networks:
  cicd:
    external: true

volumes:
  vault1_data:
  vault2_data:
  vault3_data:

services:
  vault:
    image: hashicorp/vault:latest
    cap_add: [ "IPC_LOCK" ]
    ulimits: { memlock: { soft: -1, hard: -1 } }
    environment: { VAULT_ADDR: "http://127.0.0.1:8200" }
    command: vault server -config=/vault/config/vault.hcl
    volumes:
      - vault1_data:/vault/file
      - ./config/vault1.hcl:/vault/config/vault.hcl:ro
    networks: [ cicd ]
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=cicd"
      - "traefik.http.routers.vault.rule=Host(`vault.sendico.io`)"
      - "traefik.http.routers.vault.entrypoints=websecure"
      - "traefik.http.routers.vault.tls.certresolver=letsencrypt"
      - "traefik.http.routers.vault.middlewares=secure-headers@file"
      - "traefik.http.services.vault.loadbalancer.server.port=8200"
      - "traefik.http.services.vault.loadbalancer.server.scheme=http"

  vault2:
    image: hashicorp/vault:latest
    cap_add: [ "IPC_LOCK" ]
    ulimits: { memlock: { soft: -1, hard: -1 } }
    environment: { VAULT_ADDR: "http://127.0.0.1:8200" }
    command: vault server -config=/vault/config/vault.hcl
    volumes:
      - vault2_data:/vault/file
      - ./config/vault2.hcl:/vault/config/vault.hcl:ro
    networks: [ cicd ]

  vault3:
    image: hashicorp/vault:latest
    cap_add: [ "IPC_LOCK" ]
    ulimits: { memlock: { soft: -1, hard: -1 } }
    environment: { VAULT_ADDR: "http://127.0.0.1:8200" }
    command: vault server -config=/vault/config/vault.hcl
    volumes:
      - vault3_data:/vault/file
      - ./config/vault3.hcl:/vault/config/vault.hcl:ro
    networks: [ cicd ]