service/vault: moar docs

service/vault.md

@@ -96,15 +96,18 @@ auto-upgraded daily from the upstream container registry via the
 
 ## Services
 
-<!-- open ports, daemons, cron jobs -->
+The service is set up using a single all-in-one container, pulled from
+`quay.io/vaultwarden/server:latest` which listens for HTTP/1.1 connections on
+port 8080. The container is started/stopped using the
+`container-vaultwarden.service` systemd unit.
 
-## Storage
-
-<!-- databases? plain text file? the frigging blockchain? memory? -->
+An nginx instance is installed in front of port 8080 to proxy connections from
+the standard web ports 80 and 443 and handle HTTPS termination.
 
-## Queues
+## Storage
 
-<!-- email queues, job queues, schedulers -->
+All the Vaultwarden data, including SQlite3 database is stored below
+`/srv/vaultwarden-data`.
 
 ## Interfaces
 
@@ -112,7 +115,10 @@ auto-upgraded daily from the upstream container registry via the
 
 ## Authentication
 
-<!-- SSH? LDAP? standalone? -->
+Vaultwarden has its own user database.
+
+The instance is administered using a secret `ADMIN_TOKEN` which allows service
+admins to login at https://vault.torproject.org/admin
 
 ## Implementation
 
@@ -165,8 +171,8 @@ label ~Foo.
 
 ## Logs
 
-<!-- where are the logs? how long are they kept? any PII? -->
-<!-- what about performance metrics? same questions -->
+The logs for Vaultwarden can be read using
+`journalctl -u container-vaultwarden.service`.
 
 ## Backups