shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

⬆️ vaultwarden app-template v2

Browse Source
This commit is contained in:
auricom
2023-11-04 16:16:39 +01:00
parent 47963c8304
commit 43131159a2
4 changed files with 61 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
kubernetes/apps/default/vaultwarden/app/helmrelease.yaml
View File

@@ -10,7 +10,7 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 1.5.1 version: 2.0.3
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjw-s name: bjw-s
@@ -27,35 +27,55 @@ spec:
uninstall: uninstall:
keepHistory: false keepHistory: false
values: values:
initContainers: controllers:
01-init-db: main:
image: ghcr.io/auricom/postgres-init:15.4 type: statefulset
imagePullPolicy: IfNotPresent annotations:
envFrom: &envFrom reloader.stakater.com/auto: "true"
- secretRef: initContainers:
name: &secret vaultwarden-secret init-db:
controller: image:
annotations: repository: ghcr.io/auricom/postgres-init
reloader.stakater.com/auto: "true" tag: 15.4@sha256:83e1abf06be5741bdfb8cb53fc03a1ade6e6b5ec7b92a8aac0c69ba5dc7e51f0
image: pullPolicy: IfNotPresent
repository: vaultwarden/server envFrom: &envFrom
tag: 1.29.2 - secretRef:
env: name: vaultwarden-secret
DATA_FOLDER: "data" containers:
ICON_CACHE_FOLDER: "data/icon_cache" main:
ATTACHMENTS_FOLDER: "data/attachments" image:
DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}" repository: vaultwarden/server
TZ: "${TIMEZONE}" tag: 1.29.2
SIGNUPS_ALLOWED: "false" env:
WEBSOCKET_ENABLED: "true" DATA_FOLDER: "data"
WEBSOCKET_ADDRESS: 0.0.0.0 ICON_CACHE_FOLDER: "data/icon_cache"
WEBSOCKET_PORT: 3012 ATTACHMENTS_FOLDER: "data/attachments"
SMTP_HOST: smtp-relay.default.svc.cluster.local. DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}"
SMTP_FROM: vaultwarden@${SECRET_DOMAIN} TZ: "${TIMEZONE}"
SMTP_FROM_NAME: vaultwarden SIGNUPS_ALLOWED: "false"
SMTP_PORT: 2525 WEBSOCKET_ENABLED: "true"
SMTP_SECURITY: "off" WEBSOCKET_ADDRESS: 0.0.0.0
envFrom: *envFrom WEBSOCKET_PORT: 3012
SMTP_HOST: smtp-relay.default.svc.cluster.local.
SMTP_FROM: vaultwarden@${SECRET_DOMAIN}
SMTP_FROM_NAME: vaultwarden
SMTP_PORT: 2525
SMTP_SECURITY: "off"
envFrom: *envFrom
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: 2Gi
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 10Gi
storageClass: rook-ceph-block
globalMounts:
- path: /data
service: service:
main: main:
ports: ports:
@@ -64,39 +84,28 @@ spec:
websocket: websocket:
enabled: true enabled: true
port: &websocket-port 3012 port: &websocket-port 3012
persistence:
data:
enabled: true
existingClaim: vaultwarden-data
mountPath: /data
ingress: ingress:
main: main:
enabled: true enabled: true
ingressClassName: "nginx" className: "nginx"
annotations: anotations:
external-dns.home.arpa/enabled: "true" external-dns.home.arpa/enabled: "true"
hajimari.io/icon: mdi:lock hajimari.io/icon: mdi:lock
hosts: hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths: paths:
- path: / - path: /
pathType: Prefix
service: service:
name: main
port: *port port: *port
- path: /notifications/hub/negotiate - path: /notifications/hub/negotiate
pathType: Prefix
service: service:
name: main
port: *port port: *port
- path: /notifications/hub - path: /notifications/hub
pathType: Prefix
service: service:
name: main
port: *websocket-port port: *websocket-port
tls: tls:
- hosts: - hosts:
- *host - *host
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: 2Gi

1
kubernetes/apps/default/vaultwarden/app/kustomization.yaml
View File

@@ -8,4 +8,3 @@ resources:
- ./gatus.yaml - ./gatus.yaml
- ./helmrelease.yaml - ./helmrelease.yaml
- ./volsync.yaml - ./volsync.yaml
- ./volume.yaml

12
kubernetes/apps/default/vaultwarden/app/volsync.yaml
View File

@@ -3,19 +3,19 @@
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: lychee-restic name: vaultwarden-restic
namespace: default namespace: default
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: onepassword-connect name: onepassword-connect
target: target:
name: lychee-restic-secret name: vaultwarden-restic-secret
creationPolicy: Owner creationPolicy: Owner
template: template:
engineVersion: v2 engineVersion: v2
data: data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/lychee' RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/vaultwarden'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}' RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}' AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}' AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
@@ -27,16 +27,16 @@ spec:
apiVersion: volsync.backube/v1alpha1 apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource kind: ReplicationSource
metadata: metadata:
name: lychee name: vaultwarden
namespace: default namespace: default
spec: spec:
sourcePVC: lychee-files sourcePVC: config-vaultwarden-0
trigger: trigger:
schedule: "0 7 * * *" schedule: "0 7 * * *"
restic: restic:
copyMethod: Snapshot copyMethod: Snapshot
pruneIntervalDays: 7 pruneIntervalDays: 7
repository: lychee-restic-secret repository: vaultwarden-restic-secret
cacheCapacity: 20Gi cacheCapacity: 20Gi
volumeSnapshotClassName: csi-ceph-blockpool volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block storageClassName: rook-ceph-block

17
kubernetes/apps/default/vaultwarden/app/volume.yaml
View File

@@ -1,17 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-data
namespace: default
labels:
app.kubernetes.io/name: &name vaultwarden
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi