Add postgres to etersoft

2024-11-07 10:09:56 +01:00 · 2024-11-07 10:09:56 +01:00 · c2ec134d2b
commit c2ec134d2b
parent 2f524131dd
16 changed files with 220 additions and 98 deletions
--- a/common/environments.yaml
+++ b/common/environments.yaml
@ -12,7 +12,9 @@ environments:
          enabled: false
      - openebs:
          enabled: true
-      - postgres:
+      - postgres17:
+          enabled: true
+      - postgres16:
          enabled: true
      - redis:
          enabled: true
@ -29,7 +31,9 @@ environments:
          enabled: false
      - localpath:
          enabled: true
-      - postgres:
+      - postgres17:
          enabled: false
      - redis:
          enabled: false
+      - postgres16:
+          enabled: true
--- a/installations/applications/helmfile-badhouseplants.yaml
+++ b/installations/applications/helmfile-badhouseplants.yaml
@ -109,3 +109,12 @@ releases:
      - template: default-env-values
      - template: ext-tcp-routes
      - template: ext-cilium
+  - name: vaultwardentest
+    chart: allangers-charts/vaultwarden
+    version: 2.4.0
+    namespace: applications
+    installed: false
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: ext-database
--- a/installations/applications/helmfile-etersoft.yaml
+++ b/installations/applications/helmfile-etersoft.yaml
@ -26,11 +26,12 @@ releases:
      - template: ext-traefik-middleware
  - name: vaultwardentest
    chart: allangers-charts/vaultwarden
-    version: 2.3.0
+    version: 2.4.0
    namespace: applications
    inherit:
      - template: default-env-values
      - template: default-env-secrets
+      - template: ext-database
  - name: tf-ocloud
    chart: ../../charts/tf-ocloud
    namespace: pipelines
--- a/installations/databases/helmfile.yaml
+++ b/installations/databases/helmfile.yaml
@ -20,7 +20,7 @@ releases:
      bundle: postgres
    namespace: databases
    chart: bitnami/postgresql
-    condition: postgres.enabled
+    condition: postgres16.enabled
    version: 15.5.38
    inherit:
      - template: default-env-values
@ -30,7 +30,7 @@ releases:
      bundle: postgres
    namespace: databases
    chart: bitnami/postgresql
-    condition: postgres.enabled
+    condition: postgres17.enabled
    version: 16.0.6
    inherit:
      - template: default-env-values
--- a/installations/platform/helmfile.yaml
+++ b/installations/platform/helmfile.yaml
@ -26,13 +26,11 @@ releases:
  - name: db-operator
    namespace: platform
    chart: db-operator/db-operator
-    condition: workload.enabled
    version: 1.29.0

  - name: db-instances
    chart: db-operator/db-instances
    namespace: platform
-    condition: workload.enabled
