Move vaultwarden to softplayer-lib

2024-07-15 19:53:19 +02:00
parent 8a0cf86d26
commit bba8748576
19 changed files with 141 additions and 405 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 bin
 custom
+*.tgz
--- a/.woodpecker/.helm-workflow.yml
+++ b/.woodpecker/.helm-workflow.yml
@@ -70,6 +70,7 @@ steps:
            --password $REGISTRY_PASSWORD
      - |
          for chart in $(find charts -maxdepth 1 -mindepth 1 -type d); do
+            helm dependency update $chart
            helm package $chart -d chart-packages;
          done
      - |
--- a/charts/mealie/Chart.lock
+++ b/charts/mealie/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: softplayer-lib-workload
  repository: oci://git.badhouseplants.net/softplayer
-  version: 0.2.0
-digest: sha256:e6bf909ead48b331a49921e1cf504791fb5ec0a80561d797ae06c7a44ad8a9cd
-generated: "2024-07-15T08:45:21.509772+02:00"
+  version: 0.2.1
+digest: sha256:a3a4a69717a3549841454a0e27a1a9114ea8a03543caf5c0c9a184d5a98f36b4
+generated: "2024-07-15T19:51:29.734002+02:00"
--- a/charts/mealie/Chart.yaml
+++ b/charts/mealie/Chart.yaml
@@ -10,7 +10,7 @@ maintainers:
    url: https://badhouseplants.net
 dependencies:
  - name: softplayer-lib-workload
-    version: 0.2.0
+    version: 0.2.1
    repository: oci://git.badhouseplants.net/softplayer
 annotations:
  allowed_workload_kinds: "Deployment"
--- a/charts/mealie/charts/softplayer-lib-workload-0.2.0.tgz
+++ b/charts/mealie/charts/softplayer-lib-workload-0.2.0.tgz
--- a/charts/mealie/templates/install.yaml
+++ b/charts/mealie/templates/install.yaml
@@ -2,6 +2,5 @@
 {{ include "lib.service" . }}
 {{ include "lib.ingress" . }}
 {{ include "lib.config.env" . }}
-{{ include "lib.config.files" . }}
 {{ include "lib.pvc" . }}
 {{ include "lib.raw" . }}
--- a/charts/mealie/values.yaml
+++ b/charts/mealie/values.yaml
@@ -66,6 +66,7 @@ storage:
      - ReadWriteOnce
 env:
  environment:
+    enabled: true
    sensitive: false
    data:
      ALLOW_SIGNUP: true
@@ -77,10 +78,11 @@ env:
      BASE_URL: https://mealie.softplayer.com
      DB_ENGINE: postgres
  secrets:
+    enabled: true
    sensitive: true
    data:
-      POSTGRES_USER: mealie
-      POSTGRES_PASSWORD: mealie
-      POSTGRES_SERVER: postgres
-      POSTGRES_PORT: 5432
-      POSTGRES_DB: mealie
+      POSTGRES_USER: ~
+      POSTGRES_PASSWORD: ~
+      POSTGRES_SERVER: ~
+      POSTGRES_PORT: ~
+      POSTGRES_DB: ~
--- a/charts/team-fortress-2/charts/softplayer-lib-workload-0.1.8.tgz
+++ b/charts/team-fortress-2/charts/softplayer-lib-workload-0.1.8.tgz
--- a/charts/vaultwarden/Chart.lock
+++ b/charts/vaultwarden/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: softplayer-lib-workload
+  repository: file://../../../softplayer-helm-lib/charts/workload/
+  version: 0.2.1
+digest: sha256:a640e69a2823f6b5534cef9c3c7e8513e0ec6ce6c26904e32da03eb40bcd3143
+generated: "2024-07-15T19:46:39.750564+02:00"
--- a/charts/vaultwarden/Chart.yaml
+++ b/charts/vaultwarden/Chart.yaml
@@ -2,12 +2,18 @@ apiVersion: v2
 name: vaultwarden
 description: Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
 type: application
-version: 1.2.0
-appVersion: 1.30.5
+version: 2.0.0
+appVersion: 1.31.0
 maintainers:
  - name: allanger
    email: allanger@zohomail.com
    url: https://badhouseplants.net
+dependencies:
+  - name: softplayer-lib-workload
+    version: 0.2.1
+    repository: oci://git.badhouseplants.net/softplayer
+annotations:
+  allowed_workload_kinds: "Deployment"
 sources:
  - https://github.com/dani-garcia/vaultwarden/tree/main
 keywords:
--- a/charts/vaultwarden/templates/NOTES.txt
+++ b/charts/vaultwarden/templates/NOTES.txt
@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "vaultwarden.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "vaultwarden.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "vaultwarden.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "vaultwarden.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
--- a/charts/vaultwarden/templates/configmap.yaml
+++ b/charts/vaultwarden/templates/configmap.yaml
@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "vaultwarden.fullname" . }}
-  labels:
-    {{- include "vaultwarden.labels" . | nindent 4 }}
-data:
-  DOMAIN: {{ .Values.vaultwarden.domain | quote }}
