215 lines
6.6 KiB
Plaintext
215 lines
6.6 KiB
Plaintext
|
---
|
||
|
version: "{{ skylab_compose_version }}"
|
||
|
|
||
|
|
||
|
x-global-env: &globalenv
|
||
|
LOCAL_UID: "{{ _app_account.uid }}"
|
||
|
LOCAL_GID: "{{ _app_account.uid }}"
|
||
|
ASPNETCORE_ENVIRONMENT: Production
|
||
|
globalSettings__selfHosted: "true"
|
||
|
globalSettings__baseServiceUri__vault: https://{{ app.domain }}
|
||
|
globalSettings__baseServiceUri__api: https://{{ app.domain }}/api
|
||
|
globalSettings__baseServiceUri__identity: https://{{ app.domain }}/identity
|
||
|
globalSettings__baseServiceUri__admin: https://{{ app.domain }}/admin
|
||
|
globalSettings__baseServiceUri__notifications: https://{{ app.domain }}/notifications
|
||
|
globalSettings__baseServiceUri__internalNotifications: http://bitwarden_notifications:5000
|
||
|
globalSettings__baseServiceUri__internalAdmin: http://bitwarden_admin:5000
|
||
|
globalSettings__baseServiceUri__internalIdentity: http://bitwarden_identity:5000
|
||
|
globalSettings__baseServiceUri__internalApi: http://bitwarden_api:5000
|
||
|
globalSettings__baseServiceUri__internalVault: http://bitwarden_web:5000
|
||
|
globalSettings__pushRelayBaseUri: https://push.bitwarden.com
|
||
|
globalSettings__installation__identityUri: https://identity.bitwarden.com
|
||
|
globalSettings__sqlServer__connectionString: "Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=e934c0bb-3b5a-4e6b-b525-cd6d83004e1a;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True"
|
||
|
globalSettings__identityServer__certificatePassword: {{ app.settings.certificatePassword }}
|
||
|
globalSettings__attachment__baseDirectory: /etc/bitwarden/core/attachments
|
||
|
globalSettings__attachment__baseUrl: https://{{ app.domain }}/attachments
|
||
|
globalSettings__dataProtection__directory: /etc/bitwarden/core/aspnet-dataprotection
|
||
|
globalSettings__logDirectory: /etc/bitwarden/logs
|
||
|
globalSettings__licenseDirectory: /etc/bitwarden/core/licenses
|
||
|
globalSettings__internalIdentityKey: {{ app.settings.internalIdentityKey }}
|
||
|
globalSettings__duo__aKey: {{ app.settings.duo__aKey }}
|
||
|
globalSettings__installation__id: {{ app.settings.installation__id }}
|
||
|
globalSettings__installation__key: {{ app.settings.installation__key }}
|
||
|
globalSettings__yubico__clientId: REPLACE
|
||
|
globalSettings__yubico__key: REPLACE
|
||
|
globalSettings__mail__replyToEmail: noreply@enp.one
|
||
|
globalSettings__mail__smtp__host: REPLACE
|
||
|
globalSettings__mail__smtp__port: "587"
|
||
|
globalSettings__mail__smtp__ssl: "false"
|
||
|
globalSettings__mail__smtp__username: REPLACE
|
||
|
globalSettings__mail__smtp__password: REPLACE
|
||
|
globalSettings__disableUserRegistration: "false"
|
||
|
globalSettings__hibpApiKey: REPLACE
|
||
|
adminSettings__admins: ""
|
||
|
|
||
|
|
||
|
volumes:
|
||
|
{% for key, value in app.volumes.items() %}
|
||
|
bitwarden-{{ key }}:
|
||
|
name: datastore{{ value }}
|
||
|
driver: glusterfs
|
||
|
{% endfor %}
|
||
|
|
||
|
networks:
|
||
|
bitwarden_internal:
|
||
|
internal: true
|
||
|
name: bitwarden_internal
|
||
|
driver: overlay
|
||
|
ipam:
|
||
|
driver: default
|
||
|
config:
|
||
|
- subnet: {{ app.networks.internal }}
|
||
|
bitwarden_external:
|
||
|
internal: false
|
||
|
name: bitwarden_external
|
||
|
driver: overlay
|
||
|
ipam:
|
||
|
driver: default
|
||
|
config:
|
||
|
- subnet: {{ app.networks.external }}
|
||
|
|
||
|
|
||
|
services:
|
||
|
mssql:
|
||
|
image: bitwarden/mssql:{{ app.versions.mssql }}
|
||
|
stop_grace_period: 60s
|
||
|
networks:
|
||
|
- bitwarden_internal
|
||
|
volumes:
|
||
|
- bitwarden-db-data:/var/opt/mssql/data
|
||
|
- bitwarden-db-backup:/etc/bitwarden/mssql/backups
|
||
|
