feat(Vaultwarden): Add new org groups feature

Reviewed-on: #83

clickhouse/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   clickhouse:

directus/docker-compose.redis.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   directus:
     environment:

directus/docker-compose.smtp.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   directus:
     environment:

directus/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}

directus/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   directus:
     name: ${DIRECTUS_VOLUME_NAME:-directus}

drone/runner/docker-compose.dashboard.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/runner/docker/configuration/dashboard/
 
 services:

drone/runner/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   drone-runner:
     ports:

drone/runner/docker-compose.logging.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/runner/docker/configuration/logging/
 
 services:

drone/runner/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME}

drone/runner/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/runner/docker/installation/linux/
 
 services:

drone/server/docker-compose.cookie.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/cookie/
 
 services:

drone/server/docker-compose.gitea.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/provider/gitea/
 
 services:

drone/server/docker-compose.header.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/headers/
 
 services:

drone/server/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   drone-server:
     ports:

drone/server/docker-compose.logging.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/logging/
 
 services:

drone/server/docker-compose.postgres.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/storage/database/
 # https://docs.drone.io/server/storage/encryption/
 

drone/server/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME}

drone/server/docker-compose.user.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/user/registration/
 
 services:

drone/server/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   drone-server:
     name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}

geoip/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   geoip:
     name: ${GEOIP_VOLUME_NAME:-geoip}

geoipupdate/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   geoipupdate:
     name: ${GEOIPUPDATE_VOLUME_NAME:-geoipupdate}

gitea/docker-compose.metrics.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   gitea:
     environment:

gitea/docker-compose.override.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   gitea:
     ports:

gitea/docker-compose.postgres.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   gitea:
     environment:

gitea/docker-compose.smtp.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   gitea:
     environment:

gitea/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}

gitea/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   gitea:
     name: ${GITEA_VOLUME_NAME:-gitea}

grafana/docker-compose.postgres.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   grafana:

grafana/docker-compose.redis.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   grafana:

grafana/docker-compose.smtp.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   grafana:

grafana/docker-compose.traefik.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 networks:
   default:

grafana/docker-compose.yml

@@ -1,5 +1,4 @@
 ---
-version: "3.8"
 
 volumes:
   grafana:

hedgedoc/docker-compose.traefik.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 networks:
   default:

hedgedoc/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   hedgedoc:

listmonk/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 networks:
   default:

lldap/.env

@@ -8,7 +8,7 @@ COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/dock
 #######
 # LLDAP
 
-LLDAP_DOMAIN=lldap.cool.life
+SERVICE_DOMAIN=lldap.cool.life
 LLDAP_VOLUME_NAME=lldap_cool_life
 LLDAP_CONTAINER_NAME=lldap_cool_life
 LLDAP_IMAGE=nitnelave/lldap:v0.4.3

lldap/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   lldap:
     ports:

lldap/docker-compose.postgres.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   lldap:
     environment:

lldap/docker-compose.smtp.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   lldap:
     environment:

lldap/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
@@ -12,13 +10,13 @@ services:
     labels:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${LLDAP_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${SERVICE_DOMAIN:?err}`)
       - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
       # - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
       - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
       - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
 
       # https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
-      # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${LLDAP_DOMAIN:?err}`)
+      # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${SERVICE_DOMAIN:?err}`)
       # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
       # - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890

lldap/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   lldap:
     name: ${LLDAP_VOLUME_NAME:-lldap}
@@ -18,7 +16,7 @@ services:
       - LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
 
       - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
-      - LLDAP_HTTP_URL=https://${LLDAP_DOMAIN:?err}
+      - LLDAP_HTTP_URL=https://${SERVICE_DOMAIN:?err}
 
       - LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
       - LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}

mobilizon/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   mobilizon:
     ports:

mobilizon/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}

mobilizon/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   mobilizon:
     name: ${MOBILIZON_VOLUME_NAME:-mobilizon}

nextcloud/docker-compose.config.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   nextcloud-fpm:
     environment:

nextcloud/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   nextcloud-web:
     ports:

nextcloud/docker-compose.postgres.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   nextcloud-fpm:
     depends_on:

nextcloud/docker-compose.redis.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   nextcloud-fpm:
     depends_on:

