name: vaultwarden
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    volumes:
      - /home/fern/docker/data/vaultwarden/data:/data
    environment:
      - DOMAIN=https://vault.ferngarden.net
      - SMTP_HOST=mail.ferngarden.net
      - SMTP_PORT=587
      - SMTP_SECURITY=starttls
      - SMTP_FROM=ornithologist@ferngarden.net
      - SMTP_USERNAME=ornithologist@ferngarden.net
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SSO_ENABLED=true
      - SSO_AUTHORITY=https://auth.fern.garden/application/o/vaultwarden/
      - SSO_SCOPES="email profile offline_access"
      - SSO_CLIENT_ID=${SSO_CLIENT_ID}
      - SSO_CLIENT_SECRET=${SSO_CLIENT_SECRET}
    networks:
      - default
      - proxy
    restart: unless-stopped
    labels:
      caddy: vault.ferngarden.net
      caddy.import: internal
      caddy.reverse_proxy: "{{upstreams 80}}"

networks:
  default:
  proxy:
    external: true