diff --git a/cluster/apps/data/bitwardenrs/helm-release.yaml b/cluster/apps/data/bitwardenrs/helm-release.yaml deleted file mode 100644 index fb8298bf8..000000000 --- a/cluster/apps/data/bitwardenrs/helm-release.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: bitwardenrs - namespace: data -spec: - interval: 5m - chart: - spec: - # renovate: registryUrl=https://k8s-at-home.com/charts/ - chart: bitwardenrs - version: 2.1.10 - sourceRef: - kind: HelmRepository - name: k8s-at-home-charts - namespace: flux-system - interval: 5m - values: - image: - repository: vaultwarden/server - tag: 1.21.0 - pullPolicy: IfNotPresent - env: - SIGNUPS_ALLOWED: "false" - DOMAIN: "https://bitwarden.${SECRET_CLUSTER_DOMAIN}/" - DATABASE_URL: ${SECRET_BITWARDENRS_DB_URL} - bitwardenrs: - domain: "" - signupsAllowed: false - websockets: - enabled: false - admin: - enabled: true - disableAdminToken: false - existingSecret: - enabled: false - name: "" - tokenKey: "" - service: - port: 80 - annotations: - prometheus.io/probe: "true" - prometheus.io/protocol: http - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: "nginx" - hosts: - - host: bitwarden.${SECRET_CLUSTER_DOMAIN} - paths: - - / - tls: - - hosts: - - "bitwarden.${SECRET_CLUSTER_DOMAIN}" - persistence: - enabled: true - existingClaim: bitwardenrs-config diff --git a/cluster/apps/data/kustomization.yaml b/cluster/apps/data/kustomization.yaml index 6c1ca8ff0..8b3bd564a 100644 --- a/cluster/apps/data/kustomization.yaml +++ b/cluster/apps/data/kustomization.yaml @@ -1,7 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - bitwardenrs - bookstack - forecastle - freshrss @@ -14,6 +13,7 @@ resources: - resilio-sync - searx - sharry + - vaultwarden - vikunja - volumes - wallabag diff --git a/cluster/apps/data/pgbackups/deployment.yaml b/cluster/apps/data/pgbackups/deployment.yaml index 0c36449fe..0f5a59f34 100644 --- a/cluster/apps/data/pgbackups/deployment.yaml +++ b/cluster/apps/data/pgbackups/deployment.yaml @@ -29,7 +29,7 @@ spec: - name: POSTGRES_HOST value: postgresql-kube.data.svc.cluster.local. - name: POSTGRES_DB - value: authelia,bitwarden,drone,freshrss,gitea,hass,healthchecks,joplin,lychee,postgres,recipes,sharry,vikunja,wallabag + value: authelia,drone,freshrss,gitea,hass,healthchecks,joplin,lychee,postgres,recipes,sharry,vaultwarden,vikunja,wallabag - name: POSTGRES_USER value: postgres - name: POSTGRES_PASSWORD diff --git a/cluster/apps/data/vaultwarden/helm-release.yaml b/cluster/apps/data/vaultwarden/helm-release.yaml new file mode 100644 index 000000000..354d282c0 --- /dev/null +++ b/cluster/apps/data/vaultwarden/helm-release.