#### NETWORKS
networks:
  traefik_front_network:
    external: true

#### SERVICES
services:
  vault:
    container_name: vault-app
    hostname: vault-app
    image: hashicorp/vault:latest
    environment:
      VAULT_ADDR: "https://vault.tips-of-mine.com"
      VAULT_API_ADDR: "https://vault.tips-of-mine.com"
      VAULT_ADDRESS: "https://vault.tips-of-mine.com"
    networks:
    - traefik_front_network
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_front_network"
## HTTP
      - "traefik.http.routers.vault-http.rule=Host(`vault.tips-of-mine.com`)"
      - "traefik.http.routers.vault-http.entrypoints=http"
## HTTPS
      - "traefik.http.routers.vault-https.rule=Host(`vault.tips-of-mine.com`)"
      - "traefik.http.routers.vault-https.entrypoints=https"
      - "traefik.http.routers.vault-https.tls=true"
      - "traefik.http.routers.vault-https.service=vault-service"
## Middleware
## Service
      - "traefik.http.services.vault-service.loadbalancer.server.port=8200"
    restart: always
    volumes:
      - ./logs:/vault/logs/:rw
      - ./data:/vault/data/:rw
      - ./config:/vault/config/:rw
      - ./certs:/certs/:rw
      - ./file:/vault/file/:rw
      - ./policy:/vault/policy/:rw
      - ./plugin:/vault/plugin/:rw
    cap_add:
      - IPC_LOCK
    entrypoint: vault server -config /vault/config/config.hcl