.chglog/CHANGELOG.tpl.md

@@ -0,0 +1,23 @@
+# Changelog
+
+{{ range .Versions -}}
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]({{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}){{ else }}{{ .Tag.Name }}{{ end }} ({{ datetime "2006-01-02" .Tag.Date }})
+
+{{ range .CommitGroups -}}
+### {{ .Title }}
+
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ (regexReplaceAll "(.*)/issues/(.*)" (regexReplaceAll "(Co-\\w*-by.*)" .Subject "") "${1}/pulls/${2}") | trim }}
+{{ end }}
+{{- end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}

.chglog/config.yml

@@ -0,0 +1,25 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://gitea.rknet.org/docker/vaultwarden
+options:
+  commit_groups:
+    title_maps:
+      feat: Features
+      fix: Bug Fixes
+      perf: Performance Improvements
+      refactor: Code Refactoring
+      chore: Others
+      test: Testing
+      ci: CI Pipeline
+      docs: Documentation
+  header:
+    pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
+    pattern_maps:
+      - Type
+      - Scope
+      - Subject
+  notes:
+    keywords:
+      - BREAKING CHANGE

.dictionary

@@ -1,2 +0,0 @@
-(V|v)aultwarden
-Bitwarden

.drone.yml

@@ -0,0 +1,218 @@
+---
+kind: pipeline
+name: test
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: markdownlint
+    image: thegeeklab/markdownlint-cli
+    commands:
+      - markdownlint 'README.md'
+
+trigger:
+  ref:
+    - refs/heads/main
+    - refs/pull/**
+    - refs/tags/**
+
+---
+kind: pipeline
+name: build-container
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: binary
+    image: clux/muslrust:nightly-2021-10-06
+    commands:
+      - apt-get -qq update && apt-get install -yqq --no-install-recommends libpq-dev
+      - make build
+    environment:
+      BUILD_VERSION: ${DRONE_TAG%-*}
+
+  - name: verify
+    image: alpine
+    commands:
+      - src/target/x86_64-unknown-linux-musl/release/vaultwarden --help
+      - src/target/x86_64-unknown-linux-musl/release/vaultwarden --version
+    depends_on:
+      - binary
+
+  - name: dryrun
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      dry_run: true
+      password:
+        from_secret: docker_password
+      repo: thegeeklab/${DRONE_REPO_NAME}
+      username:
+        from_secret: docker_username
+    when:
+      ref:
+        - refs/pull/**
+    depends_on:
+      - verify
+
+  - name: tags
+    image: thegeeklab/docker-autotag
+    environment:
+      DOCKER_AUTOTAG_FORCE_LATEST: True
+      DOCKER_AUTOTAG_IGNORE_PRERELEASE: True
+      DOCKER_AUTOTAG_OUTPUT_FILE: .tags
+      DOCKER_AUTOTAG_VERSION: ${DRONE_TAG}
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - dryrun
+
+  - name: changelog-generate
+    image: thegeeklab/git-chglog
+    commands:
+      - git fetch -tq
+      - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
+    depends_on:
+      - tags
+
+  - name: changelog-format
+    image: thegeeklab/alpine-tools
+    commands:
+      - prettier CHANGELOG.md
+      - prettier -w CHANGELOG.md
+    depends_on:
+      - changelog-generate
+
+  - name: publish-dockerhub
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      password:
+        from_secret: docker_password
+      repo: thegeeklab/${DRONE_REPO_NAME}
+      username:
+        from_secret: docker_username
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - changelog-format
+
+  - name: publish-quay
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      password:
+        from_secret: quay_password
+      registry: quay.io
+      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
+      username:
+        from_secret: quay_username
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - changelog-format
+
+  - name: publish-gitea
+    image: plugins/gitea-release
+    settings:
+      api_key:
+        from_secret: gitea_token
+      base_url: https://gitea.rknet.org
+      note: CHANGELOG.md
+      overwrite: true
+      title: ${DRONE_TAG}
+    when:
+      ref:
+        - refs/tags/**
+    depends_on:
+      - publish-dockerhub
+      - publish-quay
+
+trigger:
+  ref:
+    - refs/heads/main
+    - refs/pull/**
+    - refs/tags/**
+
+depends_on:
+  - test
+
+---
+kind: pipeline
+name: notifications
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: pushrm-dockerhub
+    pull: always
+    image: chko/docker-pushrm:1
+    environment:
+      DOCKER_PASS:
+        from_secret: docker_password
+      DOCKER_USER:
+        from_secret: docker_username
+      PUSHRM_FILE: README.md
+      PUSHRM_SHORT: Custom image for Vaultwarden password manager
+      PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
+    when:
+      status:
+        - success
+
+  - name: pushrm-quay
+    pull: always
+    image: chko/docker-pushrm:1
+    environment:
+      APIKEY__QUAY_IO:
+        from_secret: quay_token
+      PUSHRM_FILE: README.md
+      PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
+    when:
+      status:
+        - success
+
+  - name: matrix
+    image: thegeeklab/drone-matrix
+    settings:
+      homeserver:
+        from_secret: matrix_homeserver
+      password:
+        from_secret: matrix_password
+      roomid:
+        from_secret: matrix_roomid
+      template: "Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}"
+      username:
+        from_secret: matrix_username
+    when:
+      status:
+        - success
+        - failure
+
+trigger:
+  ref:
+    - refs/heads/main
+    - refs/tags/**
+  status:
+    - success
+    - failure
+
+depends_on:
+  - build-container
+
+---
+kind: signature
+hmac: 642c6cc081b23ff0abbb2b1d5f2722ae5ff4102f8ca7d1e57fd6f72891f95cdd
+
+...

