version: "3"

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    hostname: vaultwarden
    restart: unless-stopped
    dns:
      - 1.1.1.1
    environment:
      #- ADMIN_TOKEN=MySecureAdminTokenPasswordForAdminArea
      #- SIGNUPS_ALLOWED=false
      #- SIGNUPS_VERIFY=true
      #- INVITATIONS_ALLOWED=true # only admins and orga owners
      #- globalSettings__mail__replyToEmail=bitwarden@example.com
      #- globalSettings__mail__smtp__host=smtp.gmail.com
      #- globalSettings__mail__smtp__username=bitwarden@example.com
      #- globalSettings__mail__smtp__password=MyStrongSmtpLoginPassword
      #- globalSettings__mail__smtp__ssl=true
      #- globalSettings__mail__smtp__port=587
      - LOG_FILE=/data/logs/access.log
      - WEBSOCKET_ENABLED=true
      - ROCKET_ENV=prod
      - ROCKET_WORKERS=10
      - TZ=Europe/Berlin
      - LOG_LEVEL=error
      - EXTENDED_LOGGING=true
    ports:
      - 8888:80
    #networks:
    #  - proxy
    #labels:
    #  - com.centurylinklabs.watchtower.monitor-only=true
    #  - traefik.enable=true
    #  - traefik.docker.network=proxy
    #  - traefik.http.routers.vaultwarden.rule=Host(`bitwarden.example.com`)
    #  - traefik.http.routers.vaultwarden.service=vaultwarden
    #  - traefik.http.services.vaultwarden.loadbalancer.server.port=80
    #  - traefik.http.routers.vaultwarden-ws.rule=Host(`bitwarden.example.com`) && Path(`/notifications/hub`)
    #  - traefik.http.routers.vaultwarden-ws.service=vaultwarden-ws
    #  - traefik.http.services.vaultwarden-ws.loadbalancer.server.port=3012
    #  - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/admin`)
    #  - traefik.http.routers.vaultwarden-admin.service=vaultwarden
    #  - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80
    #  - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file,authelia@file
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/logs:/data/logs

  # this service will backup your vaultwarden instance correctly
  # see https://github.com/Bruceforce/vaultwarden-backup for more information
  vaultwarden-backup:
    image: bruceforce/vaultwarden-backup:latest
    container_name: vaultwarden-backup
    hostname: vaultwarden-backup
    restart: always
    init: true
    depends_on:
      - vaultwarden
    #labels:
    #  com.centurylinklabs.watchtower.monitor-only: true
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data/
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/backup:/myBackup
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    #networks:
    #  - proxy
    environment:
      - TIMESTAMP=true
      - DELETE_AFTER=30
      - UID=0
      - GID=1000
      - TZ=Europe/Berlin
      - BACKUP_DIR=/myBackup
      - CRON_TIME=50 3 * * * # see https://crontab.guru/, define without quotes!

#networks:
#  proxy:
#    external: true