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: vaultwarden + namespace: data +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://k8s-at-home.com/charts/ + chart: vaultwarden + version: 1.0.0 + sourceRef: + kind: HelmRepository + name: k8s-at-home-charts + namespace: flux-system + interval: 5m + values: + image: + repository: vaultwarden/server + tag: 1.21.0 + pullPolicy: IfNotPresent + env: + DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}/" + ADMIN_TOKEN: ${SECRET_VAULTWARDEN_ADMIN_TOKEN} + DATABASE_URL: ${SECRET_VAULTWARDEN_DB_URL} + TZ: "Europe/Paris" + DATA_FOLDER: "data" + SIGNUPS_ALLOWED: "false" + WEBSOCKET_ENABLED: "true" + SMTP_HOST: smtp.fastmail.com + SMTP_FROM: vaultwarden@${SECRET_CLUSTER_DOMAIN_ROOT} + SMTP_FROM_NAME: vaultwarden + SMTP_PORT: 587 + SMTP_SSL: "true" + SMTP_USERNAME: ${SECRET_SMTP_USERNAME} + SMTP_PASSWORD: ${SECRET_VAULTWARDEN_SMTP_PASSWORD} + service: + annotations: + prometheus.io/probe: "true" + prometheus.io/protocol: tcp + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + hosts: + - host: vaultwarden.${SECRET_CLUSTER_DOMAIN} + paths: + - path: / + pathType: Prefix + - path: /notifications/hub/negotiate + pathType: Prefix + - path: /notifications/hub + pathType: Prefix + servicePort: 3012 + - host: bitwarden.${SECRET_CLUSTER_DOMAIN} + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - "vaultwarden.${SECRET_CLUSTER_DOMAIN}" + - "bitwarden.${SECRET_CLUSTER_DOMAIN}" + persistence: + config: + enabled: true + existingClaim: vaultwarden-data diff --git a/cluster/apps/data/bitwardenrs/kustomization.yaml b/cluster/apps/data/vaultwarden/kustomization.yaml similarity index 100% rename from cluster/apps/data/bitwardenrs/kustomization.yaml rename to cluster/apps/data/vaultwarden/kustomization.yaml diff --git a/cluster/apps/data/bitwardenrs/volume.yaml b/cluster/apps/data/vaultwarden/volume.yaml similarity index 89% rename from cluster/apps/data/bitwardenrs/volume.yaml rename to cluster/apps/data/vaultwarden/volume.yaml index faaeca6cd..b85f699af 100644 --- a/cluster/apps/data/bitwardenrs/volume.yaml +++ b/cluster/apps/data/vaultwarden/volume.