compose-personal-stack/vaultwarden/docker-compose.yml

x-logging:
  &default-logging
  driver: syslog
  options:
    # This requires two files in /etc/rsyslog.d
    # https://www.loggly.com/use-cases/docker-syslog-logging-and-troubleshooting/
    tag: "container_name/{{.Name}}"
    labels: "${hostname}"
    syslog-facility: # cron, local7, etc.

# Can be removed if not needed
x-opt-values:
  &volume-opt
  driver_opts: &options
    type: "nfs"
    o: "addr=${IP},rw"

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
      ADMIN_TOKEN: ${TOKEN} # Set token if you want the admin page available
      ROCKET_PORT: ${EXPOSED_PORT}
      VIRTUAL_PORT: ${EXPOSED_PORT} # Used by nginx-proxy
      VIRTUAL_HOST: ${NDOMAIN} # Used by nginx-proxy
      LETSENCRYPT_HOST: ${NDOMAIN}
      DOMAIN: ${VDOMAIN} # Used by vaultwarden to set certain links
      WEBSOCKET_ENABLED: "true"
      SIGNUPS_ALLOWED: "false" # Change to true if it's the first time running
      # Optional environment, but useful if you want some functions
      SMTP_HOST: "${protonmail-container-name}"
      SMTP_FROM: ${SFROM}
      SMTP_FROM_NAME: ${SFROMNAME}
      SMTP_PORT: "25" # Default SMTP port for Protonmail Bridge
      SMTP_USERNAME: ${SUSER}
      SMTP_PASSWORD: ${SPASS}
      SMTP_ACCEPT_INVALID_CERTS: "true" # Necessary when using Protonmail Bridge
    volumes:
      - vw-data:/data
    networks:
      - reverse-proxy
      - vaultwarden
      - protonmail

	vaultwarden-backup:
  	image: bruceforce/vaultwarden-backup
  	container_name: vaultwarden-backup
  	restart: always
  	environment:
    	TIMESTAMP: "true"
    	UID: ${UID}
    	GID: ${GID}
    	BACKUP_DIR: ${BACKUP_DIR}
    	DELETE_AFTER: "30"
    	CRON_TIME: "0 2 * * *"
    volumes:
      - vw-data:/data
      - backup:/backup

volumes:
  vw-data:
  # This stores the backup on a (possibly) remote server
  backup:
    <<: *volume-opt
    driver_opts:
      <<: *options
      device: ":/mnt/path/vaultwarden/backup"

networks:
  reverse-proxy:
    name: rp_reverse-proxy
    external: true
  vaultwarden:
  protonmail:
    name: pmb_protonmail
    external: true