.gitsv/config.yml

@@ -1,47 +0,0 @@
----
-version: "1.1"
-
-versioning:
-  update-major: []
-  update-minor: [feat]
-  update-patch: [fix, perf, refactor, chore, test, ci, docs]
-
-tag:
-  pattern: "v%d.%d.%d"
-
-release-notes:
-  sections:
-    - name: Features
-      commit-types: [feat]
-      section-type: commits
-    - name: Bug Fixes
-      commit-types: [fix]
-      section-type: commits
-    - name: Performance Improvements
-      commit-types: [perf]
-      section-type: commits
-    - name: Code Refactoring
-      commit-types: [refactor]
-      section-type: commits
-    - name: Others
-      commit-types: [chore]
-      section-type: commits
-    - name: Testing
-      commit-types: [test]
-      section-type: commits
-    - name: CI Pipeline
-      commit-types: [ci]
-      section-type: commits
-    - name: Documentation
-      commit-types: [docs]
-      section-type: commits
-    - name: BREAKING CHANGES
-      section-type: breaking-changes
-
-commit-message:
-  footer:
-    issue:
-      key: issue
-      add-value-prefix: "#"
-  issue:
-    regex: "#?[0-9]+"

.prettierignore

@@ -1,2 +1,3 @@
+.drone.yml
 *.tpl.md
 LICENSE

.woodpecker/build-container.yml

@@ -1,72 +0,0 @@
----
-when:
-  - event: [pull_request, tag]
-  - event: [push, manual]
-    branch:
-      - ${CI_REPO_DEFAULT_BRANCH}
-
-steps:
-  - name: security-build
-    image: quay.io/thegeeklab/wp-docker-buildx:5
-    settings:
-      containerfile: Containerfile
-      output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
-      repo: thegeeklab/${CI_REPO_NAME}
-      cache_to: type=local,dest=oci/cache/${CI_REPO_NAME},mode=max
-      registry_config:
-        from_secret: DOCKER_REGISTRY_CONFIG_PULL
-
-  - name: security-scan
-    image: docker.io/aquasec/trivy
-    depends_on: security-build
-    commands:
-      - trivy -v
-      - trivy image --input oci/${CI_REPO_NAME}
-    environment:
-      TRIVY_EXIT_CODE: "1"
-      TRIVY_IGNORE_UNFIXED: "true"
-      TRIVY_NO_PROGRESS: "true"
-      TRIVY_SEVERITY: HIGH,CRITICAL
-      TRIVY_TIMEOUT: 1m
-      TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
-
-  - name: publish-dockerhub
-    image: quay.io/thegeeklab/wp-docker-buildx:5
-    depends_on: security-scan
-    settings:
-      auto_tag: true
-      containerfile: Containerfile
-      password:
-        from_secret: docker_password
-      provenance: false
-      repo: thegeeklab/${CI_REPO_NAME}
-      username:
-        from_secret: docker_username
-      cache_from:
-        - 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
-    when:
-      - event: [tag]
-      - event: [push, manual]
-        branch:
-          - ${CI_REPO_DEFAULT_BRANCH}
-
-  - name: publish-quay
-    image: quay.io/thegeeklab/wp-docker-buildx:5
-    depends_on: security-scan
-    settings:
-      auto_tag: true
-      containerfile: Containerfile
-      password:
-        from_secret: quay_password
-      provenance: false
-      registry: quay.io
-      repo: quay.io/thegeeklab/${CI_REPO_NAME}
-      username:
-        from_secret: quay_username
-      cache_from:
-        - 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
-    when:
-      - event: [tag]
-      - event: [push, manual]
-        branch:
-          - ${CI_REPO_DEFAULT_BRANCH}

