### https://github.com/dani-garcia/vaultwarden
  vaultwarden:
    image: vaultwarden/server:alpine
    container_name: vaultwarden
    restart: unless-stopped
    depends_on:
      - vaultwarden-db
    environment:
      - "DATABASE_URL=postgresql://${VAULTWARDEN_DATABASE_USER:?not set}:${VAULTWARDEN_DATABASE_PASS:?not set}@vaultwarden-db:5432/${VAULTWARDEN_DATABASE_NAME:?not set}"
      - "DOMAIN=https://vault.seedno.de"
      - "WEBSOCKET_ENABLED=false"
      - "SIGNUPS_ALLOWED=false"
      - "INVITATIONS_ALLOWED=false"
      - "SHOW_PASSWORD_HINT=false"
      - "TRASH_AUTO_DELETE_DAYS=30"
      - "LOG_FILE=/data/vaultwarden.log"
      - "ROCKET_PORT=80"
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.vaultwarden.headers.contentSecurityPolicy=default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; img-src 'self' data:"
      - "traefik.http.routers.vaultwarden.rule=Host(`vault.seedno.de`)"
      - "traefik.http.routers.vaultwarden.entrypoints=https"
      - "traefik.http.routers.vaultwarden.service=vaultwarden"
      - "traefik.http.routers.vaultwarden.tls=true"
      - "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
      - "traefik.http.routers.vaultwarden.middlewares=compress,errors,secure,vaultwarden"
      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
    networks:
      - vaultwarden
      - vaultwarden-db
    volumes:
      - type: bind
        source: /docker/vaultwarden/data
        target: /data

  vaultwarden-db:
    image: postgres:13-alpine
    container_name: vaultwarden-db
    restart: unless-stopped
    environment:
      - "POSTGRES_DB=${VAULTWARDEN_DATABASE_NAME:?not set}"
      - "POSTGRES_USER=${VAULTWARDEN_DATABASE_USER:?not set}"
      - "POSTGRES_PASSWORD=${VAULTWARDEN_DATABASE_PASS:?not set}"
    networks:
      - vaultwarden-db
    volumes:
      - type: bind
        source: /docker/vaultwarden/database
        target: /var/lib/postgresql/data