    needs:
      - platform/db-operator
    version: 2.4.0
--- a/values/badhouseplants/secrets.vaultwarden.yaml
+++ b/values/badhouseplants/secrets.vaultwarden.yaml
@ -1,30 +1,30 @@
 env:
-  secrets:
-    enabled: ENC[AES256_GCM,data:p8ATew==,iv:dP7WATC+Fm0dfP7hlEHdVPOo8ErsbiB+5YPgQzXV/Ss=,tag:iVnFW7Q74vo1CJ0I1tt+4g==,type:bool]
-    sensitive: ENC[AES256_GCM,data:dyb+SQ==,iv:ZkrLnt6yOtv8fd1qy+HIlbNcHT8aDmIU3S82WM/SePs=,tag:iPVbwIDHHDek97k58mgIZw==,type:bool]
-    data:
-      SMTP_USERNAME: ENC[AES256_GCM,data:26jN,iv:ASzEihTqVCn6XerFqAb/khSa+aTauTh0+OiJMoNmvsI=,tag:n8g47XIOOLkbBSUERsyx3A==,type:str]
-      ADMIN_PASSWORD: ENC[AES256_GCM,data:FOHowPJxX6b2i4Kr3DwJOjX7mzzq1Mp/mw==,iv:DrXQihNeT7jP23PhuuYAXCviYPD9+N+ZUp1hCxgPneY=,tag:WsmTl30sNMIMou23SGaunQ==,type:str]
-      ADMIN_TOKEN: ENC[AES256_GCM,data:ZWuys8umG5dqer/I5SmZCYQFB5FolA8jkXWgJvW5X/CIDEZlPxnL+nojSxhmdLTkVy7Yo0mgCC93WOjtPqPvZ+42SEVfKIgBKRM=,iv:nnb7peQioiB8drt2trcQjX13j471EJNARtQbXuJVvaw=,tag:fIAmV5R7BstW33zttKanRA==,type:str]
-      DATABASE_URL: null
-      SMTP_PASSWORD: ENC[AES256_GCM,data:kGne0ERfIBTpfv9r6TLZ/coYtk6xsvjXFQ==,iv:zhQwqdp1O60XlRum6Kye5VQPLxZHZ4aTKR6fZ1rK5Mo=,tag:LiDOXd1ahAGpA9JbV1ChGw==,type:str]
+    secrets:
+        enabled: ENC[AES256_GCM,data:Gv3Unw==,iv:pIls2F+alt1LfJIzfto+6YA4ih9KLBAzutd6Nz4uvlI=,tag:HUXRQI+vvN70eMsgNgeltw==,type:bool]
+        sensitive: ENC[AES256_GCM,data:/trLBA==,iv:w5IV1c7+d971WHLkhbi2jAT4smGUFNQjWXfAHjqMJtQ=,tag:GErKO9Mev/vNI8hVO0OCOg==,type:bool]
+        data:
+            SMTP_USERNAME: ENC[AES256_GCM,data:mxHg,iv:fnC9XmPBSoYg/SaezA9I7hUNcK16z0UyB0ujp8dOV/Q=,tag:Ude8TQ+m358upwTHW4g2vA==,type:str]
+            ADMIN_PASSWORD: ENC[AES256_GCM,data:arONfkxTVCKOrw4ehk1HGG2MOisfo1oZyw==,iv:T/MAUaHaIVL/oAuAMGwB4x4aNWrnjnvNvM7h4cgL0q0=,tag:F/GYyB1ZxFLxC32hKtsnSg==,type:str]
+            ADMIN_TOKEN: ENC[AES256_GCM,data:eiXun0SKGMichylKuyJPxRkO0nUbCb+ex1ABr4z/IM5CYgbptCW+b+Lw5BQB+Bf0OzcmX3d/GcwrJKXvbjBBelgMUZGXLfShB3M=,iv:git8/iNUeWPxwt/+1NT+rEoYz12hNUGPD6dg+gCyKTs=,tag:M2BqdsoitGIm3GeFBnG9/w==,type:str]
+            DATABASE_URL: null
+            SMTP_PASSWORD: ENC[AES256_GCM,data:KdFR+MmZyGsuHsItX8WNy6r5LXWMgUzJjg==,iv:89e34akVX23Nblm2FNd6u7lX2Z/Zigek8gdjdHD1PTE=,tag:BdpfhbsPHB08gfey80w6gw==,type:str]
 sops:
-  kms: []
-  gcp_kms: []
-  azure_kv: []
-  hc_vault: []
-  age:
-    - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
-      enc: |
-        -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZDNxQy9JRS9OcHArNXov
-        dVVJT1NhZmV1d05ZUFZmM1hBVDRCeE1IY2dJCjAyZW5CV0UvRGx5MG4zdGZKcEFP
-        cGpYc0drUitIeXhuYnlRSDNKbWFENncKLS0tIER3R3FxNGlNOW9VRHliNktQZHpG
