Move vaultwarden to softplayer-lib

2024-07-15 19:53:19 +02:00 · 2024-07-15 19:53:19 +02:00 · bba8748576
commit bba8748576
parent 8a0cf86d26
19 changed files with 141 additions and 405 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 bin
 custom
 *.tgz
--- a/.woodpecker/.helm-workflow.yml
+++ b/.woodpecker/.helm-workflow.yml
@ -70,6 +70,7 @@ steps:
            --password $REGISTRY_PASSWORD
      - |
          for chart in $(find charts -maxdepth 1 -mindepth 1 -type d); do
            helm dependency update $chart
            helm package $chart -d chart-packages;
          done
      - |
--- a/charts/mealie/Chart.lock
+++ b/charts/mealie/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: softplayer-lib-workload
  repository: oci://git.badhouseplants.net/softplayer
-  version: 0.2.0
+  version: 0.2.1
-digest: sha256:e6bf909ead48b331a49921e1cf504791fb5ec0a80561d797ae06c7a44ad8a9cd
+digest: sha256:a3a4a69717a3549841454a0e27a1a9114ea8a03543caf5c0c9a184d5a98f36b4
-generated: "2024-07-15T08:45:21.509772+02:00"
+generated: "2024-07-15T19:51:29.734002+02:00"
--- a/charts/mealie/Chart.yaml
+++ b/charts/mealie/Chart.yaml
@ -10,7 +10,7 @@ maintainers:
    url: https://badhouseplants.net
 dependencies:
  - name: softplayer-lib-workload
-    version: 0.2.0
+    version: 0.2.1
    repository: oci://git.badhouseplants.net/softplayer
 annotations:
  allowed_workload_kinds: "Deployment"
--- a/charts/mealie/charts/softplayer-lib-workload-0.2.0.tgz
+++ b/charts/mealie/charts/softplayer-lib-workload-0.2.0.tgz
--- a/charts/mealie/templates/install.yaml
+++ b/charts/mealie/templates/install.yaml
@ -2,6 +2,5 @@
 {{ include "lib.service" . }}
 {{ include "lib.ingress" . }}
 {{ include "lib.config.env" . }}
 {{ include "lib.config.files" . }}
 {{ include "lib.pvc" . }}
 {{ include "lib.raw" . }}
--- a/charts/mealie/values.yaml
+++ b/charts/mealie/values.yaml
@ -66,6 +66,7 @@ storage:
      - ReadWriteOnce
 env:
  environment:
    enabled: true
    sensitive: false
    data:
      ALLOW_SIGNUP: true
@ -77,10 +78,11 @@ env:
      BASE_URL: https://mealie.softplayer.com
      DB_ENGINE: postgres
  secrets:
    enabled: true
    sensitive: true
    data:
-      POSTGRES_USER: mealie
+      POSTGRES_USER: ~
-      POSTGRES_PASSWORD: mealie
+      POSTGRES_PASSWORD: ~
-      POSTGRES_SERVER: postgres
+      POSTGRES_SERVER: ~
-      POSTGRES_PORT: 5432
+      POSTGRES_PORT: ~
-      POSTGRES_DB: mealie
+      POSTGRES_DB: ~
--- a/charts/team-fortress-2/charts/softplayer-lib-workload-0.1.8.tgz
+++ b/charts/team-fortress-2/charts/softplayer-lib-workload-0.1.8.tgz
--- a/charts/vaultwarden/Chart.lock
+++ b/charts/vaultwarden/Chart.lock
@ -0,0 +1,6 @@
 dependencies:
 - name: softplayer-lib-workload
  repository: file://../../../softplayer-helm-lib/charts/workload/
  version: 0.2.1
 digest: sha256:a640e69a2823f6b5534cef9c3c7e8513e0ec6ce6c26904e32da03eb40bcd3143
 generated: "2024-07-15T19:46:39.750564+02:00"
--- a/charts/vaultwarden/Chart.yaml
+++ b/charts/vaultwarden/Chart.yaml
@ -2,12 +2,18 @@ apiVersion: v2
 name: vaultwarden
 description: Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
 type: application
-version: 1.2.0
+version: 2.0.0
-appVersion: 1.30.5
+appVersion: 1.31.0
 maintainers:
  - name: allanger
    email: allanger@zohomail.com
    url: https://badhouseplants.net
 dependencies:
  - name: softplayer-lib-workload
    version: 0.2.1
    repository: oci://git.badhouseplants.net/softplayer
 annotations:
  allowed_workload_kinds: "Deployment"
