role-vaultwarden/templates/vaultwarden.quadlet.j2

54 lines
1.5 KiB
Django/Jinja

[Unit]
Description=Vaultwarden
[Container]
ContainerName=vaultwarden-{{ vaultwarden_identifier }}
Image=docker.io/vaultwarden/server:{{ vaultwarden_version }}
Environment=TZ=Europe/Berlin
Environment=DOMAIN=https://{{ vaultwarden_url }}
Environment=ROCKET_PORT=8080
Environment=SIGNUPS_ALLOWED=false
Environment=ADMIN_TOKEN={{ vaultwarden_admin_token }}
Environment=WEBSOCKET_ENABLED=true
Environment=SMTP_HOST={{ vaultwarden_smtp_host }}
Environment=SMTP_PORT={{ vaultwarden_smtp_port }}
Environment=SMTP_FROM={{ vaultwarden_smtp_from }}
Environment=SMTP_SECURITY={{ vaultwarden_smtp_security }}
Environment=SMTP_USERNAME={{ vaultwarden_smtp_username }}
Environment=SMTP_PASSWORD={{ vaultwarden_smtp_password }}
Network=traefik.network
Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data
NoNewPrivileges=true
DropCapability=All
#UserNS=keep-id
# Required to access the Podman Socket
#SecurityLabelDisable=true
PodmanArgs=--userns=keep-id --security-opt label=disable
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls.certresolver=resolver"
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls=true"
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)"
Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.loadbalancer.server.port=8080"
[Service]
Restart=on-failure
# Restart Delay
RestartSec=30
# Allowed time for the service to start.
TimeoutStartSec=90
# Allowed time for the service to stop.
TimeoutStopSec=90
[Install]
WantedBy=default.target