services:
  vaultwarden:
    image:  ghcr.io/timshel/oidcwarden:latest
    container_name: vaultwarden
    restart: unless-stopped
    environment:
      DOMAIN: "https://pass.nekomimi.pet"
      SSO_ENABLED: true
      SSO_ONLY: true
      SSO_SCOPES: "email profile offline_access"
      SSO_FRONTEND: 'override'
      SSO_MASTER_PASSWORD_POLICY: 'true'
      SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION: 'true'
      SSO_SIGNUPS_MATCH_EMAIL: 'true'
    env_file:
      - .env
    volumes:
      - ./vw-data/:/data/
    ports:
      - 9002:80