From 871ceb8e06d1ec785ead5cc92b5b4117c4676de6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 21:42:57 +0200 Subject: [PATCH] Install vaultwarden --- badhouseplants/helmfile.yaml | 5 ++ .../values/secrets.vaultwarden.yaml | 27 ++++++++ .../values/values.db-instances.yaml | 2 +- badhouseplants/values/values.longhorn.yaml | 2 +- badhouseplants/values/values.vaultwarden.yaml | 63 +++++++++++++++++++ releases.yaml | 25 +++++--- repositories.yaml | 4 +- 7 files changed, 117 insertions(+), 11 deletions(-) create mode 100644 badhouseplants/values/secrets.vaultwarden.yaml create mode 100644 badhouseplants/values/values.vaultwarden.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 88616fc..8573d06 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -97,6 +97,11 @@ releases: namespace: istio-system createNamespace: false + - <<: *vaultwarden + installed: true + namespace: vaultwarden-application + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml new file mode 100644 index 0000000..9c2e617 --- /dev/null +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -0,0 +1,27 @@ +vaultwarden: + smtp: + username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] + password: + value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str] + adminToken: + value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo + WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 + dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a + U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT + HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-20T07:01:25Z" + mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 6c8999b..8e16c19 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -18,7 +18,7 @@ dbinstances: Namespace: database-service engine: postgres generic: - host: postgres16-postgresql + host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 mysql: monitoring: diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index 078e6ab..c639d5f 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -9,5 +9,5 @@ defaultSettings: csi: kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: - defaultClassReplicaCount: 1 +defaultClassReplicaCount: 1 enablePSP: false diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml new file mode 100644 index 0000000..b2bd5a3 --- /dev/null +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -0,0 +1,63 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: vaultwarden-http + kind: http + gateway: istio-system/badhouseplants-net + hostname: vault.badhouseplants.net + service: vaultwarden + port: 8080 +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: + enabled: true + name: vaultwarden-postgres16 + instance: postgres16 +service: + port: 8080 +vaultwarden: + smtp: + host: badhouseplants.net + security: "starttls" + port: 587 + from: vaultwarden@badhouseplants.net + fromName: Vault Warden + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" + debug: false + domain: https://vault.badhouseplants.net + websocket: + enabled: true + address: "0.0.0.0" + port: 3012 + rocket: + port: "8080" + workers: "10" + webVaultEnabled: "true" + signupsAllowed: false + invitationsAllowed: true + signupDomains: "https://vault.badhouseplants.com" + signupsVerify: "true" + showPassHint: "false" + database: + existingSecret: vaultwarden-postgres16-creds + existingSecretKey: CONNECTION_STRING + connectionRetries: 15 + maxConnections: 10 + storage: + enabled: false + size: 1Gi + class: default + dataDir: /data + logging: + enabled: false + logfile: "/data/vaultwarden.log" + loglevel: "warn" diff --git a/releases.yaml b/releases.yaml index 1155aa8..0b9bd0c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.6.1 + version: 51.9.4 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.29.0 + version: 5.35.0 inherit: - template: monitoring-common - template: default-env-values @@ -153,7 +153,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.2 + version: 6.15.3 inherit: - template: monitoring-common - template: default-env-values @@ -232,7 +232,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.0.4 + version: 18.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -260,7 +260,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.5.0 + version: 9.5.1 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.5 + version: 18.1.6 inherit: - template: default-env-values - template: default-env-secrets @@ -307,7 +307,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.1.4 + version: 13.1.5 inherit: - template: default-env-values - template: default-env-secrets @@ -315,7 +315,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.11.1 + version: 1.11.2 db-instances: &db-instances name: db-instances @@ -342,3 +342,12 @@ templates: - template: ext-istio-gateway - template: ext-istio-resource + vaultwarden: &vaultwarden + name: vaultwarden + chart: badhouseplants/vaultwarden + version: 0.1.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database diff --git a/repositories.yaml b/repositories.yaml index 64e3842..fcdf4fe 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -35,4 +35,6 @@ repositories: - name: db-operator url: https://db-operator.github.io/charts - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: badhouseplants + url: https://badhouseplants.github.io/helm-charts/