LibrePortal/containers/vaultwarden/docker-compose.yml
librelad d97a09b119 feat(backup): declare sqlite databases for live backup
Add libreportal.backup.db labels for the SQLite apps with confirmed db paths:
vaultwarden, linkding, trilium, headscale, authelia. These are dumped live via
sqlite3 .backup and rehydrated before start on restore.

gitea and focalboard are intentionally left out until their sqlite paths are
confirmed on a live install — a wrong path would just fall back to stop, but
there's no point shipping a descriptor that always falls back.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-23 15:16:05 +01:00

63 lines
3.0 KiB
YAML
Executable File

networks:
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
external: true
services:
vaultwarden-service: #LIBREPORTAL|SERVICE_TAG_1|vaultwarden-service
container_name: vaultwarden-service
image: vaultwarden/server:latest
restart: unless-stopped
hostname: vaultwarden
# GLUETUN_OFF_BEGIN
ports:
- "PORTS_DATA_1" #LIBREPORTAL|PORTS_TAG_1|PORTS_DATA_1
# GLUETUN_OFF_END
volumes:
- SOCKET_DATA #LIBREPORTAL|SOCKET_TAG|SOCKET_DATA
- ./vaultwarden-ssl/:/ssl/
- ./vaultwarden-data:/data
environment:
- LOGIN_RATELIMIT_MAX_BURST=10
- LOGIN_RATELIMIT_SECONDS=60
- DOMAIN=https://DOMAINSUBNAME_DATA #LIBREPORTAL|DOMAINSUBNAME_TAG|DOMAINSUBNAME_DATA
- ADMIN_TOKEN=VAULTWARDEN_ADMIN_TOKEN_DATA #LIBREPORTAL|VAULTWARDEN_ADMIN_TOKEN_TAG|VAULTWARDEN_ADMIN_TOKEN_DATA
- SIGNUPS_ALLOWED=VAULTWARDEN_SIGNUPS_ALLOWED_DATA #LIBREPORTAL|VAULTWARDEN_SIGNUPS_ALLOWED_TAG|VAULTWARDEN_SIGNUPS_ALLOWED_DATA
labels:
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
libreportal.backup.db: "sqlite:::vaultwarden-data/db.sqlite3"
traefik.enable: TRAEFIK_ENABLE_DATA #LIBREPORTAL|TRAEFIK_ENABLE_TAG|TRAEFIK_ENABLE_DATA
# TRAEFIK_PORT_1_BEGIN
traefik.http.routers.vaultwarden-service.entrypoints: web,websecure
traefik.http.routers.vaultwarden-service.rule: Host(`DOMAINSUBNAME_DATA_1`) #LIBREPORTAL|DOMAINSUBNAME_TAG_1|DOMAINSUBNAME_DATA_1
traefik.http.routers.vaultwarden-service.tls: true
traefik.http.routers.vaultwarden-service.tls.certresolver: production
traefik.http.services.vaultwarden-service.loadbalancer.server.port: PORT_INTERNAL_DATA_1 #LIBREPORTAL|PORT_INTERNAL_TAG_1|PORT_INTERNAL_DATA_1
traefik.http.routers.vaultwarden-service.middlewares: MIDDLEWARE_DATA_1 #LIBREPORTAL|MIDDLEWARE_TAG_1|MIDDLEWARE_DATA_1
# TRAEFIK_PORT_1_END
healthcheck:
disable: HEALTHCHECK_DATA #LIBREPORTAL|HEALTHCHECK_TAG|HEALTHCHECK_DATA
# GLUETUN_OFF_BEGIN
networks:
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
ipv4_address: IP_DATA_1 #LIBREPORTAL|IP_TAG_1|IP_DATA_1
# GLUETUN_OFF_END
# GLUETUN_ON_BEGIN
# network_mode: "container:gluetun-service"
# GLUETUN_ON_END
# >>> libreportal-monitoring >>>
#vaultwarden-exporter:
# container_name: vaultwarden-exporter
# image: guerzon/vaultwarden_exporter:latest
# restart: unless-stopped
# depends_on:
# - vaultwarden-service
# environment:
# - VW_URL=http://vaultwarden-service:PORT_INTERNAL_DATA_1 #LIBREPORTAL|PORT_INTERNAL_TAG_1|PORT_INTERNAL_DATA_1
# - VW_TOKEN=VAULTWARDEN_ADMIN_TOKEN_DATA #LIBREPORTAL|VAULTWARDEN_ADMIN_TOKEN_TAG|VAULTWARDEN_ADMIN_TOKEN_DATA
# - VW_LISTEN_ADDR=:PORT_INTERNAL_DATA_2 #LIBREPORTAL|PORT_INTERNAL_TAG_2|PORT_INTERNAL_DATA_2
# networks:
# DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
# <<< libreportal-monitoring <<<