 sources:
  - https://github.com/dani-garcia/vaultwarden/tree/main
 keywords:
--- a/charts/vaultwarden/templates/NOTES.txt
+++ b/charts/vaultwarden/templates/NOTES.txt
@ -1,22 +0,0 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "vaultwarden.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "vaultwarden.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "vaultwarden.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "vaultwarden.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
--- a/charts/vaultwarden/templates/configmap.yaml
+++ b/charts/vaultwarden/templates/configmap.yaml
@ -1,46 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "vaultwarden.fullname" . }}
  labels:
    {{- include "vaultwarden.labels" . | nindent 4 }}
 data:
  DOMAIN: {{ .Values.vaultwarden.domain | quote }}
  {{- if and .Values.vaultwarden.smtp.host .Values.vaultwarden.smtp.from | quote }}
  SMTP_HOST: {{ .Values.vaultwarden.smtp.host | quote }}
  SMTP_SECURITY: {{ .Values.vaultwarden.smtp.security | quote }}
  SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
  {{- if .Values.vaultwarden.smtp.authMechanism }}
  SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
  {{- end }}
  SMTP_FROM: {{ .Values.vaultwarden.smtp.from | quote }}
  SMTP_FROM_NAME: {{ default "Vaultwarden" .Values.vaultwarden.smtp.fromName | quote }}
  SMTP_DEBUG: {{ .Values.vaultwarden.smtp.debug | quote }}
  SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.acceptInvalidHostnames | quote }}
  SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.acceptInvalidCerts | quote }}
  SMTP_USERNAME: {{ .Values.vaultwarden.smtp.username | quote }}
  {{- end }}
  {{- if .Values.vaultwarden.websocket.enabled }}
  WEBSOCKET_ENABLED: "true"
  WEBSOCKET_ADDRESS: {{ .Values.vaultwarden.websocket.address | quote }}
  WEBSOCKET_PORT: {{ .Values.vaultwarden.websocket.port | quote }}
  {{- end }}
  DATA_FOLDER: {{ .Values.vaultwarden.storage.dataDir | quote }}
  ROCKET_PORT: {{ .Values.vaultwarden.rocket.port | quote }}
  ROCKET_WORKERS: {{ .Values.vaultwarden.rocket.workers | quote }}
  SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPassHint | quote }}
  SIGNUPS_ALLOWED: {{ .Values.vaultwarden.signupsAllowed | quote }}
  INVITATIONS_ALLOWED: {{ .Values.vaultwarden.invitationsAllowed | quote }}
  SIGNUPS_DOMAINS_WHITELIST: {{ .Values.vaultwarden.signupDomains | quote }}
  SIGNUPS_VERIFY: {{ .Values.vaultwarden.signupsVerify | quote }}
  WEB_VAULT_ENABLED: {{ .Values.vaultwarden.webVaultEnabled | quote }}
  {{- if .Values.vaultwarden.logging.enabled }}
  LOG_FILE: {{ .Values.vaultwarden.logging.logfile | quote }}
  LOG_LEVEL: {{ .Values.vaultwarden.logging.loglevel | quote }}
  {{- end }}
  DB_CONNECTION_RETRIES: {{ .Values.vaultwarden.database.connectionRetries | quote }}
  DATABASE_MAX_CONNS: {{ .Values.vaultwarden.database.maxConnections | quote }}
  # -------------------------------------------------------------------
  ORG_GROUPS_ENABLED: {{ .Values.vaultwarden.organizations.enabled | quote }}
  ORG_EVENTS_ENABLED: {{ .Values.vaultwarden.organizations.orgEvents | quote }}
  ORG_CREATION_USERS: {{ .Values.vaultwarden.organizations.crationUsers | quote }}
--- a/charts/vaultwarden/templates/deployment.yaml
+++ b/charts/vaultwarden/templates/deployment.yaml
@ -1,96 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "vaultwarden.fullname" . }}
  labels:
    {{- include "vaultwarden.labels" . | nindent 4 }}
 spec:
  replicas: 1
  selector:
    matchLabels:
      {{- include "vaultwarden.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
      {{- end }}
      labels:
        {{- include "vaultwarden.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      {{- if .Values.vaultwarden.storage.enabled }}
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: {{ include "vaultwarden.fullname" . }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          livenessProbe:
            exec:
              command:
                - sh 
                - /healthcheck.sh
          readinessProbe:
            exec:
              command:
                - sh 
                - /healthcheck.sh
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          envFrom:
            - configMapRef:
                name: {{ include "vaultwarden.fullname" . }}
          env:
            {{- if or (.Values.vaultwarden.smtp.password.value) (.Values.vaultwarden.smtp.password.existingSecretKey )}}
            - name: SMTP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.vaultwarden.smtp.password.existingSecret | default ( printf "%s-smtp" ( include "vaultwarden.fullname" . )) }}
                  key: {{ default "SMTP_PASSWORD" .Values.vaultwarden.smtp.password.existingSecretKey }}
            {{- end }}
            - name: ADMIN_TOKEN
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.vaultwarden.adminToken.existingSecret | default ( printf "%s-admin-token" ( include "vaultwarden.fullname" . )) }}
                  key: {{ default "ADMIN_TOKEN" .Values.vaultwarden.adminToken.existingSecretKey }}
            {{- if ne "default" .Values.vaultwarden.database.type }}
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.vaultwarden.database.existingSecret | default ( printf "%s-db-creds" ( include "vaultwarden.fullname" . ))  }}
                  key: {{ default "DATABASE_URL" .Values.vaultwarden.database.existingSecretKey }}
            {{- end }}
          {{- if .Values.vaultwarden.storage.enabled }}
          volumeMounts:
            - mountPath: {{ .Values.vaultwarden.storage.dataDir }}
              name: data
          {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
--- a/charts/vaultwarden/templates/ingress.yaml
+++ b/charts/vaultwarden/templates/ingress.yaml
@ -1,61 +0,0 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "vaultwarden.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
  {{- end }}
 {{- end }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1
 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "vaultwarden.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
  ingressClassName: {{ .Values.ingress.className }}
  {{- end }}
  {{- if .Values.ingress.tls }}
  tls:
    {{- range .Values.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
            pathType: {{ .pathType }}
            {{- end }}
            backend:
              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
              service:
                name: {{ $fullName }}
                port:
                  number: {{ $svcPort }}
              {{- else }}
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
              {{- end }}
          {{- end }}
    {{- end }}
 {{- end }}
--- a/charts/vaultwarden/templates/install.yaml
+++ b/charts/vaultwarden/templates/install.yaml
@ -0,0 +1,6 @@
 {{ include "lib.workload" . }}
 {{ include "lib.service" . }}
 {{ include "lib.ingress" . }}
 {{ include "lib.config.env" . }}
 {{ include "lib.pvc" . }}
 {{ include "lib.raw" . }}
