services:

  vaultwarden:
    image: vaultwarden/server:latest-alpine
    container_name: vaultwarden
    hostname: vaultwarden
    restart: unless-stopped
    dns:
      - 1.1.1.1
    environment:
      #- ADMIN_TOKEN=$$argon2id$$v=19$$m=19456,t=2,p=1$$UUZxK1FZMkZoRHFQRlVrTXZvS0E3bHpNQW55c2dBN2NORzdsa0Nxd1JhND0$$cUoId+JBUsJutlG4rfDZayExfjq4TCt48aBc9qsc3UI # see https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
      #- SIGNUPS_ALLOWED=false
      #- SIGNUPS_VERIFY=true
      #- INVITATIONS_ALLOWED=true # only admins and orga owners
      #- globalSettings__mail__replyToEmail=bitwarden@example.com
      #- globalSettings__mail__smtp__host=smtp.gmail.com
      #- globalSettings__mail__smtp__username=bitwarden@example.com
      #- globalSettings__mail__smtp__password=MyStrongSmtpLoginPassword
      #- globalSettings__mail__smtp__ssl=true
      #- globalSettings__mail__smtp__port=587
      - LOG_FILE=/data/logs/access.log
      - WEBSOCKET_ENABLED=true
      - ROCKET_ENV=prod
      - ROCKET_WORKERS=10
      - TZ=Europe/Berlin
      - LOG_LEVEL=error
      - EXTENDED_LOGGING=true
    ports:
      - 8888:80
    expose:
      - 80
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/logs:/data/logs      
    #networks:
    #  - proxy
    #labels:
    #  - com.centurylinklabs.watchtower.monitor-only=true
    #  - traefik.enable=true
    #  - traefik.docker.network=proxy
    #  - traefik.http.routers.vaultwarden.rule=Host(`bitwarden.example.com`)
    #  - traefik.http.routers.vaultwarden.service=vaultwarden
    #  - traefik.http.services.vaultwarden.loadbalancer.server.port=80
    ## Block access to the /admin dashboard from public ip ranges
    #  - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/admin`)
    #  - traefik.http.routers.vaultwarden-admin.service=vaultwarden
    #  - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80
    #  - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file
    ## Block access to the /api/version endpoint from public ip ranges
    #  - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/api/version`)
    #  - traefik.http.routers.vaultwarden-admin.service=vaultwarden
    #  - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80
    #  - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file

  # this service will backup your vaultwarden instance correctly
  # see https://github.com/Bruceforce/vaultwarden-backup for more information
  vaultwarden-backup:
    image: bruceforce/vaultwarden-backup:latest
    container_name: vaultwarden-backup
    hostname: vaultwarden-backup
    restart: always
    init: true
    depends_on:
      - vaultwarden
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data/
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/backup:/myBackup
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - TIMESTAMP=true
      - DELETE_AFTER=30
      - UID=0
      - GID=1000
      - TZ=Europe/Berlin
      - BACKUP_DIR=/myBackup
      - CRON_TIME=50 3 * * * # see https://crontab.guru/, define without quotes!
    #networks:
    #  - proxy      

#networks:
#  proxy:
#    external: true