-        UEc0R0h1OXhLdU5VNFEvaExMWXk1Q0UKBU1IZOnH3TpjFlaMVFz9QO9yyuG5Sm0b
-        YHqBxoO4FlFXAperIwpXojzIdNIC7CKnUUFN94fitNG+Lieto7ZqGw==
-        -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-14T08:08:22Z"
-  mac: ENC[AES256_GCM,data:H7C2pN0IAc91M2LCGZefhdfeVetmt6jwxDQwQ8OPVrYXt69w4vFjeb801nKHNT6g2qV/WkLN5inHnP6EJoCS4/+ti8l814m/jmCXrNkK9mNJ9A00xc/p43WdxEtaktFORH0Y+mvS1ADrK/ghlIUjcvC0o1b1rVH8rkCjR1ql/Js=,iv:JOC8VGNj3ERRH0GRKFJ/RL1rOVfU6G98v+fsqBpvn2c=,tag:zoHGbt9p590qZfT4/8YTKA==,type:str]
-  pgp: []
-  unencrypted_suffix: _unencrypted
-  version: 3.9.1
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OElmeTA4K1NZUncvRjI2
+            YldLMHVhQVpKSWdwNHh6RnRZZmhSdC9wUlNzCnk5R2xrQzM4MlNxWFZuV0J5aHkv
+            VlNlSm02d1JQWlFuTG5USmlwQzdXancKLS0tIEFGSDRtc1pmMnVPWGhJR2NBU2xP
+            a2h1RE5XWmxxb05IZEU3c3VGaXRmeUUKmIgm5Apj8ipz/h8YYiz+ryVFSsjTCXMv
+            WWDuNLIhxO3inp6QgwWW1PhDjNWAn1uEULckyFAgDOdwp4Tof4A/ZQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-05T11:05:01Z"
+    mac: ENC[AES256_GCM,data:Sxc3HM0kCuNNRTn6R9kDWmzx+uJHjXi2245n4EwJBx3faX0WsH5I3ZZfjJl0fKLQJApEaN4i+vu/6fEWIfUrbbHfSLCQQDrj1OpXz0Yz+ett83JY+G41bjgWb316MYvuXp0zFlLsms54jCFMY3aV+ROIDXEGaEYncVwrbIXiJpk=,iv:wHi9wf1iiptgCiDD1yAtBw/xaOfymliihp7RyHg9J0M=,tag:uygWGbkgZyb/KZNCzxyPUg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
--- a/values/badhouseplants/values.stalwart.yaml
+++ b/values/badhouseplants/values.stalwart.yaml
@ -101,7 +101,7 @@ traefik:
 files:
  config:
    enabled: true
-    sensitive: true
+    sensitive: false
    remove: []
    entries:
      # Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
@ -170,11 +170,6 @@ files:
          bind = "[::]:8080"
          protocol = "http"
          hsts = true
-          permissive-cors = false
-          url = "protocol + '://' + key_get('default', 'hostname') + ':' + local_port"
-          use-x-forwarded = true
-          proxy.override = true
-          proxy.trusted-networks.0 = "192.168.0.0/16"

          [storage]
          data = "rocksdb"
--- a/values/badhouseplants/values.traefik.yaml
+++ b/values/badhouseplants/values.traefik.yaml
@ -1,3 +1,6 @@
+service:
+  annotations:
+    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
 ports:
  websecure:
    transport:
@ -5,9 +8,13 @@ ports:
        readTimeout: 0
        idleTimeout: 0
        writeTimeout: 0
+    forwardedHeaders:
+      trustedIPs:
+        - "192.168.0.0/16"
    proxyProtocol:
      trustedIPs:
        - "192.168.0.0/16"
+      insecure: true
  ssh:
    port: 22
    expose:
--- a/values/common/values.tcp-route.yaml
+++ b/values/common/values.tcp-route.yaml
@ -1,20 +1,22 @@
