Install vaultwarden

2023-10-20 21:42:57 +02:00 · 2023-10-20 21:42:57 +02:00 · 871ceb8e06
commit 871ceb8e06
parent 5201e2a589
7 changed files with 117 additions and 11 deletions
--- a/badhouseplants/helmfile.yaml
+++ b/badhouseplants/helmfile.yaml
@ -97,6 +97,11 @@ releases:
    namespace: istio-system
    createNamespace: false

+  - <<: *vaultwarden
+    installed: true
+    namespace: vaultwarden-application
+    createNamespace: true
+
 bases:
  - ../environments.yaml
  - ../repositories.yaml
--- a/badhouseplants/values/secrets.vaultwarden.yaml
+++ b/badhouseplants/values/secrets.vaultwarden.yaml
@ -0,0 +1,27 @@
+vaultwarden:
+    smtp:
+        username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str]
+        password:
+            value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str]
+    adminToken:
+        value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo
+            WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3
+            dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a
+            U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT
+            HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-10-20T07:01:25Z"
+    mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/badhouseplants/values/values.db-instances.yaml
+++ b/badhouseplants/values/values.db-instances.yaml
@ -18,7 +18,7 @@ dbinstances:
      Namespace: database-service
    engine: postgres
    generic:
-      host: postgres16-postgresql
+      host: postgres16-postgresql.database-service.svc.cluster.local
      port: 5432
  mysql:
    monitoring:
--- a/badhouseplants/values/values.longhorn.yaml
+++ b/badhouseplants/values/values.longhorn.yaml
@ -9,5 +9,5 @@ defaultSettings:
 csi:
  kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
 persistence:
-  defaultClassReplicaCount: 1
+defaultClassReplicaCount: 1
 enablePSP: false
--- a/badhouseplants/values/values.vaultwarden.yaml
+++ b/badhouseplants/values/values.vaultwarden.yaml
@ -0,0 +1,63 @@
+---
+# ------------------------------------------
+# -- Istio extenstion. Just because I'm
+# --  not using ingress nginx
+# ------------------------------------------
+istio:
+  enabled: true
+  istio:
+    - name: vaultwarden-http
+      kind: http
+      gateway: istio-system/badhouseplants-net
+      hostname: vault.badhouseplants.net
+      service: vaultwarden
+      port: 8080
+# ------------------------------------------
+# -- Database extension is used to manage
+# --  database with db-operator
+# ------------------------------------------
+ext-database:
+  enabled: true
+  name: vaultwarden-postgres16
+  instance: postgres16
+service: 
+  port: 8080
+vaultwarden:
+  smtp:
+    host: badhouseplants.net
+    security: "starttls"
+    port: 587
+    from: vaultwarden@badhouseplants.net
+    fromName: Vault Warden
+    authMechanism: "Plain"
+    acceptInvalidHostnames: "false"
+    acceptInvalidCerts: "false"
+    debug: false
+  domain: https://vault.badhouseplants.net
+  websocket:
+    enabled: true
+    address: "0.0.0.0"
+    port: 3012
+  rocket:
+    port: "8080"
+    workers: "10"
+  webVaultEnabled: "true"
+  signupsAllowed: false
+  invitationsAllowed: true
+  signupDomains: "https://vault.badhouseplants.com"
+  signupsVerify: "true"
+  showPassHint: "false"
+  database:
+    existingSecret: vaultwarden-postgres16-creds
+    existingSecretKey: CONNECTION_STRING
+    connectionRetries: 15
+    maxConnections: 10
+  storage:
+    enabled: false
+    size: 1Gi
+    class: default
+    dataDir: /data
+  logging:
+    enabled: false
+    logfile: "/data/vaultwarden.log"
+    loglevel: "warn"
--- a/releases.yaml
+++ b/releases.yaml
@ -134,7 +134,7 @@ templates:
  prometheus: &prometheus
    name: prometheus
    chart: prometheus-community/kube-prometheus-stack
-    version: 51.6.1
+    version: 51.9.4
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -145,7 +145,7 @@ templates:
  loki: &loki
    name: loki
    chart: grafana/loki
-    version: 5.29.0
+    version: 5.35.0
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -153,7 +153,7 @@ templates:
  promtail: &promtail
    name: promtail
    chart: grafana/promtail
-    version: 6.15.2
+    version: 6.15.3
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -232,7 +232,7 @@ templates:
  nrodionov: &nrodionov
    name: nrodionov
    chart: bitnami/wordpress
-    version: 18.0.4
+    version: 18.0.7
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -260,7 +260,7 @@ templates:
  gitea: &gitea
    name: gitea
    chart: gitea/gitea
-    version: 9.5.0
+    version: 9.5.1
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -299,7 +299,7 @@ templates:
  redis: &redis
    name: redis
    chart: bitnami/redis
-    version: 18.1.5
+    version: 18.1.6
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -307,7 +307,7 @@ templates:
  postgres16: &postgres16
    name: postgres16
    chart: bitnami/postgresql
-    version: 13.1.4
+    version: 13.1.5
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -315,7 +315,7 @@ templates:
  db-operator: &db-operator
    name: db-operator
    chart: db-operator/db-operator
-    version: 1.11.1
+    version: 1.11.2

  db-instances: &db-instances
    name: db-instances
@ -342,3 +342,12 @@ templates:
      - template: ext-istio-gateway
      - template: ext-istio-resource

+  vaultwarden: &vaultwarden
+    name: vaultwarden
+    chart: badhouseplants/vaultwarden
+    version: 0.1.0
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: ext-istio-resource
+      - template: ext-database
--- a/repositories.yaml
+++ b/repositories.yaml
@ -35,4 +35,6 @@ repositories:
  - name: db-operator
    url: https://db-operator.github.io/charts
  - name: allanger-gitea
-    url:  https://git.badhouseplants.net/api/packages/allanger/helm
+    url: https://git.badhouseplants.net/api/packages/allanger/helm
+  - name: badhouseplants
+    url: https://badhouseplants.github.io/helm-charts/