nextcloud/docker-compose.smtp.yml

@@ -1,14 +1,12 @@
 ---
 
-version: "3.8"
-
 services:
   nextcloud-fpm:
     environment:
       &smtp-configuration
       SMTP_HOST: ${SMTP_HOST:?err}
-      SMTP_SECURE: ${SMTP_SECURE:-ssl}
-      SMTP_PORT: ${SMTP_PORT:-465}
+      SMTP_SECURE: ${SMTP_SECURE:-}
+      SMTP_PORT: ${SMTP_PORT:-587}
       SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
       SMTP_NAME: ${SMTP_NAME:?err}
       SMTP_PASSWORD: ${SMTP_PASSWORD:?err}

nextcloud/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}

nextcloud/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   nextcloud:
     name: ${NEXTCLOUD_VOLUME_NAME:-nextcloud}

plausible/docker-compose.clickhouse.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   clickhouse:

plausible/docker-compose.geoip.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   plausible:

plausible/docker-compose.google.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   plausible:

plausible/docker-compose.local.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   plausible:

plausible/docker-compose.smtp.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   plausible:

plausible/docker-compose.traefik.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 networks:
   default:

plausible/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   plausible:

postgres/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   postgres:

prometheus/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}

redis/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   redis:

signaturepdf/docker-compose.traefik.https.yml

@@ -0,0 +1,11 @@
+---
+services:
+  signaturepdf:
+    labels:
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.tls.certResolver=letsencrypt
+      # redirect HTTP to HTTPS
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.entrypoints=web
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.scheme=https
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.permanent=true
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.middlewares=${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https

signaturepdf/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
@@ -13,4 +11,4 @@ services:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
       - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.entrypoints=web
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

signaturepdf/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   signaturepdf:
     name: ${SIGNATUREPDF_VOLUME_NAME:-signaturepdf}
@@ -21,3 +19,5 @@ services:
       PDF_STORAGE_PATH: ${PDF_STORAGE_PATH}
       DISABLE_ORGANIZATION: ${DISABLE_ORGANIZATION}
       PDF_DEMO_LINK: ${PDF_DEMO_LINK}
+      DEFAULT_LANGUAGE: ${DEFAULT_LANGUAGE:-fr_FR.UTF-8}
+      PDF_STORAGE_ENCRYPTION: ${PDF_STORAGE_ENCRYPTION:-true}

traefik/docker-compose.network.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 networks:
   default:

traefik/docker-compose.ovh.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   traefik:

traefik/docker-compose.redirect.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   traefik:

traefik/docker-compose.secure.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 networks:
   default:

traefik/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   traefik:

uptimekuma/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   uptimekuma:
     ports:

uptimekuma/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}

uptimekuma/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   uptimekuma:
     name: ${UPTIMEKUMA_VOLUME_NAME:-uptimekuma}

vaultwarden/.env

@@ -9,7 +9,7 @@ COMPOSE_FILE=${SERVICES_DIR}/vaultwarden/docker-compose.yml
 
 #VAULTWARDEN_IMAGE=
 #VAULTWARDEN_VOLUME_NAME=
-VAULTWARDEN_DOMAIN=vaultwarden.local
+SERVICE_DOMAIN=vaultwarden.local
 
 #VAULTWARDEN_LOG_LEVEL=
 #VAULTWARDEN_SIGNUPS_ALLOWED=false

vaultwarden/README.md

@@ -10,6 +10,20 @@ Toutes les variables de configuration du service sont disponibles à [cette adre
 
 [Les clients de Bitwarden](https://bitwarden.com/#download) sont compatibles avec le serveur.
 
+## Ajout des mails en Français
+
+Il est possible de [traduire les mails](https://github.com/dani-garcia/vaultwarden/wiki/Translating-the-email-templates).
+
+```
+. .env
+cd /var/lib/docker/volumes/${VAULTWARDEN_VOLUME_NAME}/_data/
+mkdir templates && cd templates
+wget https://github.com/YoanSimco/vaultwarden-lang-fr/archive/refs/heads/main.zip
+unzip main.zip
+mv vaultwarden-lang-fr/email .
+rm vaultwarden-lang-fr-main/ main.zip -rf
+```
+
 ## Liens
 