.woodpecker/build-package.yml

@@ -1,25 +0,0 @@
----
-when:
-  - event: [pull_request, tag]
-  - event: [push, manual]
-    branch:
-      - ${CI_REPO_DEFAULT_BRANCH}
-
-steps:
-  - name: changelog
-    image: quay.io/thegeeklab/git-sv
-    commands:
-      - git sv current-version
-      - git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
-      - cat CHANGELOG.md
-
-  - name: publish-gitea
-    image: quay.io/thegeeklab/wp-gitea-release
-    settings:
-      api_key:
-        from_secret: gitea_token
-      base_url: https://gitea.rknet.org
-      note: CHANGELOG.md
-      title: ${CI_COMMIT_TAG}
-    when:
-      - event: [tag]

.woodpecker/docs.yml

@@ -1,59 +0,0 @@
----
-when:
-  - event: [pull_request, tag]
-  - event: [push, manual]
-    branch:
-      - ${CI_REPO_DEFAULT_BRANCH}
-
-steps:
-  - name: markdownlint
-    image: quay.io/thegeeklab/markdownlint-cli
-    commands:
-      - markdownlint 'README.md'
-
-  - name: spellcheck
-    image: quay.io/thegeeklab/alpine-tools
-    commands:
-      - spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
-    environment:
-      FORCE_COLOR: "true"
-
-  - name: link-validation
-    image: docker.io/lycheeverse/lychee
-    commands:
-      - lychee --no-progress --format detailed README.md
-
-  - name: pushrm-dockerhub
-    image: docker.io/chko/docker-pushrm:1
-    depends_on: [markdownlint, spellcheck, link-validation]
-    environment:
-      DOCKER_PASS:
-        from_secret: docker_password
-      DOCKER_USER:
-        from_secret: docker_username
-      PUSHRM_FILE: README.md
-      PUSHRM_SHORT: Custom image for Vaultwarden password manager
-      PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
-    when:
-      - event: [push, manual]
-        branch:
-          - ${CI_REPO_DEFAULT_BRANCH}
-        status: [success]
-
-  - name: pushrm-quay
-    image: docker.io/chko/docker-pushrm:1
-    depends_on: [markdownlint, spellcheck, link-validation]
-    environment:
-      APIKEY__QUAY_IO:
-        from_secret: quay_token
-      PUSHRM_FILE: README.md
-      PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
-    when:
-      - event: [push, manual]
-        branch:
-          - ${CI_REPO_DEFAULT_BRANCH}
-        status: [success]
-
-depends_on:
-  - build-package
-  - build-container

.woodpecker/notify.yml

@@ -1,26 +0,0 @@
----
-when:
-  - event: [tag]
-  - event: [push, manual]
-    branch:
-      - ${CI_REPO_DEFAULT_BRANCH}
-
-runs_on: [success, failure]
-
-steps:
-  - name: matrix
-    image: quay.io/thegeeklab/wp-matrix
-    settings:
-      homeserver:
-        from_secret: matrix_homeserver
-      room_id:
-        from_secret: matrix_room_id
-      user_id:
-        from_secret: matrix_user_id
-      access_token:
-        from_secret: matrix_access_token
-    when:
-      - status: [success, failure]
-
-depends_on:
-  - docs