- bitwarden-logs-db:/var/opt/mssql/log
|
||
|
environment:
|
||
|
LOCAL_UID: "{{ _app_account.uid }}"
|
||
|
LOCAL_GID: "{{ _app_account.uid }}"
|
||
|
ACCEPT_EULA: "Y"
|
||
|
MSSQL_PID: Express
|
||
|
SA_PASSWORD: {{ app.settings.SA_PASSWORD }}
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
web:
|
||
|
image: bitwarden/web:{{ app.versions.web }}
|
||
|
networks:
|
||
|
- bitwarden_internal
|
||
|
volumes:
|
||
|
- bitwarden-web:/etc/bitwarden/web
|
||
|
environment: *globalenv
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
attachments:
|
||
|
image: bitwarden/attachments:{{ app.versions.attachments }}
|
||
|
networks:
|
||
|
- bitwarden_internal
|
||
|
volumes:
|
||
|
- bitwarden-core:/etc/bitwarden/core
|
||
|
environment: *globalenv
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
api:
|
||
|
image: bitwarden/api:{{ app.versions.api }}
|
||
|
volumes:
|
||
|
- bitwarden-core:/etc/bitwarden/core
|
||
|
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||
|
- bitwarden-logs-api:/etc/bitwarden/logs
|
||
|
environment: *globalenv
|
||
|
networks:
|
||
|
- bitwarden_external
|
||
|
- bitwarden_internal
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
identity:
|
||
|
image: bitwarden/identity:{{ app.versions.identity }}
|
||
|
volumes:
|
||
|
- bitwarden-identity:/etc/bitwarden/identity
|
||
|
- bitwarden-core:/etc/bitwarden/core
|
||
|
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||
|
- bitwarden-logs-identity:/etc/bitwarden/logs
|
||
|
environment: *globalenv
|
||
|
networks:
|
||
|
- bitwarden_external
|
||
|
- bitwarden_internal
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
admin:
|
||
|
image: bitwarden/admin:{{ app.versions.admin }}
|
||
|
depends_on:
|
||
|
- mssql
|
||
|
volumes:
|
||
|
- bitwarden-core:/etc/bitwarden/core
|
||
|
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||
|
- bitwarden-logs-admin:/etc/bitwarden/logs
|
||
|
environment: *globalenv
|
||
|
networks:
|
||
|
- bitwarden_external
|
||
|
- bitwarden_internal
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
icons:
|
||
|
image: bitwarden/icons:{{ app.versions.icons }}
|
||
|
volumes:
|
||
|
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||
|
- bitwarden-logs-icons:/etc/bitwarden/logs
|
||
|
environment: *globalenv
|
||
|
networks:
|
||
|
- bitwarden_external
|
||
|
- bitwarden_internal
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
notifications:
|
||
|
image: bitwarden/notifications:1.40.0
|
||
|
volumes:
|
||
|
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||
|
- bitwarden-logs-notifications:/etc/bitwarden/logs
|
||
|
environment: *globalenv
|
||
|
networks:
|
||
|
- bitwarden_external
|
||
|
- bitwarden_internal
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
events:
|
||
|
image: bitwarden/events:{{ app.versions.events }}
|
||
|
volumes:
|
||
|
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||
|
- bitwarden-logs-events:/etc/bitwarden/logs
|
||
|
environment: *globalenv
|
||
|
networks:
|
||
|
- bitwarden_external
|
||
|
- bitwarden_internal
|
||
|
deploy:
|
||
|
replicas: 1
|
||
|
|
||
|
nginx:
|
||
|
image: bitwarden/nginx:{{ app.versions.nginx }}
|
||
|
depends_on:
|
||
|
- web
|
||
|
- admin
|
||
|
- api
|
||
|
- identity
|
||
|
ports:
|
||
|
- published: {{ app.ports.8080 }}
|
||
|
target: 8080
|
||
|
protocol: tcp
|
||
|
mode: ingress
|
||
|
- published: {{ app.ports.8443 }}
|
||
|
target: 8443
|
||
|
protocol: tcp
|
||
|
mode: ingress
|
||
|
volumes:
|
||
|
- bitwarden-nginx-data:/etc/bitwarden/nginx
|
||
|
- bitwarden-ssl:/etc/ssl
|
||
|
- bitwarden-logs-nginx:/var/log/nginx
|
||
|
environment: *globalenv
|
||
|
networks:
|
||
|
- bitwarden_external
|
||
|
- bitwarden_internal
|
||
|
deploy:
|
||
|
replicas: 1
|