added app-catalog

templates/vaultwarden/docker-compose.yml

@@ -0,0 +1,53 @@
+# Vaultwarden - Password Manager (Bitwarden-compatible)
+# Domain: vault.{{DOMAIN}}
+# Database: None (SQLite, built-in)
+# RAM: ~50MB | Pi-compatible: Yes
+#
+# Environment variables (set in Portainer):
+#   ADMIN_TOKEN     - Admin panel token (optional but recommended, generate with: openssl rand -hex 32)
+#   SIGNUPS_ALLOWED - Set to "false" after creating your account(s)
+#
+# First-time setup:
+#   1. Visit https://vault.{{DOMAIN}} and create an account
+#   2. Set SIGNUPS_ALLOWED=false in Portainer env vars
+#   3. Redeploy stack
+#   4. Admin panel at https://vault.{{DOMAIN}}/admin (if ADMIN_TOKEN set)
+#
+# Clients:
+#   Use any Bitwarden client (desktop, mobile, browser extension)
+#   Set server URL to: https://vault.{{DOMAIN}}
+
+services:
+  vaultwarden:
+    image: vaultwarden/server:1.33.2-alpine
+    container_name: vaultwarden
+    restart: unless-stopped
+    environment:
+      - DOMAIN=https://vault.{{DOMAIN}}
+      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-true}
+      - ADMIN_TOKEN=${ADMIN_TOKEN:-}
+      - WEBSOCKET_ENABLED=true
+      - TZ=Europe/Budapest
+    volumes:
+      - vaultwarden_data:/data
+    networks:
+      - traefik-public
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/alive"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vaultwarden.rule=Host(`vault.{{DOMAIN}}`)"
+      - "traefik.http.routers.vaultwarden.entrypoints=websecure"
+      - "traefik.http.routers.vaultwarden.tls=true"
+      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
+
+volumes:
+  vaultwarden_data:
+
+networks:
+  traefik-public:
+    external: true