-  {{- if and .Values.vaultwarden.smtp.host .Values.vaultwarden.smtp.from | quote }}
-  SMTP_HOST: {{ .Values.vaultwarden.smtp.host | quote }}
-  SMTP_SECURITY: {{ .Values.vaultwarden.smtp.security | quote }}
-  SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
-  {{- if .Values.vaultwarden.smtp.authMechanism }}
-  SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
-  {{- end }}
-  SMTP_FROM: {{ .Values.vaultwarden.smtp.from | quote }}
-  SMTP_FROM_NAME: {{ default "Vaultwarden" .Values.vaultwarden.smtp.fromName | quote }}
-  SMTP_DEBUG: {{ .Values.vaultwarden.smtp.debug | quote }}
-  SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.acceptInvalidHostnames | quote }}
-  SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.acceptInvalidCerts | quote }}
-  SMTP_USERNAME: {{ .Values.vaultwarden.smtp.username | quote }}
-  {{- end }}
-  {{- if .Values.vaultwarden.websocket.enabled }}
-  WEBSOCKET_ENABLED: "true"
-  WEBSOCKET_ADDRESS: {{ .Values.vaultwarden.websocket.address | quote }}
-  WEBSOCKET_PORT: {{ .Values.vaultwarden.websocket.port | quote }}
-  {{- end }}
-  DATA_FOLDER: {{ .Values.vaultwarden.storage.dataDir | quote }}
-  ROCKET_PORT: {{ .Values.vaultwarden.rocket.port | quote }}
-  ROCKET_WORKERS: {{ .Values.vaultwarden.rocket.workers | quote }}
-  SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPassHint | quote }}
-  SIGNUPS_ALLOWED: {{ .Values.vaultwarden.signupsAllowed | quote }}
-  INVITATIONS_ALLOWED: {{ .Values.vaultwarden.invitationsAllowed | quote }}
-  SIGNUPS_DOMAINS_WHITELIST: {{ .Values.vaultwarden.signupDomains | quote }}
-  SIGNUPS_VERIFY: {{ .Values.vaultwarden.signupsVerify | quote }}
-  WEB_VAULT_ENABLED: {{ .Values.vaultwarden.webVaultEnabled | quote }}
-  {{- if .Values.vaultwarden.logging.enabled }}
-  LOG_FILE: {{ .Values.vaultwarden.logging.logfile | quote }}
-  LOG_LEVEL: {{ .Values.vaultwarden.logging.loglevel | quote }}
-  {{- end }}
-  DB_CONNECTION_RETRIES: {{ .Values.vaultwarden.database.connectionRetries | quote }}
-  DATABASE_MAX_CONNS: {{ .Values.vaultwarden.database.maxConnections | quote }}
-  # -------------------------------------------------------------------
-  ORG_GROUPS_ENABLED: {{ .Values.vaultwarden.organizations.enabled | quote }}
-  ORG_EVENTS_ENABLED: {{ .Values.vaultwarden.organizations.orgEvents | quote }}
-  ORG_CREATION_USERS: {{ .Values.vaultwarden.organizations.crationUsers | quote }}
--- a/charts/vaultwarden/templates/deployment.yaml
+++ b/charts/vaultwarden/templates/deployment.yaml
@@ -1,96 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "vaultwarden.fullname" . }}
-  labels:
-    {{- include "vaultwarden.labels" . | nindent 4 }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      {{- include "vaultwarden.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
-      {{- end }}
-      labels:
-        {{- include "vaultwarden.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      {{- if .Values.vaultwarden.storage.enabled }}
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: {{ include "vaultwarden.fullname" . }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            exec:
-              command:
-                - sh 
-                - /healthcheck.sh
-          readinessProbe:
-            exec:
-              command:
-                - sh 
-                - /healthcheck.sh
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          envFrom:
-            - configMapRef:
-                name: {{ include "vaultwarden.fullname" . }}
-          env:
-            {{- if or (.Values.vaultwarden.smtp.password.value) (.Values.vaultwarden.smtp.password.existingSecretKey )}}
-            - name: SMTP_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.vaultwarden.smtp.password.existingSecret | default ( printf "%s-smtp" ( include "vaultwarden.fullname" . )) }}
-                  key: {{ default "SMTP_PASSWORD" .Values.vaultwarden.smtp.password.existingSecretKey }}
-            {{- end }}
-            - name: ADMIN_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.vaultwarden.adminToken.existingSecret | default ( printf "%s-admin-token" ( include "vaultwarden.fullname" . )) }}
-                  key: {{ default "ADMIN_TOKEN" .Values.vaultwarden.adminToken.existingSecretKey }}
-            {{- if ne "default" .Values.vaultwarden.database.type }}
