#jinja2:lstrip_blocks: True
{{ ansible_managed | comment }}
version: "2.4"

services:
  vaultwarden:
    container_name: {{ vaultwarden_container_name }}
    image: {{ vaultwarden_image }}
    restart: {{ vaultwarden_restart_policy }}
    {% if vaultwarden_exposed_ports | default([]) %}
    ports:
      {% for port in vaultwarden_exposed_ports %}
      - {{ port | quote }}
      {% endfor %}
    {% endif %}
    {% if vaultwarden_volumes | default([]) %}
    volumes:
      {% for volume in vaultwarden_volumes %}
      - "{{ volume.name }}:{{ volume.dest }}"
      {% endfor %}
    {% endif %}
    {% if vaultwarden_networks_applied | default([]) %}
    networks:
      {% for network in vaultwarden_networks_applied %}
      - {{ network }}
      {% endfor %}
    {% endif %}
    {% if vaultwarden_extra_hosts | default([]) %}
    extra_hosts:
      {% for host in vaultwarden_extra_hosts %}
      - {{ host | quote }}
      {% endfor %}
    {% endif %}
    environment:
      - VAULTWARDEN_DOMAIN={{ vaultwarden_base_url }}
      - VAULTWARDEN_DATABASE_URL=postgresql://{{ vaultwarden_db_user }}:{{ vaultwarden_db_password | urlencode }}@{{ vaultwarden_db_server }}:{{ vaultwarden_db_port }}/{{ vaultwarden_db_name }}?sslmode={{ vaultwarden_db_ssl_mode }}&sslrootcert={{ vaultwarden_db_ssl_rootcert }}
      - VAULTWARDEN_USER_ATTACHMENT_LIMIT={{ vaultwarden_user_attachment_limit }}
      - VAULTWARDEN_ORG_ATTACHMENT_LIMIT={{ vaultwarden_org_attachment_limit }}
      - VAULTWARDEN_WEBSOCKET_ENABLED={{ vaultwarden_websocket_enabled }}
      {% if vaultwarden_templates_folder is defined and vaultwarden_templates_folder %}
      - VAULTWARDEN_TEMPLATES_FOLDER={{ vaultwarden_templates_folder }}
      {% endif %}
      - VAULTWARDEN_RELOAD_TEMPLATES={{ vaultwarden_reload_templates }}
      - VAULTWARDEN_IP_HEADER={{ vaultwarden_ip_header }}
      - VAULTWARDEN_ICON_CACHE_TTL={{ vaultwarden_icon_cache_ttl }}
      - VAULTWARDEN_ICON_CACHE_NEGTTL="{{ vaultwarden_icon_cache_negttl }}"
      - VAULTWARDEN_WEB_VAULT_ENABLED={{ vaultwarden_web_vault_enabled }}
      - VAULTWARDEN_EXTENDED_LOGGING={{ vaultwarden_extended_logging }}
      - VAULTWARDEN_LOG_LEVEL={{ vaultwarden_log_level }}
      - VAULTWARDEN_DISABLE_ICON_DOWNLOAD={{ vaultwarden_disable_icon_download }}
      - VAULTWARDEN_ICON_DOWNLOAD_TIMEOUT={{ vaultwarden_icon_download_timeout }}
      {% if vaultwarden_icon_blacklist_regexl is defined and vaultwarden_icon_blacklist_regexl %}
      - VAULTWARDEN_ICON_BLACKLIST_REGEXL={{ vaultwarden_icon_blacklist_regexl }}
      {% endif %}
      - VAULTWARDEN_ICON_BLACKLIST_NON_GLOBAL_IPS={{ vaultwarden_icon_blacklist_non_global_ips }}
      - VAULTWARDEN_DISABLE_2FA_REMEMBER={{ vaultwarden_disable_2fa_remember }}
      - VAULTWARDEN_SIGNUPS_ALLOWED={{ vaultwarden_signups_allowed }}
      - VAULTWARDEN_SIGNUPS_VERIFY={{ vaultwarden_signups_verify }}
      - VAULTWARDEN_SIGNUPS_VERIFY_RESEND_TIME={{ vaultwarden_signups_verify_resend_time }}
      - VAULTWARDEN_SIGNUPS_VERIFY_RESEND_LIMIT={{ vaultwarden_signups_verify_resend_limit }}
