first commit

vaultwarden/.env

@@ -0,0 +1,6 @@
+ADMIN_TOKEN=''
+POSTGRES_USER=vaultwarden
+POSTGRES_PASSWORD=
+PUSH_INSTALLATION_ID=
+PUSH_INSTALLATION_KEY=
+DOMAIN=https://bitwarden.conorz.at/

vaultwarden/compose.yml

@@ -0,0 +1,49 @@
+services:
+  vaultwarden:
+    container_name: vaultwarden
+    image: ghcr.io/polarix-containers/vaultwarden:latest
+    restart: always
+    volumes:
+      - /home/titanz/vaultwarden:/data:Z
+    ports:
+      - "8081:8080/tcp"
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      - SIGNUPS_ALLOWED=false
+      - ADMIN_TOKEN=${ADMIN_TOKEN}
+      - PUSH_ENABLED=true
+      - PUSH_INSTALLATION_ID=${PUSH_INSTALLATION_ID}
+      - PUSH_INSTALLATION_KEY=${PUSH_INSTALLATION_KEY}
+      - DOMAIN=${DOMAIN}
+      - ROCKET_PORT=8080
+      - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_USER}
+      - YUBICO_CLIENT_ID=82851
+      - YUBICO_SECRET_KEY=mLPiA1hxQGOan61RXAtL63xLrLE=
+    user: "3001:3001"
+    read_only: true
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL
+
+  postgres:
+    container_name: vaultwarden-postgres
+    image: ghcr.io/polarix-containers/postgres:17
+    restart: always
+    volumes:
+      - ./postgres:/var/lib/postgresql/data:Z
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "vaultwarden"]
+      interval: 15s
+      timeout: 5s
+    user: "70:70"
+    read_only: true
+    tmpfs:
+      - /var/run/postgresql:size=50M,mode=0770,uid=70,gid=70,noexec,nosuid,nodev
+    security_opt:
+      - "no-new-privileges=true"