-            - name: DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.vaultwarden.database.existingSecret | default ( printf "%s-db-creds" ( include "vaultwarden.fullname" . ))  }}
-                  key: {{ default "DATABASE_URL" .Values.vaultwarden.database.existingSecretKey }}
-            {{- end }}
-          {{- if .Values.vaultwarden.storage.enabled }}
-          volumeMounts:
-            - mountPath: {{ .Values.vaultwarden.storage.dataDir }}
-              name: data
-          {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
--- a/charts/vaultwarden/templates/ingress.yaml
+++ b/charts/vaultwarden/templates/ingress.yaml
@@ -1,61 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "vaultwarden.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
-  {{- end }}
-{{- end }}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    {{- include "vaultwarden.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.className }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
-            pathType: {{ .pathType }}
-            {{- end }}
-            backend:
-              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
-              service:
-                name: {{ $fullName }}
-                port:
-                  number: {{ $svcPort }}
-              {{- else }}
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-              {{- end }}
-          {{- end }}
-    {{- end }}
-{{- end }}
--- a/charts/vaultwarden/templates/install.yaml
+++ b/charts/vaultwarden/templates/install.yaml
@@ -0,0 +1,6 @@
+{{ include "lib.workload" . }}
+{{ include "lib.service" . }}
+{{ include "lib.ingress" . }}
+{{ include "lib.config.env" . }}
+{{ include "lib.pvc" . }}
+{{ include "lib.raw" . }}
--- a/charts/vaultwarden/templates/pvc.yaml
+++ b/charts/vaultwarden/templates/pvc.yaml
@@ -1,15 +0,0 @@
-{{- if .Values.vaultwarden.storage.enabled }}
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ include "vaultwarden.fullname" . }}
-  labels:
-    {{- include "vaultwarden.labels" . | nindent 4 }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.vaultwarden.storage.size }}
-  storageClassName: {{ .Values.vaultwarden.storage.class }}
-{{- end }}
--- a/charts/vaultwarden/templates/secret.yaml
+++ b/charts/vaultwarden/templates/secret.yaml
@@ -1,38 +0,0 @@
-{{- if not .Values.vaultwarden.adminToken.existingSecret }}  
---
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ include "vaultwarden.fullname" . }}-admin-token
-  labels:
-    {{- include "vaultwarden.labels" . | nindent 4 }}
-data:
-  ADMIN_TOKEN: {{ .Values.vaultwarden.adminToken.value | b64enc | quote }}
-{{- end }}
-
-{{- if not .Values.vaultwarden.database.existingSecret }}  
---
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ include "vaultwarden.fullname" . }}-db-creds
-  labels:
-    {{- include "vaultwarden.labels" . | nindent 4 }}
-data:
-  DATABASE_URL: {{ .Values.vaultwarden.database.connectionString | b64enc | quote }}
-{{- end }}
-
-{{- if not .Values.vaultwarden.smtp.password.existingSecret  }}  
---
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ include "vaultwarden.fullname" . }}-smtp
-  labels:
-    {{- include "vaultwarden.labels" . | nindent 4 }}
-data:
-  SMTP_PASSWORD: {{ .Values.vaultwarden.smtp.password.value | b64enc | quote }}
-{{- end }}
--- a/charts/vaultwarden/templates/service.yaml
+++ b/charts/vaultwarden/templates/service.yaml
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "vaultwarden.fullname" . }}
-  labels:
-    {{- include "vaultwarden.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "vaultwarden.selectorLabels" . | nindent 4 }}
--- a/charts/vaultwarden/values.yaml
+++ b/charts/vaultwarden/values.yaml
@@ -1,106 +1,114 @@
-image:
-  repository: registry.hub.docker.com/vaultwarden/server
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-podAnnotations: {}
-podSecurityContext: {}
-# fsGroup: 2000
+---
+workload:
+  kind: Deployment
+  strategy:
+    type: RollingUpdate
+  containers:
+    mealie:
+      image:
+        registry: registry.hub.docker.com
+        repository: vaultwarden/server
+        tag:
+        pullPolicy: Always
+      ports:
+        - vaultwarden
+      mounts:
+        storage:
+          data:
+            path: /app/data/
+          # logs:
+            # path: /app/logs
