From 8366aef3ad7a244a5821a3a787d6b423154a75de Mon Sep 17 00:00:00 2001
From: anima <p.schreiner@4nima.de>
Date: Sat, 10 Jun 2023 23:32:22 +0200
Subject: [PATCH] inital setup

---
 .env.sample        |  5 ++++
 .gitignore         |  2 ++
 README.md          | 68 +++++++++++++++++++++++++++++++++++++++++++++-
 docker-compose.yml | 27 ++++++++++++++++++
 4 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 .env.sample
 create mode 100644 .gitignore
 create mode 100644 docker-compose.yml

diff --git a/.env.sample b/.env.sample
new file mode 100644
index 0000000..77c46b2
--- /dev/null
+++ b/.env.sample
@@ -0,0 +1,5 @@
+TAG=
+BASEDIR=
+
+# generate token: < /dev/urandom tr -dc A-Za-z0-9 | head -c32;echo;
+ADMIN_TOKEN=
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..cf073d9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+files/
+.env
\ No newline at end of file
diff --git a/README.md b/README.md
index 30bf53f..4c32620 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,68 @@
-# compose-vaultwarden
+# Basic Vaultwarden docker-compose config
+* can be run on single node setup or in swarm  
 
+## howto
+### single node
+#### start container
+```bash
+docker compose up -d
+```
+
+#### stop container (and remove)
+```bash
+docker compose down
+```
+
+#### view logs
+```bash
+docker compose logs -f
+```
+
+#### reload config
+```bash
+docker compose restart
+```
+
+### swarm
+#### start aka deploy
+```bash
+docker stack deploy -c docker-compose.yml caddy
+```
+
+#### stop container aka service
+```bash
+docker service rm caddy_caddy
+```
+
+#### view logs
+```bash
+docker service logs caddy_caddy -f
+```
+
+#### reload config (no downtime if replica 2 or more)
+```bash
+docker service update caddy_caddy --force
+```
+
+## example caddy config
+```
+vault.example.com {
+    header {
+        Strict-Transport-Security max-age=31536000;
+        X-XSS-Protection "1; mode=block"
+        X-Frame-Options DENY
+        X-Robots-Tag none
+        -Server
+    }
+    reverse_proxy vaultwarden:80 {
+        header_up X-Real-IP {remote_host}
+    }
+
+    # disable /admin page via domain (diable for inital config)
+    handle /admin {
+        respond 403
+    }
+
+    reverse_proxy 10.1.16.1:80
+}
+```
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..353c240
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,27 @@
+# https://docs.docker.com/compose/compose-file/compose-file-v3/
+---
+version: "3.9"
+services:
+  vault:
+    image: vaultwarden/server:${TAG:-latest}
+    container_name: vault
+    env_file: .env
+    restart: unless-stopped
+    ports:
+      - 80:80
+    deploy:
+      replicas: 1
+      placement:
+        max_replicas_per_node: 1
+      update_config:
+        parallelism: 1
+        delay: 10s
+    volumes:
+      - ${BASEDIR:-./files/}:/data/
+    networks:
+      - backend
+
+networks:
+  frontend:
+    name: ${INTRANET:-backend}
+    external: true
\ No newline at end of file