---
 traefik:
  templates:
    - |
-        {{ range .Values.tcpRoutes }}
-        ---
-        apiVersion: traefik.io/v1alpha1
-        kind: IngressRouteTCP
-        metadata:
-          name: {{ .name }}
-        spec:
-          entryPoints:
-          - {{ .entrypoint }}
-          routes:
-          - match: {{ .match }}
-            services:
-            - name: {{ .service }}
-              nativeLB: true
-              port: {{ .port }}
-        {{- end }}
+      {{ range .Values.tcpRoutes }}
+      ---
+      apiVersion: traefik.io/v1alpha1
+      kind: IngressRouteTCP
+      metadata:
+        name: {{ .name }}
+      spec:
+        entryPoints:
+        - {{ .entrypoint }}
+        routes:
+        - match: {{ .match }}
+          services:
+          - name: {{ .service }}
+            nativeLB: true
+            port: {{ .port }}
+            {{- if .proxyProtocolVersion }}
+            proxyProtocol: {{ .proxyProtocolVersion }}
+            {{- end }}
+      {{- end }}
--- a/values/etersoft/secrets.db-instances.yaml
+++ b/values/etersoft/secrets.db-instances.yaml
@ -0,0 +1,25 @@
+dbinstances:
+    postgres16:
+        secrets:
+            adminUser: ENC[AES256_GCM,data:rxSV97yqRDU=,iv:8gqGL14LDS2zKDlImdNPMYYX3J8epZvlytjOfuxSP2I=,tag:s95IsFyLj7oIy5Tm12oJZg==,type:str]
+            adminPassword: ENC[AES256_GCM,data:VgU22sobeBBdjxhth44Llugp,iv:Y2jTlURdgjc/rpydwu1YCEmZgVkRkuBytQmds2ZO3pk=,tag:Abxa+/m3a3L4xNwEFqqncw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubjJWVzg2ZitheWFhUlND
+            N05nYmlWUzdtVE4xT3NwMnVIbThLam1KQkRFCnA3a2FucS9sdFVHNnBUU285dGZz
+            dUZvT0xRZ1JLcnNTMVdrSnJBUkJzZW8KLS0tIHJoTlVYVmpjSDJob3RpOG45MEtx
+            NTBZb2pRNEM5TWJiRUkzWHRyVTdaUmcK9oYd7htT3Wt2HLUFGHQrBfiAfKUaFitr
+            UcBA/MXGcJt3Wq6Tw8ujNqQbDrftAd+sRWTO8rNqTGK02zXvkmu1sA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-05T10:54:18Z"
+    mac: ENC[AES256_GCM,data:tvfGmnwG8nJ/1r0OZBjuU3jCSsC4V1DqjqriARti51RA4AsRFodyl1QMbLoaHgwzLLqbe6Xy62n1EU/icgmiEdEbpBZ7kEuyQ0Q9M0mkZgQVrvF126Tdd11ylswO9imSknaWmvnb0nwj0ZV1daOCqF3NCl+HaP0NiTlCy18aP74=,iv:OYvQDBhxTDEmfBWXtcAluGX9sYGVj8Ki3mZXPVvpYwk=,tag:M7VgUVQoxVC63kGJol6DUA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
--- a/values/etersoft/secrets.postgres16.yaml
+++ b/values/etersoft/secrets.postgres16.yaml
@ -0,0 +1,24 @@
+global:
+    postgresql:
+        auth:
+            postgresPassword: ENC[AES256_GCM,data:4RQkD5bHyjMQjofzrmB3V45q,iv:JlD23SAhnU5Q+0xl3TAdOdkXJPTG+Awx7qRe8cH1HFo=,tag:KSnUQi0U2ydpigAgoZxFsg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1hzTUV3TzRFaHNTN3Fj
+            Tkh0TW1VNng0WkZNdXdsOVozMDZ5T25uQmgwCkhSWXViUkNsZnExV0c5UXFsd2R4
