Tellsanguis
fd01ea59ee
- Playbooks Ansible avec rôles (common, cockpit, docker, services) - 30+ stacks Docker Compose avec reverse proxy Traefik - Ansible Vault pour gestion secrets - Intégration CrowdSec pour détection intrusions - Versions images Docker fixées pour reproductibilité
36 lines
1.4 KiB
YAML
36 lines
1.4 KiB
YAML
services:
|
|
vaultwarden:
|
|
image: vaultwarden/server:1.32.7
|
|
container_name: vaultwarden
|
|
restart: unless-stopped
|
|
environment:
|
|
- TZ=Europe/Paris
|
|
- ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN}
|
|
- SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}
|
|
- SMTP_FROM=${SMTP_FROM}
|
|
- SMTP_HOST=${SMTP_HOST}
|
|
- SMTP_PORT=${SMTP_PORT}
|
|
- SMTP_SECURITY=${SMTP_SECURITY}
|
|
- SMTP_USERNAME=${SMTP_USERNAME}
|
|
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
|
- EXPERIMENTAL_CLIENT_FEATURE_FLAGS=ssh-key-vault-item,ssh-agent
|
|
volumes:
|
|
- ./vw-data:/data
|
|
networks:
|
|
- traefik_network
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.vaultwarden-local.rule=Host(`vaultwarden.local.tellserv.fr`)"
|
|
- "traefik.http.routers.vaultwarden-local.entryPoints=local"
|
|
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-local.tls.certresolver=cloudflare-local"
|
|
- "traefik.http.routers.vaultwarden-local.tls=true"
|
|
- "traefik.http.routers.vaultwarden-prod.rule=Host(`vaultwarden.tellserv.fr`)"
|
|
- "traefik.http.routers.vaultwarden-prod.entryPoints=websecure"
|
|
- "traefik.http.routers.vaultwarden-prod.tls=true"
|
|
- "traefik.http.routers.vaultwarden-prod.tls.certResolver=cloudflare"
|
|
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
|
|
networks:
|
|
traefik_network:
|
|
external: true
|