      {% if vaultwarden_signups_domains_whitelist is defined and vaultwarden_signups_domains_whitelist %}
      - VAULTWARDEN_SIGNUPS_DOMAINS_WHITELIST={{ vaultwarden_signups_domains_whitelist }}
      {% endif %}
      - VAULTWARDEN_INVITATIONS_ALLOWED={{ vaultwarden_invitations_allowed }}
      {% if vaultwarden_admin_token is defined and vaultwarden_admin_token %}
      - VAULTWARDEN_ADMIN_TOKEN={{ vaultwarden_admin_token }}
      {% endif %}
      - VAULTWARDEN_PASSWORD_ITERATIONS={{ vaultwarden_password_iterations }}
      - VAULTWARDEN_SHOW_PASSWORD_HINT={{ vaultwarden_show_password_hint }}
      - VAULTWARDEN_AUTHENTICATOR_DISABLE_TIME_DRIFT={{ vaultwarden_authenticator_disable_time_drift }}
      {% if vaultwarden_smtp_host is defined and vaultwarden_smtp_host %}
      - VAULTWARDEN_SMTP_HOST={{ vaultwarden_smtp_host }}
      - VAULTWARDEN_SMTP_FROM={{ vaultwarden_smtp_from }}
      - VAULTWARDEN_SMTP_FROM_NAME="{{ vaultwarden_smtp_from_name }}"
      - VAULTWARDEN_SMTP_PORT={{ vaultwarden_smtp_port }}
      - VAULTWARDEN_SMTP_SECURITY={{ vaultwarden_smtp_security }}
      {% if vaultwarden_smtp_username is defined and vaultwarden_smtp_username %}
      - VAULTWARDEN_SMTP_USERNAME={{ vaultwarden_smtp_username }}
      - VAULTWARDEN_SMTP_PASSWORD={{ vaultwarden_smtp_password }}
      {% endif %}
      - VAULTWARDEN_SMTP_AUTH_MECHANISM={{ vaultwarden_smtp_auth_mechanism }}
      - VAULTWARDEN_SMTP_TIMEOUT={{ vaultwarden_smtp_timeout }}
      {% endif %}
    {% if vaultwarden_memory_limit is defined %}
    mem_limit: {{ vaultwarden_memory_limit }}
    {% endif %}
    {% if vaultwarden_memory_reservation is defined %}
    mem_reservation: {{ vaultwarden_memory_reservation }}
    {% endif %}
    {% if vaultwarden_cpu_shares is defined %}
    cpu_shares: {{ vaultwarden_cpu_shares }}
    {% endif %}
    {% if not vaultwarden_cap_add | length == 0 %}
    cap_add:
      {% for item in vaultwarden_cap_add %}
      - {{ item }}
      {% endfor %}
    {% endif %}
    {% if not vaultwarden_cap_drop | length == 0  %}
    cap_drop:
      {% for item in vaultwarden_cap_drop %}
      - {{ item }}
      {% endfor %}
    {% endif %}
    {% if not vaultwarden_security_opt | length == 0 %}
    security_opt:
      {% for item in vaultwarden_security_opt %}
      - {{ item }}
      {% endfor %}
    {% endif %}
    healthcheck:
    {% for key, value in vaultwarden_healthcheck.items() %}
      {{ key }}: {{ value }}
    {% endfor %}
    {% if vaultwarden_pids_limit is defined %}
    pids_limit: {{ vaultwarden_pids_limit }}
    {% endif %}
{% if vaultwarden_volumes | default([]) | rejectattr("bind") | list | length > 0 %}

volumes:
  {% for volume in vaultwarden_volumes | rejectattr("bind") %}
  {{ volume.name }}:
  {% endfor %}
{% endif %}
{% if vaultwarden_networks | default([]) | length > 0 %}

networks:
  {% for network in vaultwarden_networks %}
  {{ network.name }}:
    driver: {{ network.backend | default("bridge") }}
  {% endfor %}
{% endif %}