+            ZjNYYUFDbnpYYkRQbHdQUDA3cHBxa28KLS0tIFR4MGVWK2o1TFZlQ1FRbkIza3F6
+            UWc5NzVMVkQ4UDNlSzRidWNzSnFWWkkKfnTaKxZoBFCj2l4QfI/BvG0eGOFX/seF
+            DcpofYlg0hQFRSavqRjidLri1rzpOCdKlWh/h0nIRDFA7O55Q8QAnQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-05T10:53:47Z"
+    mac: ENC[AES256_GCM,data:ugdm5oICFj1nZtkUNdfamjuGjMOz8bWTKIsaOND31alQsTuvnHNT/GrVIKkiAwgXbP71nH8ecmv3Ossq/tt8OxpG5Hu5v3s1Dgl8fXNCRt8cR0INGJyeDYc9l1WDugNkNRhRV96udmDJewompcIxqPYECwfZHXYiWA7HMyIdlDk=,iv:1PgLX53dbD4JfpLnszMgH/pQBXvUimgJYZsw3leerBo=,tag:O5KBMenIG7/J5o+kiU/mGg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
--- a/values/etersoft/secrets.vaultwardentest.yaml
+++ b/values/etersoft/secrets.vaultwardentest.yaml
@ -1,30 +1,30 @@
 env:
-  secrets:
-    enabled: ENC[AES256_GCM,data:2aJihg==,iv:VtJL8ubzBpuNCQWoJ04hrWB236svrXR4arUxvdlwLl0=,tag:Rz7vmAtywhOA/vaHEF2Vjw==,type:bool]
-    sensitive: ENC[AES256_GCM,data:SzwuZw==,iv:7BZl7KXrQ8UJWdCwPxALPMfNfYz3jZu3Ivn092Px69s=,tag:aGm6HO4dB1jEPaLhqCE1Cw==,type:bool]
-    data:
-      SMTP_USERNAME: ENC[AES256_GCM,data:og5bxhkNQfwvUkDKOt+2uQZz/N4Q4p8BLUro,iv:yWRuJ3wThNGvtycs5FwGMS8lIvDMJBDCtk2gg65TLko=,tag:LFmn3KymKXTaPYckYn6JCA==,type:str]
-      ADMIN_PASSWORD: ENC[AES256_GCM,data:rfJqM8eUghgDg07sEhO0hbpTwRQZJlKU56R9kOqBjTs4+VkGt7GWshrQx4L1BDEY8oE=,iv:U/ieTe261wjBm6GPtRsfwO/EFzo5hc0KbEoaY5A+7kk=,tag:oQTFk/YtgOkgllQomF/pPw==,type:str]
-      ADMIN_TOKEN: ENC[AES256_GCM,data:t2BKaqd+/xt5OJwCUjvgNH12jU5k7msjsSA9R6uiq+ynixzc9/u/lfGKh9dGRbjTKv+0b9pG7tWzJwDs3HtB53VGkiZ2dY90wrXrQa/yG+1D7DN3FQ==,iv:hPi87kBXmTX7SJOJvZAKqFSxvfegsLrbCKUwkV/79ds=,tag:DeTITUcd4MOIHDkSGcWjLQ==,type:str]
-      DATABASE_URL: null
-      SMTP_PASSWORD: ENC[AES256_GCM,data:Oh0s1kb9tHu5WYhMYxLVc1ql8ys=,iv:RdUp4bZac6qla+GYDeFM7SzpUMKmRxck5qJ/9l4L9Ik=,tag:7pHha/gm1Wuec2+FoRnMlg==,type:str]
+    secrets:
+        enabled: ENC[AES256_GCM,data:zzAqZw==,iv:eNmoXsT7ME8Ayq1+6SKVMAmNfMXbaCHhbpoIVSCMmEs=,tag:rXlJGUtPQm0ulut18xuEpQ==,type:bool]
+        sensitive: ENC[AES256_GCM,data:p+tT+Q==,iv:0W4zA1+9Q6eDx6OMAscdDc0GveZgo/zW6in/PdfZo5E=,tag:SBplDU0DWQHzS0zQbhlOmA==,type:bool]
+        data:
+            #ENC[AES256_GCM,data:lUhrHf0qCaIFA/03PexzwaG8BZPx4jJ1E7+D8RSusZsegYVEAcP13XkQ,iv:/aKm2fUtjUWb7zGipYLjFSoPv6JEhrt0lneEHcLY2vk=,tag:0TrN03ApXMyDLbghPU3lEw==,type:comment]
+            ADMIN_PASSWORD: ENC[AES256_GCM,data:NkRDv5wL9+q30cydrbxaG5kSkEjSVk1kj4H1OipjaWkSKR1gUyVfFcmd1NCWldDNAK8=,iv:i26l6IFjyHqHXVadTGBl3wKDtRyykTca20mNaItl6kM=,tag:iYDdkUBE0GorA+zhu1ogfg==,type:str]