 - [Documentation][documentation]

vaultwarden/docker-compose.postgres.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   vaultwarden:
     depends_on:

vaultwarden/docker-compose.smtp.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   vaultwarden:
     environment:

vaultwarden/docker-compose.sso.yml

@@ -0,0 +1,25 @@
+---
+
+services:
+  vaultwarden:
+    environment:
+      SSO_ENABLED: ${SSO_ENABLED:-true}
+      SSO_ONLY: ${SSO_ONLY:-true}
+      SSO_SIGNUPS_MATCH_EMAIL: ${SSO_SIGNUPS_MATCH_EMAIL:-true}
+      SSO_AUTHORITY: ${SSO_AUTHORITY}
+      SSO_SCOPES: ${SSO_SCOPES:-email groups profile offline_access}
+      SSO_AUTHORIZE_EXTRA_PARAMS: ${SSO_AUTHORIZE_EXTRA_PARAMS:-}
+      SSO_PKCE: ${SSO_PKCE:-false}
+      SSO_CLIENT_ID: ${SSO_CLIENT_ID}
+      SSO_CLIENT_SECRET: ${SSO_CLIENT_SECRET}
+      # SSO_MASTER_PASSWORD_POLICY: ${SSO_MASTER_PASSWORD_POLICY:-}
+      SSO_AUTH_ONLY_NOT_SESSION: ${SSO_AUTH_ONLY_NOT_SESSION:-false}
+      SSO_CLIENT_CACHE_EXPIRATION: ${SSO_CLIENT_CACHE_EXPIRATION:-0}
+      SSO_DEBUG_TOKENS: ${SSO_DEBUG_TOKENS:-false}
+
+      SSO_FRONTEND: ${SSO_FRONTEND:-override}
+      # SSO_EXPERIMENTAL_NO_MASTER_PWD: ${SSO_EXPERIMENTAL_NO_MASTER_PWD:-false}
+      SSO_ROLES_ENABLED: ${SSO_ROLES_ENABLED:-false}
+      SSO_ROLES_DEFAULT_TO_USER: ${SSO_ROLES_DEFAULT_TO_USER:-false}
+
+      SSO_ORGANIZATIONS_INVITE: ${SSO_ORGANIZATIONS_INVITE:-false}

vaultwarden/docker-compose.traefik.https.yml

@@ -0,0 +1,12 @@
+---
+
+services:
+  vaultwarden:
+    labels:
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.tls.certResolver=letsencrypt
+      # redirect HTTP to HTTPS
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.rule=Host(`${SERVICE_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.entrypoints=web
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https.redirectscheme.scheme=https
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https.redirectscheme.permanent=true
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.middlewares=${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https

vaultwarden/docker-compose.traefik.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
@@ -12,5 +10,5 @@ services:
     labels:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.rule=Host(`${VAULTWARDEN_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.rule=Host(`${SERVICE_DOMAIN:?err}`)
       - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

vaultwarden/docker-compose.yml

@@ -1,22 +1,26 @@
 ---
 
-version: "3.8"
-
 volumes:
   vaultwarden:
     name: ${VAULTWARDEN_VOLUME_NAME:-vaultwarden}
 
 services:
   vaultwarden:
-    image:  ${VAULTWARDEN_IMAGE:-vaultwarden/server:1.27.0-alpine}
+    image:  ${VAULTWARDEN_IMAGE:-vaultwarden/server:1.34.1-alpine}
     container_name: ${VAULTWARDEN_CONTAINER_NAME:-vaultwarden}
     restart: always
     environment:
       ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN:?err}
-      DOMAIN: https://${VAULTWARDEN_DOMAIN:?err}
+      DOMAIN: https://${SERVICE_DOMAIN:?err}
+      SENDS_ALLOWED: ${SENDS_ALLOWED:-true}
+      TRASH_AUTO_DELETE_DAYS: ${TRASH_AUTO_DELETE_DAYS:-}
+      DISABLE_ICON_DOWNLOAD: ${DISABLE_ICON_DOWNLOAD:-false}
+      SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-true}
+      SIGNUPS_VERIFY: ${SIGNUPS_VERIFY:-false}
+      SIGNUPS_DOMAINS_WHITELIST: ${SIGNUPS_DOMAINS_WHITELIST:-}
       INVITATION_ORG_NAME: ${VAULTWARDEN_INVITATION_ORG_NAME:-Vaultwarden}
       LOG_LEVEL: ${VAULTWARDEN_LOG_LEVEL:-Info}
-      SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-true}
+      ORG_GROUPS_ENABLED: ${VAULTWARDEN_ORG_GROUPS_ENABLED:-false}
     volumes:
       - vaultwarden:/data
       - /etc/timezone:/etc/timezone:ro

vikunja/.env

@@ -9,12 +9,13 @@ COMPOSE_FILE=${SERVICES_DIR}/vikunja/docker-compose.yml:${SERVICES_DIR}/vikunja/
 
