shortcuts:
  hostname: vault.badhouseplants.net
ext-database:
  enabled: true
  name: vaultwarden-postgres16
  instance: postgres16
  credentials:
    DATABASE_URL: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}"
workload:
  kind: Deployment
  strategy:
    type: RollingUpdate
  containers:
    vaultwarden:
      securityContext: {}
      mounts:
        storage:
          data:
            path: /app/data/
      envFrom:
        - main
        - secrets
        - secretRef:
            name: vaultwarden-postgres16-creds
ingress:
  main:
    class: traefik
    annotations:
      kubernetes.io/ingress.class: traefik
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
      kubernetes.io/tls-acme: "true"
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.global-static-ip-name: ""
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
storage:
  data:
    accessModes:
      - ReadWriteOnce
env:
  main:
    enabled: true
    sensitive: false
    data:
      DOMAIN: https://vault.badhouseplants.net
      SMTP_HOST: stalwart.badhouseplants.net
      SMTP_SECURITY: "starttls"
      SMTP_PORT: 587
      SMTP_FROM: vault@badhouseplants.net
      SMTP_FROM_NAME: Vault Warden
      SMTP_AUTH_MECHANISM: "Plain"
      SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
      SMTP_ACCEPT_INVALID_CERTS: "false"
      SMTP_DEBUG: false
      DATA_FOLDER: /app/data/
      ROCKET_PORT: 8080
      SHOW_PASSWORD_HINT: true
      SIGNUPS_ALLOWED: false
      INVITATIONS_ALLOWED: true
      SIGNUPS_DOMAINS_WHITELIST: "*"
      SIGNUPS_VERIFY: true
      WEB_VAULT_ENABLED: true
      LOG_FILE: /app/logs/log.txt
      LOG_LEVEL: info
      DB_CONNECTION_RETRIES: 10
      DATABASE_MAX_CONNS: 10
      ORG_GROUPS_ENABLED: true
      ORG_EVENTS_ENABLED: true
      ORG_CREATION_USERS: ""