Initial commit

2025-10-22 19:59:09 +00:00
commit 67996ade86
34 changed files with 905 additions and 0 deletions
--- a/mgmt/vaultwarden/.env.example
+++ b/mgmt/vaultwarden/.env.example
@@ -0,0 +1,4 @@
+DOMAIN_NAME=
+SUBDOMAIN=
+DOMAIN=https://${SUBDOMAIN}.${DOMAIN_NAME}
+# SIGNUPS_ALLOWED=false # Uncomment to disable signups
--- a/mgmt/vaultwarden/compose.yml
+++ b/mgmt/vaultwarden/compose.yml
@@ -0,0 +1,35 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: always
+    env_file:
+      - .env
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.vw.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
+      - traefik.http.routers.vw.tls=true
+      - traefik.http.routers.vw.entrypoints=web,websecure
+      - traefik.http.routers.vw.tls.certresolver=cloudflare
+      - traefik.http.middlewares.vw.headers.SSLRedirect=true
+      - traefik.http.middlewares.vw.headers.STSSeconds=315360000
+      - traefik.http.middlewares.vw.headers.browserXSSFilter=true
+      - traefik.http.middlewares.vw.headers.contentTypeNosniff=true
+      - traefik.http.middlewares.vw.headers.forceSTSHeader=true
+      - traefik.http.middlewares.vw.headers.SSLHost=${DOMAIN_NAME}
+      - traefik.http.middlewares.vw.headers.STSIncludeSubdomains=true
+      - traefik.http.middlewares.vw.headers.STSPreload=true
+      - traefik.http.middlewares.vw.headers.frameDeny=true
+      - traefik.http.routers.vw.middlewares=vw@docker
+      - traefik.http.services.vw.loadbalancer.server.port=80
+    volumes:
+      - vw-data:/data/
+    networks:
+      - mgmt
+volumes:
+  vw-data:
+    name: vw-data
+networks:
+  mgmt:
+    external:
+      true