Containerfile

@@ -1,75 +0,0 @@
-FROM docker.io/clux/muslrust:1.82.0-stable@sha256:30938544fe77218583d8fcf96f5e6c0c8a29e87abc0a5f1a6943e3bba607f8ae AS build
-
-ARG WEBVAULT_VERSION
-ARG VAULTWARDEN_VERSION
-
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG RUSTFLAGS="-C link-arg=-s"
-ARG DB=sqlite,postgresql
-
-ARG TARGETPLATFORM
-
-# renovate: datasource=github-releases depName=dani-garcia/bw_web_builds versioning=loose
-ENV WEBVAULT_VERSION="${WEBVAULT_VERSION:-v2024.6.2}"
-# renovate: datasource=github-releases depName=dani-garcia/vaultwarden
-ENV VAULTWARDEN_VERSION="${VAULTWARDEN_VERSION:-1.32.4}"
-
-ENV DATA_FOLDER=/tmp
-
-WORKDIR /src
-
-RUN apt-get update && apt-get install -y --no-install-recommends && \
-    mkdir -p /release/web-vault && \
-    mkdir -p /data
-
-RUN echo "Using Vaultwarden version '${VAULTWARDEN_VERSION##v}'" && \
-    curl -sSL "https://github.com/dani-garcia/vaultwarden/archive/${VAULTWARDEN_VERSION##v}.tar.gz" | \
-      tar xz --strip-components=1 && \
-    echo "Using Web Vault version '${WEBVAULT_VERSION##v}'" && \
-    curl -SsfL "https://github.com/dani-garcia/bw_web_builds/releases/download/${WEBVAULT_VERSION}/bw_web_${WEBVAULT_VERSION}.tar.gz" | \
-      tar xz -C /release
-
-RUN echo "Building for platform '$TARGETPLATFORM'" && \
-  case "$TARGETPLATFORM" in \
-  "linux/amd64") echo x86_64-unknown-linux-musl > rust_target ;; \
-  "linux/arm64") echo aarch64-unknown-linux-musl > rust_target ;; \
-  *) exit 1 ;; \
-esac
-
-RUN rustup set profile minimal && \
-    rustup target add $(cat rust_target) && \
-    VW_VERSION="${VAULTWARDEN_VERSION##v}" cargo build -j 4 --features "$DB" --target $(cat rust_target) --release
-
-RUN ldd target/$(cat rust_target)/release/vaultwarden && \
-    target/$(cat rust_target)/release/vaultwarden --help && \
-    target/$(cat rust_target)/release/vaultwarden --version
-
-FROM docker.io/alpine:3.20@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
-
-LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
-LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
-LABEL org.opencontainers.image.title="Vaultwarden"
-LABEL org.opencontainers.image.url="https://gitea.rknet.org/container/vaultwarden"
-LABEL org.opencontainers.image.source="https://gitea.rknet.org/container/vaultwarden"
-LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/container/vaultwarden"
-
-ENV DATA_FOLDER=/data
-ENV ROCKET_ADDRESS=0.0.0.0
-ENV ROCKET_PORT=8000
-ENV WEBSOCKET_ADDRESS=0.0.0.0
-ENV WEBSOCKET_PORT=3012
-
-COPY --from=build --chown=65532:65532 /data /data
-COPY --from=build /release/web-vault /web-vault
-COPY --from=build /src/target/**/release/vaultwarden /bin/vaultwarden
-
-EXPOSE 8000
-EXPOSE 3012
-
-STOPSIGNAL SIGTERM
-
-USER 65532
-
-CMD ["/bin/vaultwarden"]