+            ADMIN_TOKEN: ENC[AES256_GCM,data:3LzUfxviYj5PSsm9bUn7pkLdVR7ggFHToXKvKIEw61d1MY6Ph3qVMr32KKJlbwh25by/hUQgSa1/WxxJDbBWsMzP9PikTov6lwFzMMOS/DDBM9ctxw==,iv:9zDoNV+Gbij9N95tKLd7Aa5c63UswSIG0nauGLS39Jg=,tag:wZE8U1t6GEqt7Obj4mqWcA==,type:str]
+            DATABASE_URL: null
+            #ENC[AES256_GCM,data:/5YuWuePwRN26Y2mCmGqI2FeDzZnsEyucbj1TR8j2LoCmhE=,iv:GMB4Y6LMAodfF6ItU5cRffMSPZh/85VHuLWOSo5YXdc=,tag:/h4vqzl5ZBy4msVe96l4Uw==,type:comment]
 sops:
-  kms: []
-  gcp_kms: []
-  azure_kv: []
-  hc_vault: []
-  age:
-    - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
-      enc: |
-        -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtaUVMdEpNcUxncnRMZDlU
-        MW0wQndGVDF1SUtRTGczZDkxNVdZVmNJYTNrClJtQzYxWnkrc01VZmlVS1ZDTWw2
-        K2lmYkdnWWtMNjFseG5qZmpzd0w2OFUKLS0tIHd6U1hnOVlsNVk2WkhIUUdSL1R4
-        UUNVNkFkT2ZGbG1HbFJPRWNjL0N2ZUEKklrgeG4EmufgXzTr4sgGZLCzcedEA6eN
-        VC2XYbdO06L4QL7GteFlW+CHFXKn3QB8+nfiU+dNriXJmzMpYEUtPA==
-        -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-14T08:08:21Z"
-  mac: ENC[AES256_GCM,data:SDZHIiaFpGYRSjLaiKRtQOXRvuH7K7J42O7BV0eSA0XEMdjy6i/nx8uRyWmF2uApyfXaptxT9gO60snZ24+ox890L0KtLE/qt2r6omyRR4Jn8vGfh1WQQHiFjWj/q6NDkKH9yItgrE1zOPKs2sMLjaxmWdcIpPVq/ZxehWfDyAs=,iv:zUKpJYpVok3qKM+aq6qizCHIHGNiKHMhtrGnRyumJ20=,tag:n4N6iueXTLS54IZnrrNfEg==,type:str]
-  pgp: []
-  unencrypted_suffix: _unencrypted
-  version: 3.9.1
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRHYvUG9ybVdOUk56alc1
+            VFUrS1lxT0srSG1uRldVUkZxY0NDaDZFUFJRCklsejBiNm9pelZYRTdlTGcvMSta
+            TS9lMElyMGJCa1pPN0J0amxDOFlQbGsKLS0tIE1mYlpwZEhES2Zrdk84UExjeXlz
+            akQ2M3NTc2hDRCt0OFJMMmVKZzg5UXMKqFkcNzqp9uhVu67/APA5XbqMVzv4RegS
+            at9pmPCxTlWQoPjzGtuF+l7J5lkS2KrU0wROC62AggnmEY1dMOSzqw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-06T09:06:31Z"
+    mac: ENC[AES256_GCM,data:uDSzjE3cnkzY2ADj/v6PkaB4XVla9+N5J7H/+b7Erc9cSdbV7utvBjhxDeMpnrurO10mNDtvgPEJ00e/bDz4Ru3tl6OXSeY9lvvKZTHi69i5e8naX6t6M2xv7rKyLe8gw5GzwSGfKGpsJeTKsUuKN2tAcoy23THC1Mauulj6G2A=,iv:85JA9+1rps4OUzFrXsy0e/NS0SZPfYpPHP0hjy/uCRQ=,tag:K/Oj9TyQIJXvuo6gwPzzRw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
--- a/values/etersoft/values.db-instances.yaml
+++ b/values/etersoft/values.db-instances.yaml
@ -0,0 +1,11 @@
+dbinstances:
+  postgres16:
+    monitoring:
+      enabled: false
+    adminSecretRef:
+      Name: postgres16-secret
+      Namespace: databases
+    engine: postgres
+    generic:
+      host: postgres16-postgresql.databases.svc.cluster.local
+      port: 5432
--- a/values/etersoft/values.minio.yaml
+++ b/values/etersoft/values.minio.yaml
@ -46,7 +46,7 @@ persistence:
  storageClass: local-path
  enabled: true
  accessMode: ReadWriteOnce
