---
services:
    vaultwarden:
        image: ghcr.io/dani-garcia/vaultwarden:${VAULTWARDEN_VERSION}
        container_name: vaultwarden
        restart: always
        volumes:
            - './data/vaultwarden/:/data/'
            - './data/attachments/:/attachments/'
        networks:
          - traefik
        labels:
          - "traefik.enable=true"
          - "traefik.http.routers.vaultwarden.entrypoints=http"
          - "traefik.http.routers.vaultwarden.rule=Host(`${VAULTWARDEN_DOMAIN}`)"
          - "traefik.http.middlewares.vaultwarden-https-redirect.redirectscheme.scheme=https"
          - "traefik.http.routers.vaultwarden.middlewares=traefik-https-redirect"
          - "traefik.http.routers.vaultwarden-secure.entrypoints=https"
          - "traefik.http.routers.vaultwarden-secure.rule=Host(`${VAULTWARDEN_DOMAIN}`)"
          - "traefik.http.routers.vaultwarden-secure.tls=true"
          - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
          - "traefik.docker.network=traefik"
        environment:
          DOMAIN: "https://${VAULTWARDEN_DOMAIN}"
          #SIGNUPS_ALLOWED: false
          #INVITATIONS_ALLOWED: false
          ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN}
          SMTP_HOST: ${VAULTWARDEN_SMTP_HOST}
          SMTP_FROM: ${VAULTWARDEN_SMTP_FROM}
          SMTP_PORT: ${VAULTWARDEN_SMTP_PORT}
          SMTP_SECURITY: ${VAULTWARDEN_SMTP_SECURITY}
          SMTP_USERNAME: ${VAULTWARDEN_SMTP_USERNAME}
          SMTP_PASSWORD: ${VAULTWARDEN_SMTP_PASSWORD}
          #LOG_FILE: /data/vaultwarden.log
          #LOG_LEVEL: warn
          EXTENDED_LOGGING: true
          SIGNUPS_VERIFY: false
          EXPERIMENTAL_CLIENT_FEATURE_FLAGS: fido2-vault-credentials,ssh-key-vault-item,ssh-agent

networks:
  traefik:
    external: true