vaultwarden/compose.yml

---
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    environment:
      TZ: ${TIMEZONE:-Europe/Amsterdam}
      DOMAIN: https://${TRAEFIK_HOST}
      WEBSOCKET_ENABLED: "true"
      SIGNUPS_ALLOWED: "true"
      INVITATIONS_ALLOWED: "true"
      SHOW_PASSWORD_HINT: "false"
      SMTP_HOST: mailpit
      SMTP_FROM: ${SMTP_FROM}
      SMTP_FROM_NAME: Vaultwarden
      SMTP_SECURITY: off
      SMTP_PORT: 1025
    volumes:
      - ../.data/vaultwarden:/data
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.vaultwarden-redirect-web-secure.redirectscheme.scheme=https"
      - "traefik.http.routers.vaultwarden-web.middlewares=vaultwarden-redirect-web-secure"
      - "traefik.http.routers.vaultwarden-web.rule=Host(`${TRAEFIK_HOST}`)"
      - "traefik.http.routers.vaultwarden-web.entrypoints=web"
      - "traefik.http.routers.vaultwarden-web-secure.rule=Host(`${TRAEFIK_HOST}`)"
      - "traefik.http.routers.vaultwarden-web-secure.tls.certresolver=resolver"
      - "traefik.http.routers.vaultwarden-web-secure.entrypoints=web-secure"
      - "traefik.http.routers.vaultwarden-web-secure.middlewares=security-headers@file"
      - "traefik.http.services.vaultwarden-web-secure.loadbalancer.server.port=80"
      - "traefik.docker.network=${NETWORK_NAME}"
      - "com.centurylinklabs.watchtower.enable=true"
    networks:
      - compose_network
networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true
Add self-contained Docker Compose stacks for pivoine.art infrastructure Migrated 11 services from monolithic docker-compose project into independent stacks, each with dedicated databases, minimal .env configuration, and bind-mount data volumes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-15 22:41:50 +01:00			`---`
			`services:`
			`vaultwarden:`
			`image: vaultwarden/server:latest`
			`container_name: vaultwarden`
			`environment:`
			`TZ: ${TIMEZONE:-Europe/Amsterdam}`
			`DOMAIN: https://${TRAEFIK_HOST}`
			`WEBSOCKET_ENABLED: "true"`
			`SIGNUPS_ALLOWED: "true"`
			`INVITATIONS_ALLOWED: "true"`
			`SHOW_PASSWORD_HINT: "false"`
			`SMTP_HOST: mailpit`
Add restic backup stack with daily systemd timer Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 07:14:32 +01:00			`SMTP_FROM: ${SMTP_FROM}`
Add self-contained Docker Compose stacks for pivoine.art infrastructure Migrated 11 services from monolithic docker-compose project into independent stacks, each with dedicated databases, minimal .env configuration, and bind-mount data volumes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-15 22:41:50 +01:00			`SMTP_FROM_NAME: Vaultwarden`
			`SMTP_SECURITY: off`
			`SMTP_PORT: 1025`
			`volumes:`
			`- ../.data/vaultwarden:/data`
			`restart: always`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.http.middlewares.vaultwarden-redirect-web-secure.redirectscheme.scheme=https"`
			`- "traefik.http.routers.vaultwarden-web.middlewares=vaultwarden-redirect-web-secure"`
			- "traefik.http.routers.vaultwarden-web.rule=Host(`${TRAEFIK_HOST}`)"
			`- "traefik.http.routers.vaultwarden-web.entrypoints=web"`
			- "traefik.http.routers.vaultwarden-web-secure.rule=Host(`${TRAEFIK_HOST}`)"
			`- "traefik.http.routers.vaultwarden-web-secure.tls.certresolver=resolver"`
			`- "traefik.http.routers.vaultwarden-web-secure.entrypoints=web-secure"`
			`- "traefik.http.routers.vaultwarden-web-secure.middlewares=security-headers@file"`
			`- "traefik.http.services.vaultwarden-web-secure.loadbalancer.server.port=80"`
			`- "traefik.docker.network=${NETWORK_NAME}"`
			`- "com.centurylinklabs.watchtower.enable=true"`
			`networks:`
			`- compose_network`
			`networks:`
			`compose_network:`
			`name: ${NETWORK_NAME}`
			`external: true`