP_PASSWORD}
          #LOG_FILE: /data/vaultwarden.log
          #LOG_LEVEL: warn
          EXTENDED_LOGGING: true
          SIGNUPS_VERIFY: false
          EXPERIMENTAL_CLIENT_FEATURE_FLAGS: fido2-vault-credentials,ssh-key-vault-item,ssh-agent

networks:
  traefik:
    external: true
add new container 2025-08-13 17:43:37 +02:00			`---`
			`services:`
			`vaultwarden:`
			`image: ghcr.io/dani-garcia/vaultwarden:${VAULTWARDEN_VERSION}`
			`container_name: vaultwarden`
			`restart: always`
			`volumes:`
			`- './data/vaultwarden/:/data/'`
			`- './data/attachments/:/attachments/'`
			`networks:`
			`- traefik`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.http.routers.vaultwarden.entrypoints=http"`
			- "traefik.http.routers.vaultwarden.rule=Host(`${VAULTWARDEN_DOMAIN}`)"
			`- "traefik.http.middlewares.vaultwarden-https-redirect.redirectscheme.scheme=https"`
			`- "traefik.http.routers.vaultwarden.middlewares=traefik-https-redirect"`
			`- "traefik.http.routers.vaultwarden-secure.entrypoints=https"`
			- "traefik.http.routers.vaultwarden-secure.rule=Host(`${VAULTWARDEN_DOMAIN}`)"
			`- "traefik.http.routers.vaultwarden-secure.tls=true"`
			`- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"`
			`- "traefik.docker.network=traefik"`
			`environment:`
			`DOMAIN: "https://${VAULTWARDEN_DOMAIN}"`
			`#SIGNUPS_ALLOWED: false`
			`#INVITATIONS_ALLOWED: false`
			`ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN}`
			`SMTP_HOST: ${VAULTWARDEN_SMTP_HOST}`
			`SMTP_FROM: ${VAULTWARDEN_SMTP_FROM}`
			`SMTP_PORT: ${VAULTWARDEN_SMTP_PORT}`
			`SMTP_SECURITY: ${VAULTWARDEN_SMTP_SECURITY}`
			`SMTP_USERNAME: ${VAULTWARDEN_SMTP_USERNAME}`
			`SMTP_PASSWORD: ${VAULTWARDEN_SMTP_PASSWORD}`
			`#LOG_FILE: /data/vaultwarden.log`
			`#LOG_LEVEL: warn`
			`EXTENDED_LOGGING: true`
			`SIGNUPS_VERIFY: false`
			`EXPERIMENTAL_CLIENT_FEATURE_FLAGS: fido2-vault-credentials,ssh-key-vault-item,ssh-agent`

			`networks:`
			`traefik:`
			`external: true`