feat: add vaultwarden-with-backup template#725
feat: add vaultwarden-with-backup template#725CarlosHugoRodriguezC wants to merge 3 commits intoDokploy:canaryfrom
Conversation
Adds a new Vaultwarden template with automated backups to Cloudflare R2 storage. Services: - vaultwarden/server:1.34.3 - password manager - alpine:3.20 - configurator that generates rclone.conf for R2 - ttionya/vaultwarden-backup:1.26.2 - scheduled backups Includes configurable SMTP, timezone, admin token, and R2 credentials.
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR adds a new Vaultwarden template with automated backup functionality to Cloudflare R2 storage. It extends the existing vaultwarden template (blueprints/vaultwarden) by adding two additional services: a configurator that generates rclone configuration for R2, and a backup service that performs scheduled backups. The template provides comprehensive environment variable configuration for SMTP, backup scheduling, and R2 credentials.
Changes:
- Added new vaultwarden-with-backup blueprint with docker-compose.yml, template.toml, and logo
- Added corresponding meta.json entry for the new template
- Meta.json was processed by dedupe-and-sort script (Strapi entry reordered alphabetically)
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| meta.json | Added new vaultwarden-with-backup entry and reordered Strapi entry for alphabetical sorting |
| blueprints/vaultwarden-with-backup/docker-compose.yml | Defines three services: vaultwarden (main app), configurator (generates R2 config), and backup (scheduled backups) |
| blueprints/vaultwarden-with-backup/template.toml | Configuration for domain mapping, environment variables, and auto-generated secrets |
| blueprints/vaultwarden-with-backup/vaultwarden.svg | Logo file for the template |
- Switch env var syntax from list (- KEY=VALUE) to map (KEY: VALUE) for consistency with existing vaultwarden template - Add environment section to configurator service so R2 vars are available at runtime - Add validation for R2_ACCESS_KEY_ID, R2_SECRET_ACCESS_KEY, R2_ACCOUNT_ID before generating rclone.conf, exit with error if any are missing
| services: | ||
| vaultwarden: |
There was a problem hiding this comment.
docker-compose.yml is missing the required top-level version: "3.8" header. Add it above services: to match the repository’s Docker Compose conventions and keep parsing consistent across tooling.
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
dosubot
bot
added
the
size:L
| host = "${main_domain}" | ||
|
|
||
| [config.env] | ||
| DOMAIN = "https://${main_domain}" |
There was a problem hiding this comment.
DOMAIN is set to https://..., but the repo’s template guidelines specify using HTTP by default for URL env vars unless the app explicitly requires HTTPS. Consider switching this to http://${main_domain} (or documenting why HTTPS is required for Vaultwarden here).
| DOMAIN = "https://${main_domain}" | |
| DOMAIN = "http://${main_domain}" |
| environment: | ||
| R2_ACCESS_KEY_ID: ${R2_ACCESS_KEY_ID} | ||
| R2_SECRET_ACCESS_KEY: ${R2_SECRET_ACCESS_KEY} | ||
| R2_ACCOUNT_ID: ${R2_ACCOUNT_ID} | ||
| entrypoint: ["/bin/sh", "-c"] | ||
| command: | ||
| - | | ||
| echo "Validating R2 configuration..." | ||
| if [ -z "$$R2_ACCESS_KEY_ID" ]; then echo "ERROR: R2_ACCESS_KEY_ID is not set"; exit 1; fi | ||
| if [ -z "$$R2_SECRET_ACCESS_KEY" ]; then echo "ERROR: R2_SECRET_ACCESS_KEY is not set"; exit 1; fi | ||
| if [ -z "$$R2_ACCOUNT_ID" ]; then echo "ERROR: R2_ACCOUNT_ID is not set"; exit 1; fi | ||
| echo "Generating Rclone config for Cloudflare R2..." |
There was a problem hiding this comment.
R2_BUCKET_NAME is used by the backup service (RCLONE_REMOTE_DIR) but it isn’t validated anywhere. If it’s left empty, backups will fail or upload to an unexpected path. Add R2_BUCKET_NAME to the configurator environment and validate it alongside the other R2 variables (or add a separate validation before starting backup).
| RCLONE_CONFIG: /config/rclone.conf | ||
| RCLONE_REMOTE_NAME: r2backup | ||
| RCLONE_REMOTE_DIR: ${R2_BUCKET_NAME}/backups | ||
| RCLONE_GLOBAL_FLAG: --s3-no-check-bucket | ||
| volumes: |
There was a problem hiding this comment.
RCLONE_REMOTE_DIR is built from ${R2_BUCKET_NAME}/backups, but there’s no guard ensuring R2_BUCKET_NAME is non-empty. This can produce an invalid remote path at runtime. After adding validation, consider also failing fast here (e.g., via an entrypoint check) so misconfiguration is caught even if the configurator is skipped/reused.
New Template: vaultwarden-with-backup
Adds a Vaultwarden template with automated backups to Cloudflare R2 storage.
Services
vaultwarden/server:1.34.3) — Password manageralpine:3.20) — Generates rclone.conf for Cloudflare R2 (runs once and exits)ttionya/vaultwarden-backup:1.26.2) — Scheduled backups via cronFeatures
Checklist
latest)docker manifest inspectports,container_name, ornetworksin docker-compose.ymlmeta.jsonentry added and processed withdedupe-and-sort-meta.jsGreptile Summary
Adds a new Vaultwarden template with automated Cloudflare R2 backups using a three-service architecture: the main password manager, a one-time configurator for rclone setup, and a scheduled backup service.
Key changes:
vaultwarden-with-backuptemplate with pinned image versionsIssues found:
version: "3.8"field at the top of docker-compose.ymlConfidence Score: 4/5
version: "3.8"field which is required by the project's style guide but is a simple one-line fix. All other aspects (meta.json sorting, logo inclusion, environment variables, volume configuration) are correctly implemented.Last reviewed commit: 711cd34
(2/5) Greptile learns from your feedback when you react with thumbs up/down!
Context used:
dashboard- AGENTS.md (source)