services:
  # -------------------------
  # Secrets/Secure Storage
  # 
  # Mostly used for passwords
  # -------------------------
  pass-vault:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: accounts-dashboard_pass-vault
    hostname: ${USER_PASSWORD_DEFAULT_VAULT_NAME}
    restart: unless-stopped
    environment:
      #VAULT_DEV_ROOT_TOKEN_ID: ${USER_PASSWORD_DEFAULT_VAULT_TOKEN}
      #VAULT_DEV_LISTEN_ADDRESS: '0.0.0.0:8200'
      VAULT_ADDR: 'http://0.0.0.0:8200'
      # Because we use a volume for the config we don't specify the config here
      #VAULT_LOCAL_CONFIG: '{"storage": {"file": {"path": "/vault/file"}}}'
      ROLE_ID_SECRET_NAME: USER_PASSWORD_DEFAULT_VAULT_ROLE_ID
      SECRET_ID_SECRET_NAME: USER_PASSWORD_DEFAULT_VAULT_SECRET_ID
    cap_add:
      - IPC_LOCK
    healthcheck:
      test: ["CMD", "vault", "status"]
      interval: 10s
      timeout: 5s
      retries: 5
    ports:
      - 8200:8200
    volumes:
      - ${CONFIG_DIR}:/vault/config
      - ${LOGS_DIR}:/vault/logs
      - ${DATA_DIR}:/vault/data
      - ${CREDS_DIR}:/vault/creds
      - role-vars:/role_vars
    networks:
      #- accounts_default
      - vaults

volumes:
  role-vars:

networks:
  #accounts_default:
  #  external: true
  vaults:
    driver: bridge