Install vaultwarden

2023-10-20 21:42:57 +02:00 · 2023-10-20 21:42:57 +02:00 · 871ceb8e06
commit 871ceb8e06
parent 5201e2a589
7 changed files with 117 additions and 11 deletions
--- a/badhouseplants/helmfile.yaml
+++ b/badhouseplants/helmfile.yaml
@ -97,6 +97,11 @@ releases:
    namespace: istio-system
    createNamespace: false
  - <<: *vaultwarden
    installed: true
    namespace: vaultwarden-application
    createNamespace: true
 bases:
  - ../environments.yaml
  - ../repositories.yaml
--- a/badhouseplants/values/secrets.vaultwarden.yaml
+++ b/badhouseplants/values/secrets.vaultwarden.yaml
@ -0,0 +1,27 @@
 vaultwarden:
    smtp:
        username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str]
        password:
            value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str]
    adminToken:
        value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo
            WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3
            dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a
            U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT
            HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-10-20T07:01:25Z"
    mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/badhouseplants/values/values.db-instances.yaml
+++ b/badhouseplants/values/values.db-instances.yaml
@ -18,7 +18,7 @@ dbinstances:
      Namespace: database-service
    engine: postgres
    generic:
-      host: postgres16-postgresql
+      host: postgres16-postgresql.database-service.svc.cluster.local
      port: 5432
  mysql:
    monitoring:
--- a/badhouseplants/values/values.longhorn.yaml
+++ b/badhouseplants/values/values.longhorn.yaml
@ -9,5 +9,5 @@ defaultSettings:
 csi:
  kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
 persistence:
-  defaultClassReplicaCount: 1
+defaultClassReplicaCount: 1
 enablePSP: false
--- a/badhouseplants/values/values.vaultwarden.yaml
+++ b/badhouseplants/values/values.vaultwarden.yaml
@ -0,0 +1,63 @@
 ---
 # ------------------------------------------
 # -- Istio extenstion. Just because I'm
 # --  not using ingress nginx
 # ------------------------------------------
 istio:
  enabled: true
  istio:
    - name: vaultwarden-http
      kind: http
      gateway: istio-system/badhouseplants-net
      hostname: vault.badhouseplants.net
      service: vaultwarden
      port: 8080
 # ------------------------------------------
 # -- Database extension is used to manage
 # --  database with db-operator
 # ------------------------------------------
 ext-database:
  enabled: true
  name: vaultwarden-postgres16
  instance: postgres16
 service: 
  port: 8080
 vaultwarden:
  smtp:
    host: badhouseplants.net
    security: "starttls"
    port: 587
    from: vaultwarden@badhouseplants.net
    fromName: Vault Warden
    authMechanism: "Plain"
    acceptInvalidHostnames: "false"
    acceptInvalidCerts: "false"
    debug: false
  domain: https://vault.badhouseplants.net
  websocket:
    enabled: true
    address: "0.0.0.0"
    port: 3012
  rocket:
    port: "8080"
    workers: "10"
  webVaultEnabled: "true"
  signupsAllowed: false
  invitationsAllowed: true
  signupDomains: "https://vault.badhouseplants.com"
  signupsVerify: "true"
  showPassHint: "false"
  database:
    existingSecret: vaultwarden-postgres16-creds
    existingSecretKey: CONNECTION_STRING
    connectionRetries: 15
    maxConnections: 10
  storage:
    enabled: false
    size: 1Gi
    class: default
    dataDir: /data
  logging:
    enabled: false
    logfile: "/data/vaultwarden.log"
    loglevel: "warn"
--- a/releases.yaml
+++ b/releases.yaml
@ -134,7 +134,7 @@ templates:
  prometheus: &prometheus
    name: prometheus
    chart: prometheus-community/kube-prometheus-stack
-    version: 51.6.1
+    version: 51.9.4
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -145,7 +145,7 @@ templates:
  loki: &loki
    name: loki
    chart: grafana/loki
-    version: 5.29.0
+    version: 5.35.0
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -153,7 +153,7 @@ templates:
  promtail: &promtail
    name: promtail
    chart: grafana/promtail
-    version: 6.15.2
+    version: 6.15.3
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -232,7 +232,7 @@ templates:
  nrodionov: &nrodionov
    name: nrodionov
    chart: bitnami/wordpress
-    version: 18.0.4
+    version: 18.0.7
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -260,7 +260,7 @@ templates:
  gitea: &gitea
    name: gitea
    chart: gitea/gitea
-    version: 9.5.0
+    version: 9.5.1
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -299,7 +299,7 @@ templates:
  redis: &redis
    name: redis
    chart: bitnami/redis
-    version: 18.1.5
+    version: 18.1.6
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -307,7 +307,7 @@ templates:
  postgres16: &postgres16
    name: postgres16
    chart: bitnami/postgresql
-    version: 13.1.4
+    version: 13.1.5
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -315,7 +315,7 @@ templates:
  db-operator: &db-operator
    name: db-operator
    chart: db-operator/db-operator
-    version: 1.11.1
+    version: 1.11.2
  db-instances: &db-instances
    name: db-instances
@ -342,3 +342,12 @@ templates:
      - template: ext-istio-gateway
      - template: ext-istio-resource
  vaultwarden: &vaultwarden
    name: vaultwarden
    chart: badhouseplants/vaultwarden
    version: 0.1.0
    inherit:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-istio-resource
      - template: ext-database
--- a/repositories.yaml
+++ b/repositories.yaml
@ -36,3 +36,5 @@ repositories:
    url: https://db-operator.github.io/charts
  - name: allanger-gitea
    url: https://git.badhouseplants.net/api/packages/allanger/helm
  - name: badhouseplants
    url: https://badhouseplants.github.io/helm-charts/