Dockerfile

@@ -0,0 +1,43 @@
+FROM thegeeklab/alpine:latest@sha256:5c504816ac03f294ad1b98f09efafcc9bbb838adaad27b84b3c4bff98b0ffa01
+
+LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
+LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
+LABEL org.opencontainers.image.title="vaultwarden"
+LABEL org.opencontainers.image.url="https://gitea.rknet.org/docker/vaultwarden"
+LABEL org.opencontainers.image.source="https://gitea.rknet.org/docker/vaultwarden"
+LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/vaultwarden"
+
+ARG WEBVAULT_VERSION
+
+# renovate: datasource=github-releases depName=dani-garcia/bw_web_builds versioning=loose
+ENV WEBVAULT_VERSION="${WEBVAULT_VERSION:-v2.25.1}"
+
+ADD overlay/ /
+
+RUN apk --update add --virtual .build-deps tar curl && \
+    apk --update add openssl postgresql-libs sqlite ca-certificates && \
+    mkdir -p /app/web-vault /app/data && \
+    echo "Using Web Vault version '${WEBVAULT_VERSION##v}' ..." && \
+    curl -SsL "https://github.com/dani-garcia/bw_web_builds/releases/download/${WEBVAULT_VERSION}/bw_web_${WEBVAULT_VERSION}.tar.gz" | \
+      tar xz -C /app && \
+    apk del .build-deps && \
+    rm -rf /var/cache/apk/* && \
+    rm -rf /tmp/* && \
+    chown -R app:app /app
+
+ADD src/Rocket.toml /app
+ADD src/target/x86_64-unknown-linux-musl/release/vaultwarden /app
+
+VOLUME /app/data
+
+EXPOSE 8080
+EXPOSE 3012
+
+USER app
+
+STOPSIGNAL SIGTERM
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+HEALTHCHECK --interval=10s --timeout=3s --retries=3 CMD /usr/local/bin/healthcheck
+WORKDIR /app
+CMD []

Makefile

@@ -0,0 +1,31 @@
+# renovate: datasource=github-releases depName=dani-garcia/vaultwarden
+export BUILD_VERSION ?= 1.24.0
+export DEBIAN_FRONTEND ?= noninteractive
+export LANG ?= C.UTF-8
+export TZ ?= UTC
+export RUSTFLAGS ?= -C link-arg=-s
+
+DB ?= sqlite,postgresql
+SRC := src
+
+.PHONY: all
+all: build
+
+.PHONY: build
+build: build-src build-bin
+
+.PHONY: build-src
+build-src:
+	mkdir -p $(SRC); \
+	curl -sSL "https://github.com/dani-garcia/vaultwarden/archive/$${BUILD_VERSION##v}.tar.gz" | tar xz -C $(SRC) --strip-components=1
+
+.PHONY: build-bin
+build-bin:
+	rustup set profile minimal && \
+	cd $(SRC) && \
+	rustup target add x86_64-unknown-linux-musl && \
+	BWRS_VERSION="$${BUILD_VERSION##v}" cargo build -j 8 --features $(DB) --release
+
+.PHONY: clean
+clean:
+	rm -rf $(SRC)

README.md

@@ -2,24 +2,78 @@
 
 Custom image for Vaultwarden password manager
 
-<!-- spellchecker-disable -->
-
-[![Build Status](https://ci.rknet.org/api/badges/container/vaultwarden/status.svg)](https://ci.rknet.org/repos/container/vaultwarden)
+[![Build Status](https://img.shields.io/drone/build/docker/vaultwarden?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/vaultwarden)
 [![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/vaultwarden)
 [![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/vaultwarden)
-[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/container/vaultwarden)
-[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/container/vaultwarden/src/branch/main/LICENSE)
+[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/vaultwarden)
+[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/vaultwarden/src/branch/main/LICENSE)
 
-<!-- spellchecker-enable -->
+This is a rootless custom Docker image for [vaultwarden](https://github.com/dani-garcia/vaultwarden). Vaultwarden is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
 
-Custom rootless container image for [Vaultwarden](https://github.com/dani-garcia/vaultwarden). Vaultwarden is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients.
+> **WARNING**: This build supports SQLite and PostgreSQL database backend only.
 
-> **WARNING**: This version only supports SQLite and PostgreSQL databases.
+## Usage
+
+### Docker Compose
+
+Please take a look at the [example](https://gitea.rknet.org/docker/vaultwarden/src/branch/main/docker-compose.yml) compose file from the git repo.
 