+      envFrom:
+        - environment
+        - secrets
+      livenessProbe:
+        exec:
+          command:
+            - sh
+            - /healthcheck.sh
+      readinessProbe:
+        exec:
+          command:
+            - sh
+            - /healthcheck.sh
+        initialDelaySeconds: 10
+        periodSeconds: 10

-securityContext: {}
-# capabilities:
-#   drop:
-#   - ALL
-# readOnlyRootFilesystem: true
-# runAsNonRoot: true
-# runAsUser: 1000
+ingress:
+  main:
+    class: traefik
+    annotations:
+      annotation: test
+    rules:
+      - hosts: vaultwarden.softplayer.net
+        http:
+          paths:
+            - backend:
+                service:
+                  name: '{{ include "chart.fullname" $ }}'
+                  port: 8080
+    tls:
+      - hosts:
+          - vaultwarden.softplayer.net
+        secretName: vaultwarden.softplayer.net

 service:
  type: ClusterIP
-  port: 8080
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-  # kubernetes.io/ingress.class: nginx
-  # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-resources: {}
-# We usually recommend not to specify default resources and to leave this as a conscious
-# choice for the user. This also increases chances charts run on environments with little
-# resources, such as Minikube. If you do want to specify resources, uncomment the following
-# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-# limits:
-#   cpu: 100m
-#   memory: 128Mi
-# requests:
-#   cpu: 100m
-#   memory: 128Mi
+  ports:
+    vaultwarden:
+      port: 9000
+      targetPort: 9000
+      protocol: TCP

-nodeSelector: {}
-tolerations: []
-affinity: {}
-vaultwarden:
-  smtp:
-    host: ""
-    security: "starttls"
-    port: 25
-    from: vaultwarden@badhouseplants.net
-    fromName: vaultwarden
-    username: vaultwarden
-    password:
-      value: "VerySecurePassword"
-      existingSecret: ""
-      existingSecretKey: ""
-    authMechanism: "Plain"
-    acceptInvalidHostnames: "false"
-    acceptInvalidCerts: "false"
-    debug: false
-  adminToken:
-    existingSecret: ""
-    existingSecretKey: ""
-    value: "R@ndomToken$tring"
-  domain: "https://badhouseplants.vaultwarden.com"
-  websocket:
+storage:
+  data:
+    storageClassName: default
+    size: 1G
+    accessModes:
+      - ReadWriteOnce
+  # logs:
+  # storageClassName: default
+  # size: 1G
+  # accessModes:
+  # - ReadWriteOnce
+
+# -- Please have a look here: https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
+env:
+  environment:
    enabled: true
-    address: "0.0.0.0"
-    port: 3012
-  rocket:
-    port: "8080"
-    workers: "10"
-  webVaultEnabled: "true"
-  signupsAllowed: true
-  invitationsAllowed: true
-  signupDomains: "https://badhouseplants.vaultwarden.com"
-  signupsVerify: "true"
-  showPassHint: "false"
-  database:
-    connectionString: "data/db.sqlite3"
-    existingSecret: ""
-    existingSecretKey: ""
-    connectionRetries: 15
-    maxConnections: 10
-  storage:
-    enabled: false
-    size: 1Gi
-    class: default
-    dataDir: /data
-  logging:
-    enabled: false
-    logfile: "/data/vaultwarden.log"
-    loglevel: "warn"
-  organizations:
-    enabled: false
-    orgEvents: false  # -- ORG_GROUPS_ENABLED
-    crationUsers: ""  # -- ORG_CREATION_USERS
+    sensitive: false
+    data:
+      DOMAIN: vaultwarden.softplayer.net
+      SMTP_HOST: ~
+      SMTP_SECURITY: startls
+      SMTP_PORT: 587
+      SMTP_AUTH_MECHANISM: Plain
+      SMTP_FROM: vaultwarden@softplayer.net
+      SMTP_FROM_NAME: Soft Player
+      SMTP_DEBUG: false
+      SMTP_ACCEPT_INVALID_HOSTNAMES: false
+      SMTP_ACCEPT_INVALID_CERTS: false
+      SMTP_USERNAME: ~
+      DATA_FOLDER: /app/data/
+      ROCKET_PORT: 8080
+      SHOW_PASSWORD_HINT: true
+      SIGNUPS_ALLOWED: false
+      INVITATIONS_ALLOWED: true
+      SIGNUPS_DOMAINS_WHITELIST: "*"
+      SIGNUPS_VERIFY: true
+      WEB_VAULT_ENABLED: true
+      LOG_FILE: /app/logs
+      LOG_LEVEL: info
+      DB_CONNECTION_RETRIES: 10
+      DATABASE_MAX_CONNS: 10
+      ORG_GROUPS_ENABLED: true
+      ORG_EVENTS_ENABLED: true
+      ORG_CREATION_USERS: ""
+
+  secrets:
+    enabled: true
+    sensitive: true
+    data:
+      ADMIN_TOKEN: "R@ndomToken$tring"
+      DATABASE_URL: ~
+      SMTP_PASSWORD: ~