Merge pull request 'vaultwarden' (#79) from vaultwarden into main

## Détails

- Ajout d'une redirection automatique du trafic HTTP
- Ajout de documentation pour la traduction des mails
- Ajout des variables pour la configuration du service ainsi que du SSO

## Pourquoi

- Pour faciliter son intégration sur un serveur qui fait office de _entrypoint_
- Pour avoir des mails envoyé en Français
- Pour faciliter le déploiement de Vaultwarden

Reviewed-on: #79

vaultwarden/README.md

@@ -10,6 +10,20 @@ Toutes les variables de configuration du service sont disponibles à [cette adre
 
 [Les clients de Bitwarden](https://bitwarden.com/#download) sont compatibles avec le serveur.
 
+## Ajout des mails en Français
+
+Il est possible de [traduire les mails](https://github.com/dani-garcia/vaultwarden/wiki/Translating-the-email-templates).
+
+```
+. .env
+cd /var/lib/docker/volumes/${VAULTWARDEN_VOLUME_NAME}/_data/
+mkdir templates && cd templates
+wget https://github.com/YoanSimco/vaultwarden-lang-fr/archive/refs/heads/main.zip
+unzip main.zip
+mv vaultwarden-lang-fr/email .
+rm vaultwarden-lang-fr-main/ main.zip -rf
+```
+
 ## Liens
 
 - [Documentation][documentation]

vaultwarden/docker-compose.sso.yml

@@ -0,0 +1,25 @@
+---
+
+services:
+  vaultwarden:
+    environment:
+      SSO_ENABLED: ${SSO_ENABLED:-true}
+      SSO_ONLY: ${SSO_ONLY:-true}
+      SSO_SIGNUPS_MATCH_EMAIL: ${SSO_SIGNUPS_MATCH_EMAIL:-true}
+      SSO_AUTHORITY: ${SSO_AUTHORITY}
+      SSO_SCOPES: ${SSO_SCOPES:-email groups profile offline_access}
+      SSO_AUTHORIZE_EXTRA_PARAMS: ${SSO_AUTHORIZE_EXTRA_PARAMS:-}
+      SSO_PKCE: ${SSO_PKCE:-false}
+      SSO_CLIENT_ID: ${SSO_CLIENT_ID}
+      SSO_CLIENT_SECRET: ${SSO_CLIENT_SECRET}
+      SSO_MASTER_PASSWORD_POLICY: ${SSO_MASTER_PASSWORD_POLICY:-}
+      SSO_AUTH_ONLY_NOT_SESSION: ${SSO_AUTH_ONLY_NOT_SESSION:-false}
+      SSO_CLIENT_CACHE_EXPIRATION: ${SSO_CLIENT_CACHE_EXPIRATION:-0}
+      SSO_DEBUG_TOKENS: ${SSO_DEBUG_TOKENS:-false}
+
+      SSO_FRONTEND: ${SSO_FRONTEND:-override}
+      SSO_EXPERIMENTAL_NO_MASTER_PWD: ${SSO_EXPERIMENTAL_NO_MASTER_PWD:-false}
+      SSO_ROLES_ENABLED: ${SSO_ROLES_ENABLED:-false}
+      SSO_ROLES_DEFAULT_TO_USER: ${SSO_ROLES_DEFAULT_TO_USER:-false}
+
+      SSO_ORGANIZATIONS_INVITE: ${SSO_ORGANIZATIONS_INVITE:-false}

vaultwarden/docker-compose.traefik.https.yml

@@ -0,0 +1,12 @@
+---
+
+services:
+  vaultwarden:
+    labels:
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.tls.certResolver=letsencrypt
+      # redirect HTTP to HTTPS
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.rule=Host(`${VAULTWARDEN_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.entrypoints=web
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https.redirectscheme.scheme=https
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https.redirectscheme.permanent=true
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.middlewares=${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https

vaultwarden/docker-compose.yml

@@ -12,9 +12,14 @@ services:
     environment:
       ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN:?err}
       DOMAIN: https://${VAULTWARDEN_DOMAIN:?err}
+      SENDS_ALLOWED: ${SENDS_ALLOWED:-true}
+      TRASH_AUTO_DELETE_DAYS: ${TRASH_AUTO_DELETE_DAYS:-}
+      DISABLE_ICON_DOWNLOAD: ${DISABLE_ICON_DOWNLOAD:-false}
+      SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-true}
+      SIGNUPS_VERIFY: ${SIGNUPS_VERIFY:-false}
+      SIGNUPS_DOMAINS_WHITELIST: ${SIGNUPS_DOMAINS_WHITELIST:-}
       INVITATION_ORG_NAME: ${VAULTWARDEN_INVITATION_ORG_NAME:-Vaultwarden}
       LOG_LEVEL: ${VAULTWARDEN_LOG_LEVEL:-Info}
-      SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-true}
     volumes:
       - vaultwarden:/data
       - /etc/timezone:/etc/timezone:ro