 ## Configuration
 
-In Vaultwarden the configuration can be done either via environment variables or the admin page. A complete list of all environment variables can be found in the [Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden/blob/main/.env.template).
+```Shell
+VAULTWARDEN_DATABASE_URL=
+
+VAULTWARDEN_TEMPLATES_FOLDER=
+VAULTWARDEN_RELOAD_TEMPLATES=False
+
+VAULTWARDEN_IP_HEADER=X-Client-IP
+
+VAULTWARDEN_ICON_CACHE_TTL=2592000
+VAULTWARDEN_ICON_CACHE_NEGTTL=259200
+
+VAULTWARDEN_WEB_VAULT_ENABLED=True
+VAULTWARDEN_WEBSOCKET_ENABLED=False
+
+VAULTWARDEN_EXTENDED_LOGGING=True
+VAULTWARDEN_LOG_LEVEL=Info
+
+VAULTWARDEN_DISABLE_ICON_DOWNLOAD=False
+VAULTWARDEN_ICON_DOWNLOAD_TIMEOUT=10
+VAULTWARDEN_ICON_BLACKLIST_REGEXL=
+VAULTWARDEN_ICON_BLACKLIST_NON_GLOBAL_IPS=True
+
+VAULTWARDEN_DISABLE_2FA_REMEMBER=False
+VAULTWARDEN_SIGNUPS_ALLOWED=True
+VAULTWARDEN_SIGNUPS_VERIFY=False
+VAULTWARDEN_SIGNUPS_VERIFY_RESEND_TIME=3600
+VAULTWARDEN_SIGNUPS_VERIFY_RESEND_LIMIT=6
+VAULTWARDEN_SIGNUPS_DOMAINS_WHITELIST=
+
+VAULTWARDEN_INVITATIONS_ALLOWED=True
+
+# Set an indicidual admin token to enable the admin UI
+VAULTWARDEN_ADMIN_TOKEN=
+
+VAULTWARDEN_PASSWORD_ITERATIONS=100000
+VAULTWARDEN_SHOW_PASSWORD_HINT=True
+VAULTWARDEN_DOMAIN=http://localhost/
+
+VAULTWARDEN_AUTHENTICATOR_DISABLE_TIME_DRIFT=False
+
+# If you dont set a smtp host, all other smpt settings will be ignored
+VAULTWARDEN_SMTP_HOST=
+VAULTWARDEN_SMTP_FROM=
+VAULTWARDEN_SMTP_FROM_NAME=vaultwarden
+VAULTWARDEN_SMTP_PORT=587
+VAULTWARDEN_SMTP_SSL=True
+VAULTWARDEN_SMTP_USERNAME=
+VAULTWARDEN_SMTP_PASSWORD=
+VAULTWARDEN_SMTP_AUTH_MECHANISM=Plain
+VAULTWARDEN_SMTP_TIMEOUT=15
+
+VAULTWARDEN_ROCKET_WORKERS=
+```
 
 ## License
 
-This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/container/vaultwarden/src/branch/main/LICENSE) file for details.
+This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/vaultwarden/src/branch/main/LICENSE) file for details.

docker-compose.yml

@@ -0,0 +1,28 @@
+---
+version: "3"
+
+services:
+  postgres:
+    container_name: postgres
+    image: postgres
+    environment:
+      POSTGRES_DB: vaultwarden
+      POSTGRES_PASSWORD: pass
+      POSTGRES_USER: user
+
+  vaultwarden:
+    container_name: vaultwarden
+    image: thegeeklab/vaultwarden
+    depends_on:
+      - postgres
+    ports:
+      - "80:8080"
+    volumes:
+      - data:/app/data
+    environment:
+      VAULTWARDEN_DATABASE_URL: postgresql://user:pass@vaultwarden_postgres:5432/vaultwarden
+      VAULTWARDEN_ADMIN_TOKEN: test
+
+volumes:
+  data:
+    driver: local