 ## APP
 
-#VIKUNJA_IMAGE=
+#VIKUNJA_API_IMAGE=
+#VIKUNJA_FRONTEND_IMAGE=
 VIKUNJA_CONTAINER_NAME=vikunja
 VIKUNJA_VOLUME_NAME=vikunja
 
 VIKUNJA_DOMAIN=vikunja.example.org
-VIKUNJA_SERVICE_PUBLICURL=https://vikunja.example.org/
+VIKUNJA_SERVICE_FRONTENDURL=https://vikunja.example.org/
 
 VIKUNJA_SERVICE_JWTSECRET=change-me
 #VIKUNJA_SERVICE_JWTTTL=259200

vikunja/docker-compose.legal.yml

@@ -0,0 +1,9 @@
+---
+
+version: "3.8"
+
+services:
+  vikunja_api:
+    environment:
+      VIKUNJA_LEGAL_IMPRINTURL: ${VIKUNJA_LEGAL_IMPRINTURL}
+      VIKUNJA_LEGAL_PRIVACYURL: ${VIKUNJA_LEGAL_PRIVACYURL}

vikunja/docker-compose.local.yml

@@ -1,6 +1,11 @@
-version: "3.8"
+---
 
 services:
-  vikunja:
+  vikunja_api:
     ports:
       - 3456:3456
+  vikunja_frontend:
+    ports:
+      - ${LOCAL_PORT:-80}:80
+    environment:
+      VIKUNJA_API_URL: http://localhost:3456/api/v1

vikunja/docker-compose.logs.yml

@@ -0,0 +1,17 @@
+version: "3.8"
+
+# https://vikunja.io/docs/config-options/#log
+
+services:
+  vikunja_api:
+    environment:
+      # VIKUNJA_LOG_PATH
+      VIKUNJA_LOG_ENABLED: ${VIKUNJA_LOG_ENABLED:-true}
+      VIKUNJA_LOG_STANDARD: ${VIKUNJA_LOG_STANDARD:-stdout}
+      VIKUNJA_LOG_LEVEL: ${VIKUNJA_LOG_LEVEL:-INFO} # Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
+      VIKUNJA_LOG_DATABASE: ${VIKUNJA_LOG_DATABASE:-off} # Possible values are stdout, stderr, file or off to disable database
+      VIKUNJA_LOG_DATABASELEVEL: ${VIKUNJA_LOG_DATABASELEVEL:-WARNING} # Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG
+      VIKUNJA_LOG_HTTP: ${VIKUNJA_LOG_HTTP:-stdout} # Possible values are stdout, stderr, file or off to disable http logging.
+      VIKUNJA_LOG_ECHO: ${VIKUNJA_LOG_ECHO:-off} # Possible values are stdout, stderr, file or off to disable standard logging.
+      VIKUNJA_LOG_EVENTS: ${VIKUNJA_LOG_EVENTS:-stdout} # Possible values are stdout, stderr, file or off to disable events logging.
+      VIKUNJA_LOG_EVENTSLEVEL: ${VIKUNJA_LOG_EVENTSLEVEL:-INFO} # Possible values (case-insensitive) are ERROR, INFO, DEBUG.

vikunja/docker-compose.postgres.yml

@@ -3,22 +3,17 @@ version: "3.8"
 # https://vikunja.io/docs/config-options/#database
 
