services:
#######################################################################
  mine-vaultwarden:
    container_name: mine-vaultwarden
    image: vaultwarden/server
    restart: always

    ports:
      - 21251:80
    volumes:
      - /home/user/containerdata/vaultwarden/data:/data
#      - /mnt/m1/1vaultwarden/images:/web-vault/images
#      - ${PERSISTANT_STORAGE_PATH}/vaultwarden/web-vault:/web-vault
    environment:
      - TZ=America/New_York
    #  - ADMIN_TOKEN=pPB2QVicf0/PO+tyyCHMyPGxz97YM82RVA7ViMjmCs+y5J22G8x2zQcWMWD/CTke
      - DOMAIN=https://vaultwarden.newcovbap.church
      - SSO_ENABLED=true
      - SSO_AUTHORITY=https://sso-070.newcovbap.church/application/o/vaultwarden/
      - SSO_CLIENT_ID=ISaOpe4xUPVqO9LpxwUMfbve2007KPbLZSVh8oDm
      - SSO_CLIENT_SECRET=w6WQZpj4veYROM4njZpxCtS0OMJrOnhxXDNqhUQidJKqzu6GtoWT8Ew8ALIEoPnHGFwnAyPfZl9Ov2bCh8iYPeVrc2KFJ9Wb0Tixoax3AW4iZ3jXjlzBaukvysiec1RM
      - SSO_SCOPES="openid email profile offline_access"
      - SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION=false
      - SSO_CLIENT_CACHE_EXPIRATION=0
      - SSO_ONLY=false # Set to true to disable email+master password login and require SSO
      - SSO_SIGNUPS_MATCH_EMAIL=true # Match first SSO login to existing account by email
    networks:
      - vaultwarden-nw 
      
networks:
  vaultwarden-nw: