55 lines
2.0 KiB
Django/Jinja
55 lines
2.0 KiB
Django/Jinja
[Unit]
|
|
Description=Vaultwarden
|
|
|
|
[Container]
|
|
ContainerName=vaultwarden-{{ vaultwarden_identifier }}
|
|
Image=docker.io/vaultwarden/server:{{ vaultwarden_version }}
|
|
|
|
Environment=TZ=Europe/Berlin
|
|
Environment=DOMAIN=https://{{ vaultwarden_url }}
|
|
Environment=ROCKET_PORT=8080
|
|
Environment=SIGNUPS_ALLOWED=false
|
|
Environment=ADMIN_TOKEN={{ vaultwarden_admin_token }}
|
|
Environment=WEBSOCKET_ENABLED=true
|
|
|
|
Environment=SMTP_HOST={{ vaultwarden_smtp_host }}
|
|
Environment=SMTP_PORT={{ vaultwarden_smtp_port }}
|
|
Environment=SMTP_FROM={{ vaultwarden_smtp_from }}
|
|
Environment=SMTP_SECURITY={{ vaultwarden_smtp_security }}
|
|
Environment=SMTP_USERNAME={{ vaultwarden_smtp_username }}
|
|
Environment=SMTP_PASSWORD={{ vaultwarden_smtp_password }}
|
|
|
|
Network=traefik.network
|
|
|
|
Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data
|
|
|
|
NoNewPrivileges=true
|
|
DropCapability=All
|
|
|
|
#UserNS=keep-id
|
|
# Required to access the Podman Socket
|
|
#SecurityLabelDisable=true
|
|
PodmanArgs=--userns=keep-id --security-opt label=disable
|
|
|
|
Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.tls.certresolver=resolver"
|
|
Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.tls=true"
|
|
Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)"
|
|
Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.service=vaultwarden{{ vaultwarden_identifier }}"
|
|
Label="traefik.http.services.vaultwarden{{ vaultwarden_identifier }}.loadbalancer.server.port=8080"
|
|
Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}websocket.rule=Host(`{{ vaultwarden_url }}`) && Path(`/notifications/hub`)""
|
|
Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}websocket.service=vaultwarden{{ vaultwarden_identifier }}websocket"
|
|
Label="traefik.http.services.vaultwarden{{ vaultwarden_identifier }}websocket.loadbalancer.server.port=3012"
|
|
|
|
[Service]
|
|
Restart=on-failure
|
|
# Restart Delay
|
|
RestartSec=30
|
|
# Allowed time for the service to start.
|
|
TimeoutStartSec=90
|
|
# Allowed time for the service to stop.
|
|
TimeoutStopSec=90
|
|
|
|
|
|
[Install]
|
|
WantedBy=default.target
|