[Unit]
Description=Vault Container
After=docker.service
After=dockerdata.mount
Requires=docker.service
Requires=dockerdata.mount

[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop vault
ExecStartPre=-/usr/bin/docker rm vault
ExecStartPre=-/usr/bin/docker pull vault:latest
ExecStart=/usr/bin/docker run \
  -e VAULT_DISABLE_MLOCK=true \
  -e 'VAULT_LOCAL_CONFIG={"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": "true"}' \
  -e "VAULT_API_ADDR=https://vault.t-juice.club" \
  -l "traefik.enable=true" \
  -l "traefik.http.routers.vault.rule=Host(`vault.t-juice.club`)" \
  -l "traefik.http.routers.vault.tls=true" \
  -l "traefik.http.routers.vault.tls.certresolver=le" \
  -l "traefik.http.services.vault.loadbalancer.server.port=8200" \
  -v /dockerdata/vault:/vault/file \
  --network proxy \
  --name vault vault:latest server

[Install]
WantedBy=multi-user.target