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: bitwardenrs-config + name: vaultwarden-data namespace: data labels: kasten-io-snapshots: "enable" diff --git a/cluster/base-custom/secrets/cluster-secrets.yaml b/cluster/base-custom/secrets/cluster-secrets.yaml index 0d2b63698..0847eb02d 100644 --- a/cluster/base-custom/secrets/cluster-secrets.yaml +++ b/cluster/base-custom/secrets/cluster-secrets.yaml @@ -15,7 +15,6 @@ stringData: SECRET_AUTHELIA_USER_HELENE_PASSWORD: ENC[AES256_GCM,data:r7RCsvW3dASffA6RvdTLiMxyMdxNFSnu2GvL++2Z99plgB2vPVY8nHdsn5vIE9gl6o9qqStDG/J6ILJFgGiBqDnUyKTce0IfogLXSlZxRaGaQasOuqSbqLhYhkGtLeijAsZj,iv:X5K67H0KK4Nr1jGAKrmAyXjeL6FrLEEu828tpDJftF8=,tag:+j8UDnMunI5Z//p3x70Uxg==,type:str] SECRET_AUTHELIA_USER_VISITOR_EMAIL: ENC[AES256_GCM,data:+FlEMqJoC3iPGhv07QB38ZnaRO9z+w==,iv:D5mjemq8R/uJ/Q3GGuOj/bImgNsSh/3BctUo6xGaQGE=,tag:cmnk+vqj68pGl0wbgc2vpQ==,type:str] SECRET_AUTHELIA_USER_VISITOR_PASSWORD: ENC[AES256_GCM,data:M3PasS1/apIReK7mvK/Sfigd0EaRWi2UcY1Te4KdxTW9TQZ5xDVcKrz8SeuL4E+ZRW6T78PZZkxjrISMhyDM2iq3tWLoy0zLYymwSY137TmQTji3XD7N2bZRgCpjIPW30qAs,iv:2kZHCAlnV4209ZiykEUg/3baA9t8X4SWFWlgfFniMkw=,tag:8+M2c/TcPZ2XLEgqthBc2Q==,type:str] - SECRET_BITWARDENRS_DB_URL: ENC[AES256_GCM,data:Gybe6AejZu9A6xDkoRPOh4VaHVlev4jeIO67lRH1fhTN88VIlSKH5yAMgxWI4OJXxyGcCfYWfTOWXymmBDviQ1xb91p7i+xT/M9A7qiXfgNp97z9rgFsqcBX1JWLL/vk,iv:Tw96n5cGCzyS+uDoozc6LkfX6cImYE295Nwvj5wI3kk=,tag:oU22U952mxERlI2slaonEw==,type:str] SECRET_BOOKSTACK_DB_PASSWORD: ENC[AES256_GCM,data:TteVVQsZT7egxPWuGjAyyA==,iv:7+HLAn51sVBgRIiy2faxMKq1uUfFuq95M0t6q5JQb8Y=,tag:fcA0Ktq7A7tWHLffJllJTg==,type:str] SECRET_BOTKUBE_DISCORD_BOTID: ENC[AES256_GCM,data:wrB1X4YA5slmOLZfEdPrJs2D,iv:WZpalYHjQpmhztIBkuQiObU/1QgEzfSVmRlM1+tJYOo=,tag:W5vFrLupQOlKhFzkFNmI0w==,type:str] SECRET_BOTKUBE_DISCORD_TOKEN: ENC[AES256_GCM,data:oQysE+qgLQwgfpe5zR+8eF+73DRaaNwkAPEcUj8gtPjQ1B/8h3pEbStSbXMdPVBz5y+I9epvlFkBYXg=,iv:8OW4by4qv1EHRKEKF/8kVj7UKKpqwN0Be+aMIllN4/M=,tag:ncYhQG3slWxaS0G1zLoSuw==,type:str] @@ -65,7 +64,11 @@ stringData: SECRET_SHARRY_DB_PASSWORD: ENC[AES256_GCM,data:0Go2Il1BESQeIqO4bkQ=,iv:oTjVEdJ2V/s+52hpwCQ4frb4Lhj1O3piQYJW31FtHuc=,tag:XjVfj105rDldWsjbNe6hKg==,type:str] SECRET_SHARRY_JDBC_URL: ENC[AES256_GCM,data:Ae/6McZQi+C2tobgkCMzCX0KRWPMH/g8bN5AHBRx0UppS7P0i0OsnvrsnJKqkkIRwlPPZVkPaK9Hb11cXa0zM5742n0f,iv:mqDu5fzP2Zi4YqlQwbvomdPUryPk/xiaN70YJIh/iKU=,tag:8GY7qpdObFqYbOE5VXnMRQ==,type:str] SECRET_SEARX_MORTY_KEY: ENC[AES256_GCM,data:/zX3pPAImKRtf5ydmSY/xDUXX52wIQCK/zGm2tpiguKrC3E9OVkkAvM4lSQ=,iv:1qWPlEXePDKlEEl+wQ+/qJspNEkAJNYjx7ouKEbWfkY=,tag:4Eyf4qQGiSliixJnZs2pSQ==,type:str] + SECRET_SMTP_USERNAME: ENC[AES256_GCM,data:aPlMuB1BnC7ocmEMbo3yfdoLCn8Fr6I=,iv:Y7GEGPTHo+aA344w89ETfVSPpEOFq+Uo8E/pYr/co98=,tag:qc6Ci9t8aqEwXaTuRctDuA==,type:str] SECRET_QBITTORRENT_PASSWORD: ENC[AES256_GCM,data:5uMYdy9Ag+xdfb3jspuqoHDysGs=,iv:S9AQda1Hh6iSTMVe5yGgZk45ojco4G9tOOmPKruJMjY=,tag:H6PYjAi0/xKvsiGsn4+jeg==,type:str] + SECRET_VAULTWARDEN_ADMIN_TOKEN: ENC[AES256_GCM,data:GvPMySHSNvSjCdfUj78ABXMGv+8ylrjrF7ykiCEtqw5ZZ2MBqG1Hp9SMGzKeeMdxUYzhu/AODdQs0N9WtrULLg==,iv:zJMDSvNYW9X0VNUVv5+BO213urLCTmDUVsk7Tga8Cqs=,tag:2w1qBgnBd6g5vQJO9nlfBg==,type:str] + SECRET_VAULTWARDEN_DB_URL: ENC[AES256_GCM,data:QUSS785ehudFsYQV3/jxF/huL5LM38q379LLPMBnsCfy05+cHJM3uCGOhzaOEwr/KOi6KbeLyHpVTQb4o95r1vp2VNPawjcOwFzg18sQ4GWCvhRjJn11k7c81bJbPVqHGQKqCQ==,iv:4WiPzZS7dfXNAxDJCwMs1mPyutCQHdA0/z5rSphRz0A=,tag:MBiYFxYnVS+4JxfrfhWx9Q==,type:str] + SECRET_VAULTWARDEN_SMTP_PASSWORD: ENC[AES256_GCM,data:H5AO0H7wDjfiK3NvJmr8rg==,iv:XZ+mrgRyAvmBrbGqhfBoC/zMQvtHJtYaYj8KeLGAJSY=,tag:8HOrqdURpNXvNOEC2TUq6g==,type:str] SECRET_VIKUNJA_JWT_SECRET: ENC[AES256_GCM,data:YmiqNSfdiKmyaptMp6wJSeMT/sVcN1hXlo6x2Aoave8=,iv:NDMumWI9Q274tZoYjGDbseuzoxtOSeFnAZv4RhOAL+s=,tag:6DTbimVgeWCDFAVY0ymv0g==,type:str] SECRET_VIKUNJA_PASSWORD: ENC[AES256_GCM,data:1Kd7hdWtVaZ1YfZ4ZgzfLA==,iv:/IxS+m8cphL2cnlM4vvqQ2fiFaVwVYyT1BRoQrwvku8=,tag:0fHVyPEdqLyn8LHz30nWeA==,type:str] SECRET_WALLABAG_DB_PASSWORD: ENC[AES256_GCM,data:pHc78D2QMNghL6aUPqA=,iv:UP4vt4uhUHndBu2OD5VBwUH05DtKQwetDSep4tb7Lp8=,tag:xIMQ+8v5IlIUDqUUwzt5Dg==,type:str] @@ -75,8 +78,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2021-05-01T22:33:06Z" - mac: ENC[AES256_GCM,data:iNmc3jhLZsWA1hcu/OepCIRVMHDI7Vh2QZSxsrVcQ+XkVHxXdZjebmDxcQaDBDYFis0jaT7s/ISgc/7Z1qJ3/KoV1TX1LxNt4X9/BYX7GnS0Zd95d1FVqACj0bogLq/rwj2gwqdM17LvCRW5eANaBz+mQuuH1NqCWKW9Eq9d70g=,iv:4xEbNHrnjN5ytZgJ37buNVTUciJReFzM0uYP0OlBev8=,tag:d2zxqqBLIIa6xtWB5/69pw==,type:str] + lastmodified: "2021-05-06T22:42:56Z" + mac: ENC[AES256_GCM,data:SSTfjttioy0yYWW37NWuwYEoz6qjzvkTsjFawvQbX13zZDZusDkYnSWO3Oxf8WYwjdiugmPvs3O4PidnyKxDq6ebfotMswuev2yo94mrqqI/744xizt6VC66KeTh6kvzb4OwO3GipckFR9PoLjytKpAbm1NBI7YHXFRACWE/ACQ=,iv:moAA76H6uqJfBTjznxDqODD1wodCz65yQYDST/7iJJ0=,tag:B6M1ASYYh4N0t3rf0zxCTA==,type:str] pgp: - created_at: "2021-04-19T23:03:06Z" enc: |