--- a/charts/vaultwarden/templates/pvc.yaml
+++ b/charts/vaultwarden/templates/pvc.yaml
@ -1,15 +0,0 @@
 {{- if .Values.vaultwarden.storage.enabled }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ include "vaultwarden.fullname" . }}
  labels:
    {{- include "vaultwarden.labels" . | nindent 4 }}
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.vaultwarden.storage.size }}
  storageClassName: {{ .Values.vaultwarden.storage.class }}
 {{- end }}
--- a/charts/vaultwarden/templates/secret.yaml
+++ b/charts/vaultwarden/templates/secret.yaml
@ -1,38 +0,0 @@
 {{- if not .Values.vaultwarden.adminToken.existingSecret }}  
 ---
 apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
  name: {{ include "vaultwarden.fullname" . }}-admin-token
  labels:
    {{- include "vaultwarden.labels" . | nindent 4 }}
 data:
  ADMIN_TOKEN: {{ .Values.vaultwarden.adminToken.value | b64enc | quote }}
 {{- end }}
 {{- if not .Values.vaultwarden.database.existingSecret }}  
 ---
 apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
  name: {{ include "vaultwarden.fullname" . }}-db-creds
  labels:
    {{- include "vaultwarden.labels" . | nindent 4 }}
 data:
  DATABASE_URL: {{ .Values.vaultwarden.database.connectionString | b64enc | quote }}
 {{- end }}
 {{- if not .Values.vaultwarden.smtp.password.existingSecret  }}  
 ---
 apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
  name: {{ include "vaultwarden.fullname" . }}-smtp
  labels:
    {{- include "vaultwarden.labels" . | nindent 4 }}
 data:
  SMTP_PASSWORD: {{ .Values.vaultwarden.smtp.password.value | b64enc | quote }}
 {{- end }}
--- a/charts/vaultwarden/templates/service.yaml
+++ b/charts/vaultwarden/templates/service.yaml
@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "vaultwarden.fullname" . }}
  labels:
    {{- include "vaultwarden.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "vaultwarden.selectorLabels" . | nindent 4 }}
--- a/charts/vaultwarden/values.yaml
+++ b/charts/vaultwarden/values.yaml
@ -1,106 +1,114 @@
-image:
+---
-  repository: registry.hub.docker.com/vaultwarden/server
+workload:
-  pullPolicy: IfNotPresent
+  kind: Deployment
-  # Overrides the image tag whose default is the chart appVersion.
+  strategy:
-  tag: ""
+    type: RollingUpdate
-imagePullSecrets: []
+  containers:
-nameOverride: ""
+    mealie:
-fullnameOverride: ""
+      image:
-podAnnotations: {}
+        registry: registry.hub.docker.com
-podSecurityContext: {}
+        repository: vaultwarden/server
-# fsGroup: 2000
+        tag:
        pullPolicy: Always
      ports:
        - vaultwarden
      mounts:
        storage:
          data:
            path: /app/data/
          # logs:
            # path: /app/logs
      envFrom:
        - environment
        - secrets
      livenessProbe:
        exec:
          command:
            - sh
            - /healthcheck.sh
      readinessProbe:
        exec:
          command:
            - sh
            - /healthcheck.sh
        initialDelaySeconds: 10
        periodSeconds: 10
-securityContext: {}
+ingress:
-# capabilities:
+  main:
-#   drop:
+    class: traefik
-#   - ALL
+    annotations:
-# readOnlyRootFilesystem: true
+      annotation: test
-# runAsNonRoot: true
+    rules:
-# runAsUser: 1000
+      - hosts: vaultwarden.softplayer.net
        http:
          paths:
            - backend:
                service:
                  name: '{{ include "chart.fullname" $ }}'
                  port: 8080
    tls:
      - hosts:
          - vaultwarden.softplayer.net
        secretName: vaultwarden.softplayer.net
 service:
  type: ClusterIP
-  port: 8080
+  ports:
-ingress:
+    vaultwarden:
-  enabled: false
+      port: 9000
-  className: ""
+      targetPort: 9000
-  annotations: {}
+      protocol: TCP
  # kubernetes.io/ingress.class: nginx
  # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 resources: {}
 # We usually recommend not to specify default resources and to leave this as a conscious
 # choice for the user. This also increases chances charts run on environments with little
 # resources, such as Minikube. If you do want to specify resources, uncomment the following
 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
 # limits:
 #   cpu: 100m
 #   memory: 128Mi
 # requests:
 #   cpu: 100m
 #   memory: 128Mi
-nodeSelector: {}
+storage:
-tolerations: []
+  data:
-affinity: {}
+    storageClassName: default
-vaultwarden:
+    size: 1G
-  smtp:
+    accessModes:
-    host: ""
+      - ReadWriteOnce
-    security: "starttls"
+  # logs:
-    port: 25
+  # storageClassName: default
-    from: vaultwarden@badhouseplants.net
+  # size: 1G
-    fromName: vaultwarden
+  # accessModes:
-    username: vaultwarden
+  # - ReadWriteOnce
-    password:
+
-      value: "VerySecurePassword"
+# -- Please have a look here: https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
-      existingSecret: ""
+env:
-      existingSecretKey: ""
+  environment:
    authMechanism: "Plain"
    acceptInvalidHostnames: "false"
    acceptInvalidCerts: "false"
    debug: false
  adminToken:
    existingSecret: ""
    existingSecretKey: ""
    value: "R@ndomToken$tring"
  domain: "https://badhouseplants.vaultwarden.com"
  websocket:
    enabled: true
-    address: "0.0.0.0"
+    sensitive: false
-    port: 3012
+    data:
-  rocket:
+      DOMAIN: vaultwarden.softplayer.net
-    port: "8080"
+      SMTP_HOST: ~
-    workers: "10"
+      SMTP_SECURITY: startls
-  webVaultEnabled: "true"
+      SMTP_PORT: 587
-  signupsAllowed: true
+      SMTP_AUTH_MECHANISM: Plain
-  invitationsAllowed: true
+      SMTP_FROM: vaultwarden@softplayer.net
-  signupDomains: "https://badhouseplants.vaultwarden.com"
+      SMTP_FROM_NAME: Soft Player
-  signupsVerify: "true"
+      SMTP_DEBUG: false
-  showPassHint: "false"
+      SMTP_ACCEPT_INVALID_HOSTNAMES: false
-  database:
+      SMTP_ACCEPT_INVALID_CERTS: false
-    connectionString: "data/db.sqlite3"
+      SMTP_USERNAME: ~
-    existingSecret: ""
+      DATA_FOLDER: /app/data/
-    existingSecretKey: ""
+      ROCKET_PORT: 8080
-    connectionRetries: 15
+      SHOW_PASSWORD_HINT: true
-    maxConnections: 10
+      SIGNUPS_ALLOWED: false
-  storage:
+      INVITATIONS_ALLOWED: true
-    enabled: false
+      SIGNUPS_DOMAINS_WHITELIST: "*"
-    size: 1Gi
+      SIGNUPS_VERIFY: true
-    class: default
+      WEB_VAULT_ENABLED: true
-    dataDir: /data
+      LOG_FILE: /app/logs
-  logging:
+      LOG_LEVEL: info
-    enabled: false
+      DB_CONNECTION_RETRIES: 10
-    logfile: "/data/vaultwarden.log"
+      DATABASE_MAX_CONNS: 10
-    loglevel: "warn"
+      ORG_GROUPS_ENABLED: true
-  organizations:
+      ORG_EVENTS_ENABLED: true
-    enabled: false
+      ORG_CREATION_USERS: ""
-    orgEvents: false  # -- ORG_GROUPS_ENABLED
+
-    crationUsers: ""  # -- ORG_CREATION_USERS
+  secrets:
    enabled: true
    sensitive: true
    data:
      ADMIN_TOKEN: "R@ndomToken$tring"
      DATABASE_URL: ~
      SMTP_PASSWORD: ~