homelab/docker/stacks/vault/docker-stack.yml

networks:
  traefik:
    external: true

services:
  vault:
    image: "hashicorp/vault"
    cap_add:
      - IPC_LOCK
    volumes:
      # Make sure to copy the config.hcl configuration into this mountpoint
      # first.
      - /mnt/gfs/vault/config:/vault/config
      - /mnt/gfs/vault/file:/vault/file
      - /mnt/gfs/vault/logs:/vault/logs
    environment:
      VAULT_ADDR: "https://0.0.0.0:8200"
      VAULT_API_ADDR: "https://${VAULT_HOST:-vault.stingray.mnke.org}:8200"
      VAULT_CLUSTER_ADDR: "https://${VAULT_HOST:-vault.stingray.mnke.org}:8201"
    networks:
      - traefik
    entrypoint:
      - vault
      - server
      - -config=/vault/config/config.hcl
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.vault.rule=Host(`${VAULT_HOST:-vault.stingray.mnke.org}`)"
        - "traefik.http.routers.vault.entrypoints=websecure"
        - "traefik.http.routers.vault.tls.certresolver=letsencrypt"
        - "traefik.http.services.vault.loadbalancer.server.port=8200"
        - "traefik.swarm.network=traefik"