docker-compose.yml

version: '3'


services:
  bitwarden:
    # Standard Bitwarden is very resource-heavy and cannot run on micro cloud instances
    # Bitwarden Rust is a Rust (mostly) feature-complete implementation of Bitwarden
    # https://github.com/dani-garcia/bitwarden_rs
    image: vaultwarden/server:alpine
    restart: always
    container_name: bitwarden
    volumes:
    - ${PWD}/bitwarden:/data
    environment:
    - LOG_FILE=/dev/stdout
    - WEBSOCKET_ENABLED=true            # required for websockets
    - SHOW_PASSWORD_HINT=false
    - DOMAIN=https://${DOMAIN}          # DOMAIN is set in .env but doesn't have protocol prefix
    - SMTP_FROM_NAME=Bitwarden (${DOMAIN})
    - IP_HEADER=CF-Connecting-IP
    - ADMIN_TOKEN                       # Value-less variables are set in .env
    - SIGNUPS_ALLOWED
    - SMTP_HOST
    - SMTP_FROM
    - SMTP_PORT
    - SMTP_SSL
    - SMTP_USERNAME
    - SMTP_PASSWORD
    - YUBICO_CLIENT_ID
    - YUBICO_SECRET_KEY
    - YUBICO_SERVER
    - ORG_CREATE_USER

  proxy:
    image: nginx
    restart: always
    container_name: proxy
    depends_on:
    - bitwarden
    volumes:
    - ${PWD}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
    - ${PWD}/nginx/sites-enabled:/etc/nginx/sites-enabled:ro
  
  cloudflared:
    image: cloudflare/cloudflared:2021.9.2-amd64
    restart: always
    user: root
    entrypoint: cloudflared --credentials-file /etc/cloudflared/tunnel.json --url http://proxy:80 tunnel run $CLOUDFLARED_TUNNEL_NAME
    container_name: cloudflared
    depends_on:
    - proxy
    volumes:
    - ${PWD}/cloudflared:/etc/cloudflared:ro
    environment:
    - CLOUDFLARED_TUNNEL_NAME

  git-sync:
    image: whojk/git-sync
    restart: always
    container_name: git-sync
    depends_on:
    - bitwarden
    volumes:
    - ${PWD}/bitwarden:/git_sync_dir
    environment:
    - GIT_SSH_KEY
    - GIT_EMAIL
    - GIT_NAME
    - GIT_REPO_URL
    - GIT_SYNC_INTERVAL

  watchtower:
    # Watchtower will pull down your new image, gracefully shut down your existing container 
    # and restart it with the same options that were used when it was deployed initially
    # https://github.com/containrrr/watchtower
    image: containrrr/watchtower
    restart: always
    container_name: watchtower
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    environment:
    - WATCHTOWER_CLEANUP=true
    - WATCHTOWER_SCHEDULE
    - TZ