[Unit] Description=Vaultwarden [Container] ContainerName=vaultwarden-{{ vaultwarden_identifier }} Image=docker.io/vaultwarden/server:{{ vaultwarden_version }} Environment=TZ=Europe/Berlin Environment=DOMAIN=https://{{ vaultwarden_url }} Environment=ROCKET_PORT=8080 Environment=SIGNUPS_ALLOWED=false Environment=ADMIN_TOKEN={{ vaultwarden_admin_token }} Environment=WEBSOCKET_ENABLED=true Environment=SMTP_HOST={{ vaultwarden_smtp_host }} Environment=SMTP_PORT={{ vaultwarden_smtp_port }} Environment=SMTP_FROM={{ vaultwarden_smtp_from }} Environment=SMTP_SECURITY={{ vaultwarden_smtp_security }} Environment=SMTP_USERNAME={{ vaultwarden_smtp_username }} Environment=SMTP_PASSWORD={{ vaultwarden_smtp_password }} Network=traefik.network Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data NoNewPrivileges=true DropCapability=All #UserNS=keep-id # Required to access the Podman Socket #SecurityLabelDisable=true PodmanArgs=--userns=keep-id --security-opt label=disable Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.tls.certresolver=resolver" Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.tls=true" Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)" Label="traefik.http.services.vaultwarden{{ vaultwarden_identifier }}.loadbalancer.server.port=8080" Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}websocket.rule=Host(`{{ vaultwarden_url }}`) && Path(`/notifications/hub`)"" Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}websocket.service=vaultwarden-{{ vaultwarden_identifier }}-websocket" Label="traefik.http.services.vaultwarden{{ vaultwarden_identifier }}websocket.loadbalancer.server.port=3012" [Service] Restart=on-failure # Restart Delay RestartSec=30 # Allowed time for the service to start. TimeoutStartSec=90 # Allowed time for the service to stop. TimeoutStopSec=90 [Install] WantedBy=default.target