overlay/etc/templates/env.tmpl

@@ -0,0 +1,85 @@
+## Vaultwarden Configuration File
+DATA_FOLDER=/app/data
+RSA_KEY_FILENAME=/app/data/rsa_key
+ICON_CACHE_FOLDER=/app/data/icon_cache
+ATTACHMENTS_FOLDER=/app/data/attachments
+
+{{ if (getenv "VAULTWARDEN_DATABASE_URL") -}}
+DATABASE_URL={{ getenv "VAULTWARDEN_DATABASE_URL" }}
+{{ end -}}
+
+USER_ATTACHMENT_LIMIT={{ getenv "VAULTWARDEN_USER_ATTACHMENT_LIMIT" "1024" }}
+ORG_ATTACHMENT_LIMIT={{ getenv "VAULTWARDEN_ORG_ATTACHMENT_LIMIT" "1024" }}
+
+{{ if (getenv "VAULTWARDEN_TEMPLATES_FOLDER") -}}
+TEMPLATES_FOLDER={{ getenv "VAULTWARDEN_TEMPLATES_FOLDER" }}
+{{ end -}}
+RELOAD_TEMPLATES={{ getenv "VAULTWARDEN_RELOAD_TEMPLATES" "false" | conv.Bool }}
+
+IP_HEADER={{ getenv "VAULTWARDEN_IP_HEADER" "X-Client-IP" }}
+
+ICON_CACHE_TTL={{ getenv "VAULTWARDEN_ICON_CACHE_TTL" "2592000" }}
+ICON_CACHE_NEGTTL={{ getenv "VAULTWARDEN_ICON_CACHE_NEGTTL" "259200" }}
+
+WEB_VAULT_FOLDER=/app/web-vault/
+WEB_VAULT_ENABLED={{ getenv "VAULTWARDEN_WEB_VAULT_ENABLED" "true" | conv.Bool }}
+
+WEBSOCKET_ENABLED={{ getenv "VAULTWARDEN_WEBSOCKET_ENABLED" "false" | conv.Bool }}
+WEBSOCKET_ADDRESS=0.0.0.0
+WEBSOCKET_PORT=3012
+
+EXTENDED_LOGGING={{ getenv "VAULTWARDEN_EXTENDED_LOGGING" "true" | conv.Bool }}
+LOG_LEVEL={{ getenv "VAULTWARDEN_LOG_LEVEL" "Info" }}
+
+ENABLE_DB_WAL=true
+
+DISABLE_ICON_DOWNLOAD={{ getenv "VAULTWARDEN_DISABLE_ICON_DOWNLOAD" "false" | conv.Bool }}
+ICON_DOWNLOAD_TIMEOUT={{ getenv "VAULTWARDEN_ICON_DOWNLOAD_TIMEOUT" "10" }}
+{{ if (getenv "VAULTWARDEN_ICON_BLACKLIST_REGEXL") -}}
+ICON_BLACKLIST_REGEX={{ getenv "VAULTWARDEN_ICON_BLACKLIST_REGEXL" }}
+{{ end -}}
+ICON_BLACKLIST_NON_GLOBAL_IPS={{ getenv "VAULTWARDEN_ICON_BLACKLIST_NON_GLOBAL_IPS" "true" | conv.Bool }}
+
+DISABLE_2FA_REMEMBER={{ getenv "VAULTWARDEN_DISABLE_2FA_REMEMBER" "false" | conv.Bool }}
+
+SIGNUPS_ALLOWED={{ getenv "VAULTWARDEN_SIGNUPS_ALLOWED" "true" | conv.Bool }}
+SIGNUPS_VERIFY={{ getenv "VAULTWARDEN_SIGNUPS_VERIFY" "false" | conv.Bool }}
+SIGNUPS_VERIFY_RESEND_TIME={{ getenv "VAULTWARDEN_SIGNUPS_VERIFY_RESEND_TIME" "3600" }}
+SIGNUPS_VERIFY_RESEND_LIMIT={{ getenv "VAULTWARDEN_SIGNUPS_VERIFY_RESEND_LIMIT" "6" }}
+{{ if (getenv "VAULTWARDEN_SIGNUPS_DOMAINS_WHITELIST") -}}
+SIGNUPS_DOMAINS_WHITELIST={{ getenv "VAULTWARDEN_SIGNUPS_DOMAINS_WHITELIST" }}
+{{ end -}}
+
