services: vaultwarden-db: image: postgres:16-alpine container_name: vaultwarden-db restart: unless-stopped environment: POSTGRES_DB: vaultwarden POSTGRES_USER: vaultwarden POSTGRES_PASSWORD: "{{ vaultwarden_db_password }}" volumes: - {{ vaultwarden_data_dir }}/db:/var/lib/postgresql/data networks: - internal logging: driver: gelf options: gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}" tag: "vaultwarden-db" vaultwarden: image: vaultwarden/server:{{ vaultwarden_version }} container_name: vaultwarden restart: unless-stopped depends_on: - vaultwarden-db environment: DATABASE_URL: "postgresql://vaultwarden:{{ vaultwarden_db_password }}@vaultwarden-db/vaultwarden" ADMIN_TOKEN: "{{ vaultwarden_admin_token }}" DOMAIN: "https://{{ vaultwarden_domain }}" SMTP_HOST: "{{ smtp_host }}" SMTP_FROM: "{{ smtp_from }}" SMTP_PORT: "{{ smtp_port }}" SMTP_SECURITY: "{{ smtp_tls }}" SMTP_USERNAME: "{{ smtp_user }}" SMTP_PASSWORD: "{{ smtp_password }}" SIGNUPS_ALLOWED: "false" SSO_ENABLED: "true" SSO_ONLY: "false" SSO_AUTHORITY: "https://{{ authentik_domain }}/application/o/vaultwarden/" SSO_CLIENT_ID: "vaultwarden" SSO_CLIENT_SECRET: "changeme_vaultwarden_oidc_secret" LOG_LEVEL: warn volumes: - {{ vaultwarden_data_dir }}/data:/data labels: - "traefik.enable=true" - "traefik.http.routers.vaultwarden.rule=Host(`{{ vaultwarden_domain }}`)" - "traefik.http.routers.vaultwarden.tls=true" - "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt" - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" networks: - internal - {{ sovereign_network_name }} logging: driver: gelf options: gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}" tag: "vaultwarden" networks: internal: {{ sovereign_network_name }}: external: true