--- # Name of this instance (job and service name) instance: vaultwarden vaultwarden: # Server settings server: # Version to deploy version: 1.30.5 # Docker image to use image: vaultwarden/server:[[ .vaultwarden.server.version ]]-alpine # Number of instances to run count: 1 # List of features to enable when building image # (not used for now) features: - postgresql # List of vault policies to attach to the task vault: policies: - '[[ .instance ]][[ .consul.suffix ]]' # A list of random secrets to generate if not present in vault kv store rand_secrets: fields: - admin_token # Postgres settings postgres: pooler: mode: session # Resources allocation resources: cpu: 300 memory: 128 # Consul settings consul: connect: upstreams: - destination_name: '[[ .mail.smtp_service_name ]]' local_bind_port: 25 - destination_name: postgres[[ .consul.suffix ]] local_bind_port: 5432 wait_for: - service: master.postgres[[ .consul.suffix ]] # Environment variables to set in the container env: ORG_EVENTS_ENABLED: 'true' EVENTS_DAYS_RETAIN: 720 SIGNUPS_VERIFY: 'true' SMTP_HOST: localhost SMTP_PORT: 25 SMTP_FROM: vaultwarden-no-reply@[[ .consul.domain ]] SMTP_SECURITY: off TRASH_AUTO_DELETE_DAYS: 7 INCOMPLETE_2FA_TIME_LIMIT: 5 USER_ATTACHMENT_LIMIT: 204800 # Public URL of the service public_url: https://vaultwarden.example.org/ # Traefik settings traefik: # Makes sure priority: 100 csp: default-src: "'self'" img-src: "'self' data: https://www.gravatar.com" script-src: "'self' 'unsafe-inline' 'unsafe-eval'" style-src: "'self' 'unsafe-inline'" font-src: "'self' data:" connect-src: "'self' https://api.pwnedpasswords.com https://api.2fa.directory" # Settings for the /admin interface # Note that this interface is disabled unless ADMIN_TOKEN env var is set admin: public_url: '[[ .vaultwarden.server.public_url ]]/admin' # If enabled, we can set specific Traefik middlewares traefik: strip_prefix: false router: admin priority: 200 # Volumes for data persistance volumes: data: type: csi source: vaultwarden-data access_mode: multi-node-multi-writer