services:
  # Vaultwarden Password Manager
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    # profiles: ["core", "all"]
    networks:
      - proxy
    environment:
        # This is required to allow vaultwarden to verify the TLS certificate!
      - DOMAIN=https://${DOMAIN}
      - DATABASE_URL=${DATABASE_URL}
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      - ICON_SERVICE=${ICON_SERVICE}
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_SECURITY=${SMTP_SECURITY}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_FROM=vaultwarden@mail.gurulandia.eu
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
    volumes:
      - /gurulandia/data/vaultwarden/data:/data
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.vaultwarden-rtr.entrypoints=https"
      - "traefik.http.routers.vaultwarden-rtr.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.vaultwarden-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.vaultwarden-rtr.service=vaultwarden-svc"
      - "traefik.http.services.vaultwarden-svc.loadbalancer.server.port=80"
networks:
  proxy:
    name: proxy
    external: true