 services:
-  vikunja:
+  vikunja_api:
     depends_on:
       - postgres
     environment:
       VIKUNJA_DATABASE_TYPE: ${VIKUNJA_DATABASE_TYPE:-postgres}
-
-      VIKUNJA_DATABASE_USER: ${POSTGRES_USER:?err}
-      VIKUNJA_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}
-      VIKUNJA_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres}:5432 # Default name is same as ../postgres/docker-compose.yml:8
-      VIKUNJA_DATABASE_DATABASE: ${POSTGRES_DB:?err}
-
       VIKUNJA_DATABASE_MAXOPENCONNECTIONS: ${VIKUNJA_DATABASE_MAXOPENCONNECTIONS:-100}
       VIKUNJA_DATABASE_MAXIDLECONNECTIONS: ${VIKUNJA_DATABASE_MAXIDLECONNECTIONS:-50}
       VIKUNJA_DATABASE_MAXCONNECTIONLIFETIME: ${VIKUNJA_DATABASE_MAXCONNECTIONLIFETIME:-10000}
       VIKUNJA_DATABASE_SSLMODE: ${VIKUNJA_DATABASE_SSLMODE:-disable}
-      VIKUNJA_DATABASE_SSLCERT: ${VIKUNJA_DATABASE_SSLCERT}
-      VIKUNJA_DATABASE_SSLKEY: ${VIKUNJA_DATABASE_SSLKEY}
-      VIKUNJA_DATABASE_SSLROOTCERT: ${VIKUNJA_DATABASE_SSLROOTCERT}
-      VIKUNJA_DATABASE_TLS: ${VIKUNJA_DATABASE_TLS:-false}
+
+      VIKUNJA_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres}:5432 # Default name is same as ../postgres/docker-compose.yml:8
+      VIKUNJA_DATABASE_DATABASE: ${POSTGRES_DB:?err}
+      VIKUNJA_DATABASE_USER: ${POSTGRES_USER:?err}
+      VIKUNJA_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}

vikunja/docker-compose.prometheus.yml

@@ -1,9 +1,9 @@
-version: "3.8"
+---
 
 # https://vikunja.io/docs/config-options/#metrics
 
 services:
-  vikunja:
+  vikunja_api:
     environment:
       VIKUNJA_METRICS_ENABLED: ${VIKUNJA_METRICS_ENABLED-:false}
       VIKUNJA_METRICS_USERNAME: ${VIKUNJA_METRICS_USERNAME}

vikunja/docker-compose.redis.yml

@@ -1,13 +1,16 @@
-version: "3.8"
+---
 
 # https://vikunja.io/docs/config-options/#redis
 
 services:
-  vikunja:
+  vikunja_api:
     depends_on:
       - redis
     environment:
+      VIKUNJA_CACHE_ENABLED: 'true'
+      VIKUNJA_CACHE_TYPE: redis
       VIKUNJA_REDIS_ENABLED: 'true'
+
       VIKUNJA_REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis}:6379 # It's default port because we don't have yet configuration for redis port
-      VIKUNJA_REDIS_PASSWORD: ${VIKUNJA_REDIS_PASSWORD} # We don't have yet configuration for redis with password
+      #VIKUNJA_REDIS_PASSWORD: ${VIKUNJA_REDIS_PASSWORD} # We don't have yet configuration for redis with password
       VIKUNJA_REDIS_DB: 0 # It's default becouse we don't have yet configuration for redis database name

vikunja/docker-compose.smtp.yml

@@ -1,19 +1,18 @@
-version: "3.8"
+---
 
 # https://vikunja.io/docs/config-options/#mailer
 
 services:
-  vikunja:
+  vikunja_api:
     environment:
-      VIKUNJA_MAILER_ENABLED: true
-
-      VIKUNJA_MAILER_HOST: ${VIKUNJA_MAILER_HOST:?err}
-      VIKUNJA_MAILER_PORT: ${VIKUNJA_MAILER_PORT:?err}
-      VIKUNJA_MAILER_AUTHTYPE: ${VIKUNJA_MAILER_AUTHTYPE:-plain}
-      VIKUNJA_MAILER_USERNAME: ${VIKUNJA_MAILER_USERNAME:?err}
-      VIKUNJA_MAILER_PASSWORD: ${VIKUNJA_MAILER_PASSWORD:?err}
+      VIKUNJA_MAILER_ENABLED: ${VIKUNJA_MAILER_ENABLED:-true}
       VIKUNJA_MAILER_SKIPTLSVERIFY: ${VIKUNJA_MAILER_SKIPTLSVERIFY:-false}
-      VIKUNJA_MAILER_FROMEMAIL: ${VIKUNJA_MAILER_FROMEMAIL:?err}
       VIKUNJA_MAILER_QUEUELENGTH: ${VIKUNJA_MAILER_QUEUELENGTH:-100}
       VIKUNJA_MAILER_QUEUETIMEOUT: ${VIKUNJA_MAILER_QUEUETIMEOUT:-30}
       VIKUNJA_MAILER_FORCESSL: ${VIKUNJA_MAILER_FORCESSL:-false}
+
+      VIKUNJA_MAILER_HOST: ${VIKUNJA_MAILER_HOST:?err}
+      VIKUNJA_MAILER_PORT: ${VIKUNJA_MAILER_PORT:-587}
+      VIKUNJA_MAILER_USERNAME: ${VIKUNJA_MAILER_USERNAME:?err}
+      VIKUNJA_MAILER_PASSWORD: ${VIKUNJA_MAILER_PASSWORD:?err}
+      VIKUNJA_MAILER_FROMEMAIL: ${VIKUNJA_MAILER_FROMEMAIL:?err}