+INVITATIONS_ALLOWED={{ getenv "VAULTWARDEN_INVITATIONS_ALLOWED" "true" | conv.Bool }}
+INVITATION_ORG_NAME={{ getenv "VAULTWARDEN_INVITATION_ORG_NAME" "Vaultwarden" }}
+
+{{ if (getenv "VAULTWARDEN_ADMIN_TOKEN") -}}
+ADMIN_TOKEN={{ getenv "VAULTWARDEN_ADMIN_TOKEN" }}
+{{ end -}}
+DISABLE_ADMIN_TOKEN=false
+
+PASSWORD_ITERATIONS={{ getenv "VAULTWARDEN_PASSWORD_ITERATIONS" "100000" }}
+SHOW_PASSWORD_HINT={{ getenv "VAULTWARDEN_SHOW_PASSWORD_HINT" "true" | conv.Bool }}
+DOMAIN={{ getenv "VAULTWARDEN_DOMAIN" "http://localhost/" }}
+
+AUTHENTICATOR_DISABLE_TIME_DRIFT={{ getenv "VAULTWARDEN_AUTHENTICATOR_DISABLE_TIME_DRIFT" "false" | conv.Bool }}
+
+ROCKET_ADDRESS=0.0.0.0
+ROCKET_PORT=8080
+{{ if (getenv "VAULTWARDEN_ROCKET_WORKERS") -}}
+ROCKET_WORKERS={{ getenv "VAULTWARDEN_ROCKET_WORKERS" }}
+{{ end -}}
+
+{{ if (getenv "VAULTWARDEN_SMTP_HOST") -}}
+SMTP_HOST={{ getenv "VAULTWARDEN_SMTP_HOST" }}
+SMTP_FROM={{ getenv "VAULTWARDEN_SMTP_FROM" }}
+SMTP_FROM_NAME={{ getenv "VAULTWARDEN_SMTP_FROM_NAME" "Vaultwarden" }}
+SMTP_PORT={{ getenv "VAULTWARDEN_SMTP_PORT" "587" }}
+SMTP_SSL={{ getenv "VAULTWARDEN_SMTP_SSL" "true" | conv.Bool }}
+{{ if (getenv "VAULTWARDEN_SMTP_USERNAME") -}}
+SMTP_USERNAME={{ getenv "VAULTWARDEN_SMTP_USERNAME" }}
+SMTP_PASSWORD={{ getenv "VAULTWARDEN_SMTP_PASSWORD" }}
+{{ end -}}
+SMTP_AUTH_MECHANISM={{ getenv "VAULTWARDEN_SMTP_AUTH_MECHANISM" "Plain" }}
+SMTP_TIMEOUT={{ getenv "VAULTWARDEN_SMTP_TIMEOUT" "15" }}
+{{ end -}}

overlay/usr/local/bin/entrypoint

@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+
+# shellcheck disable=SC3040
+set -eo pipefail
+
+# shellcheck disable=SC1091
+. /usr/local/lib/log.sh
+
+/usr/local/bin/gomplate -o /app/.env -f /etc/templates/env.tmpl
+
+if [ -n "$VAULTWARDEN_DATABASE_URL" ]; then
+  WAITFOR_HOST=$(/usr/local/bin/url-parser host --url "$VAULTWARDEN_DATABASE_URL")
+  WAITFOR_PORT=$(/usr/local/bin/url-parser port --url "$VAULTWARDEN_DATABASE_URL")
+
+  log_info "Wait for database server on '${WAITFOR_HOST}:${WAITFOR_PORT:-5432}'"
+  /usr/local/bin/wait-for "${WAITFOR_HOST}":"${WAITFOR_PORT:-5432}"
+fi
+
+log_info "Start Vaultwarden Server\n"
+exec /app/vaultwarden

overlay/usr/local/bin/healthcheck

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+
+# shellcheck disable=SC3040
+set -eo pipefail
+
+URL=http://127.0.0.1:8080/alive
+
+wget --quiet --tries=1 --spider ${URL} || exit 1
+
+exit 0