-  size: 10Gi
+  size: 40Gi
 service:
  type: ClusterIP
  clusterIP: ~
@ -62,7 +62,7 @@ buckets:
  - name: velero
    policy: none
    purge: false
-    versioning: fase
+    versioning: false
 metrics:
  serviceMonitor:
    enabled: false
--- a/values/etersoft/values.postgres16.yaml
+++ b/values/etersoft/values.postgres16.yaml
@ -0,0 +1,36 @@
+architecture: standalone
+
+auth:
+  database: postgres
+
+metrics:
+  enabled: false
+primary:
+  persistence:
+    size: 2Gi
+    annotations:
+      volume.kubernetes.io/selected-node: yekaterinburg
+  resources:
+    limits:
+      ephemeral-storage: 1Gi
+      memory: 512Mi
+    requests:
+      cpu: 512m
+      ephemeral-storage: 50Mi
+      memory: 128Mi
+  podSecurityContext:
+    enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsNonRoot: false
+    privileged: false
+    readOnlyRootFilesystem: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
--- a/values/etersoft/values.vaultwardentest.yaml
+++ b/values/etersoft/values.vaultwardentest.yaml
@ -1,3 +1,11 @@
+shortcuts:
+  hostname: vaulttest.badhouseplants.net
+ext-database:
+  enabled: true
+  name: vaultwardentest-postgres16
+  instance: postgres16
+  credentials:
+    DATABASE_URL: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}"
 workload:
  kind: Deployment
  strategy:
@ -14,6 +22,8 @@ workload:
      envFrom:
        - environment
        - secrets
+        - secretRef:
+            name: vaultwardentest-postgres16-creds
 ingress:
  main:
    class: traefik
@ -55,15 +65,15 @@ env:
    sensitive: false
    data:
      DOMAIN: https://vaulttest.badhouseplants.net
-      SMTP_HOST: mail.badhouseplants.net
-      SMTP_SECURITY: "starttls"
-      SMTP_PORT: 587
-      SMTP_FROM: vaulttest@badhouseplants.net
-      SMTP_FROM_NAME: Vault Warden
-      SMTP_AUTH_MECHANISM: "Plain"
-      SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
-      SMTP_ACCEPT_INVALID_CERTS: "false"
-      SMTP_DEBUG: false
+      #SMTP_HOST: mail.badhouseplants.net
+      #SMTP_SECURITY: "starttls"
+      #SMTP_PORT: 587
+      #SMTP_FROM: vaulttest@badhouseplants.net
+      #SMTP_FROM_NAME: Vault Warden
+      #SMTP_AUTH_MECHANISM: "Plain"
+      #SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
+      #SMTP_ACCEPT_INVALID_CERTS: "false"
+      #SMTP_DEBUG: false
      DATA_FOLDER: /app/data/
      ROCKET_PORT: 8080
      SHOW_PASSWORD_HINT: true
@ -73,7 +83,7 @@ env:
      SIGNUPS_VERIFY: false
      WEB_VAULT_ENABLED: true
      LOG_FILE: /app/logs/log.txt
-      LOG_LEVEL: info
+      LOG_LEVEL: debug
      DB_CONNECTION_RETRIES: 10
      DATABASE_MAX_CONNS: 10
      ORG_GROUPS_ENABLED: true