vikunja/docker-compose.traefik.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 networks:
   default:
@@ -8,9 +8,15 @@ networks:
 # https://vikunja.io/docs/full-docker-example/#example-with-traefik-2
 
 services:
-  vikunja:
+  vikunja_api:
     labels:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}.rule=Host(`${VIKUNJA_DOMAIN:?err}`)
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}-api.rule=Host(`${VIKUNJA_DOMAIN:?err}`) && PathPrefix(`/api/v1`, `/dav/`, `/.well-known/`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}-api.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
+  vikunja_frontend:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}-frontend.rule=Host(`${VIKUNJA_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}-frontend.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

vikunja/docker-compose.unsplash.yml

@@ -1,10 +0,0 @@
-version: "3.8"
-
-# https://kolaente.dev/vikunja/vikunja/issues/1388
-
-services:
-  vikunja:
-    environment:
-      VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_ENABLED: true
-      VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_ACCESSTOKEN: ${VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_ACCESSTOKEN:?err}
-      VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_APPLICATIONID: ${VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_APPLICATIONID:?err}

vikunja/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 # https://vikunja.io/docs/config-options
 # https://vikunja.io/docs/full-docker-example/
@@ -8,31 +8,19 @@ volumes:
     name: ${VIKUNJA_VOLUME_NAME:-vikunja}
 
 services:
-  vikunja:
-    container_name: ${VIKUNJA_CONTAINER_NAME:-vikunja}
-    image: ${VIKUNJA_IMAGE:-vikunja/vikunja:0.23.0}
+  vikunja_api:
+    container_name: ${VIKUNJA_CONTAINER_NAME:-vikunja}_api
+    image: ${VIKUNJA_API_IMAGE:-vikunja/api:0.21.0}
     restart: always
     environment:
-
-      VIKUNJA_AUTH_LOCAL_ENABLED: ${VIKUNJA_AUTH_LOCAL_ENABLED:-true}
-
-      VIKUNJA_AVATAR_GRAVATAREXPIRATION: ${VIKUNJA_AVATAR_GRAVATAREXPIRATION:-3600}
-
-      VIKUNJA_BACKGROUNDS_ENABLED: ${VIKUNJA_BACKGROUNDS_ENABLED:-true}
-      VIKUNJA_BACKGROUNDS_PROVIDERS_UPLOAD_ENABLED: ${VIKUNJA_BACKGROUNDS_PROVIDERS_UPLOAD_ENABLED:-true}
-
-      VIKUNJA_CORS_ENABLE: ${VIKUNJA_CORS_ENABLE:-false}
-      VIKUNJA_CORS_ORIGINS: ${VIKUNJA_CORS_ORIGINS}
-      VIKUNJA_CORS_MAXAGE: ${VIKUNJA_CORS_MAXAGE:-0}
-
       VIKUNJA_DATABASE_PATH: ${VIKUNJA_DATABASE_PATH:-./vikunja.db}
 
       VIKUNJA_DEFAULTSETTINGS_AVATAR_PROVIDER: ${VIKUNJA_DEFAULTSETTINGS_AVATAR_PROVIDER:-initials}
       VIKUNJA_DEFAULTSETTINGS_AVATAR_FILE_ID: ${VIKUNJA_DEFAULTSETTINGS_AVATAR_FILE_ID:-0}
       VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED: ${VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED:-false}
-      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME:-false}
-      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL:-false}
-      VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED: ${VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED:-true}
+      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME:-true}
+      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL:-true}
+      VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED: ${VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED:-false}
       VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_TIME: ${VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_TIME:-9:00}
       VIKUNJA_DEFAULTSETTINGS_DEFAULT_PROJECT_ID: ${VIKUNJA_DEFAULTSETTINGS_DEFAULT_PROJECT_ID:-0}
       VIKUNJA_DEFAULTSETTINGS_WEEK_START: ${VIKUNJA_DEFAULTSETTINGS_WEEK_START:-1}
@@ -42,60 +30,22 @@ services:
       VIKUNJA_FILES_BASEPATH: ${VIKUNJA_FILES_BASEPATH:-./files}
       VIKUNJA_FILES_MAXSIZE: ${VIKUNJA_FILES_MAXSIZE:-20MB}
 
