services:
  vault:
    image: hashicorp/vault:latest
    command: server -config=/vault/config/vault.hcl
    volumes:
      - data:/vault/data
    configs:
      - source: vault_hcl
        target: /vault/config/vault.hcl
    ports:
      - "8200:8200"
    environment:
      VAULT_LOCAL_CONFIG: |
        {
          "backend": {
            "file": {
              "path": "/vault/file"
            }
          },
          "listener": {
            "tcp": {
              "address": "0.0.0.0:8200",
              "tls_disable": 1
            }
          },
          "disable_mlock": true
        }
      VAULT_API_ADDR: "http://192.168.77.101:8200"
    cap_add:
      - IPC_LOCK
    networks:
      - vault-net
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == manager

configs:
  vault_hcl:
    external: true
volumes:
  data:
networks:
  vault-net:
    driver: overlay