-      VIKUNJA_KEYVALUE_TYPE: ${VIKUNJA_KEYVALUE_TYPE:-memory} # Can be either “memory” or “redis”. If “redis” is chosen it needs to be configured separately.
-
-      VIKUNJA_LEGAL_IMPRINTURL: ${VIKUNJA_LEGAL_IMPRINTURL}
-      VIKUNJA_LEGAL_PRIVACYURL: ${VIKUNJA_LEGAL_PRIVACYURL}
-
-      # VIKUNJA_LOG_PATH
-      VIKUNJA_LOG_ENABLED: ${VIKUNJA_LOG_ENABLED:-true}
-      VIKUNJA_LOG_STANDARD: ${VIKUNJA_LOG_STANDARD:-stdout}
-      VIKUNJA_LOG_LEVEL: ${VIKUNJA_LOG_LEVEL:-INFO} # Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
-      VIKUNJA_LOG_DATABASE: ${VIKUNJA_LOG_DATABASE:-off} # Possible values are stdout, stderr, file or off to disable database
-      VIKUNJA_LOG_DATABASELEVEL: ${VIKUNJA_LOG_DATABASELEVEL:-WARNING} # Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG
-      VIKUNJA_LOG_HTTP: ${VIKUNJA_LOG_HTTP:-stdout} # Possible values are stdout, stderr, file or off to disable http logging.
-      VIKUNJA_LOG_ECHO: ${VIKUNJA_LOG_ECHO:-off} # Possible values are stdout, stderr, file or off to disable standard logging.
-      VIKUNJA_LOG_EVENTS: ${VIKUNJA_LOG_EVENTS:-off} # Possible values are stdout, stderr, file or off to disable events logging.
-      VIKUNJA_LOG_EVENTSLEVEL: ${VIKUNJA_LOG_EVENTSLEVEL:-INFO} # Possible values (case-insensitive) are ERROR, INFO, DEBUG.
-      VIKUNJA_LOG_MAIL: ${VIKUNJA_LOG_MAIL:-off} # Possible values are stdout, stderr, file or off to disable mail-related logging.
-      VIKUNJA_LOG_MAILLEVEL: ${VIKUNJA_LOG_MAILLEVEL:-info} # Possible values (case-insensitive) are ERROR, WARNING, INFO, DEBUG.
-
-      VIKUNJA_RATELIMIT_ENABLED: ${VIKUNJA_RATELIMIT_ENABLED:-false}
-      VIKUNJA_RATELIMIT_KIND: ${VIKUNJA_RATELIMIT_KIND:-user} # Can be either “user” for a rate limit per user or “ip” for an ip-based rate limit.
-      VIKUNJA_RATELIMIT_PERIOD: ${VIKUNJA_RATELIMIT_PERIOD:-60}
-      VIKUNJA_RATELIMIT_LIMIT: ${VIKUNJA_RATELIMIT_LIMIT:-100}
-      VIKUNJA_RATELIMIT_STORE: ${VIKUNJA_RATELIMIT_STORE:-keyvalue} # Possible values are “keyvalue”, “memory” or “redis”. When choosing “keyvalue” this setting follows the one configured in the “keyvalue” section.
-      VIKUNJA_RATELIMIT_NOAUTHLIMIT: ${VIKUNJA_RATELIMIT_NOAUTHLIMIT:-10}
 
       VIKUNJA_SERVICE_JWTSECRET: ${VIKUNJA_SERVICE_JWTSECRET}
       VIKUNJA_SERVICE_JWTTTL: ${VIKUNJA_SERVICE_JWTTTL:-259200}
       VIKUNJA_SERVICE_JWTTTLLONG: ${VIKUNJA_SERVICE_JWTTTLLONG:-2592000}
-      VIKUNJA_SERVICE_INTERFACE: ${VIKUNJA_SERVICE_INTERFACE:-3456}
-      VIKUNJA_SERVICE_UNIXSOCKET: ${VIKUNJA_SERVICE_UNIXSOCKET}
-      VIKUNJA_SERVICE_UNIXSOCKETMODE: ${VIKUNJA_SERVICE_UNIXSOCKETMODE}
-      VIKUNJA_SERVICE_PUBLICURL: ${VIKUNJA_SERVICE_PUBLICURL:?err}
-      VIKUNJA_SERVICE_ROOTPATH: ${VIKUNJA_SERVICE_ROOTPATH:-/app/vikunja/}
+      VIKUNJA_SERVICE_FRONTENDURL: ${VIKUNJA_SERVICE_FRONTENDURL:?err}
       VIKUNJA_SERVICE_MAXITEMSPERPAGE: ${VIKUNJA_SERVICE_MAXITEMSPERPAGE:-50}
       VIKUNJA_SERVICE_ENABLECALDAV: ${VIKUNJA_SERVICE_ENABLECALDAV:-true}
-      VIKUNJA_SERVICE_MOTD: ${VIKUNJA_SERVICE_MOTD}
       VIKUNJA_SERVICE_ENABLELINKSHARING: ${VIKUNJA_SERVICE_ENABLELINKSHARING:-true}
       VIKUNJA_SERVICE_ENABLEREGISTRATION: ${VIKUNJA_SERVICE_ENABLEREGISTRATION:-true}
       VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: ${VIKUNJA_SERVICE_ENABLETASKATTACHMENTS:-true}
-      VIKUNJA_SERVICE_TIMEZONE: ${VIKUNJA_SERVICE_TIMEZONE:-Europe/Paris}
+      VIKUNJA_SERVICE_TIMEZONE: ${VIKUNJA_SERVICE_TIMEZONE:-GMT}
       VIKUNJA_SERVICE_ENABLETASKCOMMENTS: ${VIKUNJA_SERVICE_ENABLETASKCOMMENTS:-true}
       VIKUNJA_SERVICE_ENABLETOTP: ${VIKUNJA_SERVICE_ENABLETOTP:-true}
-      VIKUNJA_SERVICE_TESTINGTOKEN: ${VIKUNJA_SERVICE_TESTINGTOKEN}
       VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: ${VIKUNJA_SERVICE_ENABLEEMAILREMINDERS:-true}
       VIKUNJA_SERVICE_ENABLEUSERDELETION: ${VIKUNJA_SERVICE_ENABLEUSERDELETION:-true}
-      VIKUNJA_SERVICE_MAXAVATARSIZE: ${VIKUNJA_SERVICE_MAXAVATARSIZE:-512}
-      VIKUNJA_SERVICE_DEMOMODE: ${VIKUNJA_SERVICE_DEMOMODE:-false}
-      VIKUNJA_SERVICE_ALLOWICONCHANGES: ${VIKUNJA_SERVICE_ALLOWICONCHANGES:-true}
-      VIKUNJA_SERVICE_CUSTOMLOGOURL: ${VIKUNJA_SERVICE_CUSTOMLOGOURL}
-
-      VIKUNJA_WEBHOOKS_ENABLED: ${VIKUNJA_WEBHOOKS_ENABLED:-true}
-      VIKUNJA_WEBHOOKS_TIMOUTSECONDS: ${VIKUNJA_WEBHOOKS_TIMOUTSECONDS:-30}
-      VIKUNJA_WEBHOOKS_PROXYURL: ${VIKUNJA_WEBHOOKS_PROXYURL}
-      VIKUNJA_WEBHOOKS_PROXYPASSWORD: ${VIKUNJA_WEBHOOKS_PROXYPASSWORD}
+      VIKUNJA_SERVICE_ROOTPATH: ${VIKUNJA_SERVICE_ROOTPATH:-/app/vikunja/}
 
       PUID: ${VIKUNJA_PUID:-1000}
       PGID: ${VIKUNJA_PGID:-1000}
@@ -103,3 +53,9 @@ services:
       - vikunja:${VIKUNJA_VOLUME_PATH:-/app/vikunja/files}
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
+  vikunja_frontend:
+    container_name: ${VIKUNJA_CONTAINER_NAME:-vikunja}_frontend
+    image: ${VIKUNJA_FRONTEND_IMAGE:-vikunja/frontend:0.21.0}
+    restart: always
+    depends_on:
+      - vikunja_api