Compare commits

...

3 Commits

Author SHA1 Message Date
bcaee96be8
Minor fixes 2024-07-15 19:57:12 +02:00
df1be9ba90
Fix vaultwarden deps 2024-07-15 19:54:59 +02:00
bba8748576
Move vaultwarden to softplayer-lib 2024-07-15 19:53:19 +02:00
20 changed files with 143 additions and 407 deletions

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
bin bin
custom custom
*.tgz

View File

@ -70,6 +70,7 @@ steps:
--password $REGISTRY_PASSWORD --password $REGISTRY_PASSWORD
- | - |
for chart in $(find charts -maxdepth 1 -mindepth 1 -type d); do for chart in $(find charts -maxdepth 1 -mindepth 1 -type d); do
helm dependency update $chart
helm package $chart -d chart-packages; helm package $chart -d chart-packages;
done done
- | - |

View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: softplayer-lib-workload - name: softplayer-lib-workload
repository: oci://git.badhouseplants.net/softplayer repository: oci://git.badhouseplants.net/softplayer
version: 0.2.0 version: 0.2.1
digest: sha256:e6bf909ead48b331a49921e1cf504791fb5ec0a80561d797ae06c7a44ad8a9cd digest: sha256:a3a4a69717a3549841454a0e27a1a9114ea8a03543caf5c0c9a184d5a98f36b4
generated: "2024-07-15T08:45:21.509772+02:00" generated: "2024-07-15T19:51:29.734002+02:00"

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: mealie name: mealie
description: A Helm chart for running Mealie description: A Helm chart for running Mealie
type: application type: application
version: 0.1.0 version: 0.2.0
appVersion: v1.10.2 appVersion: v1.10.2
maintainers: maintainers:
- name: allanger - name: allanger
@ -10,7 +10,7 @@ maintainers:
url: https://badhouseplants.net url: https://badhouseplants.net
dependencies: dependencies:
- name: softplayer-lib-workload - name: softplayer-lib-workload
version: 0.2.0 version: 0.2.1
repository: oci://git.badhouseplants.net/softplayer repository: oci://git.badhouseplants.net/softplayer
annotations: annotations:
allowed_workload_kinds: "Deployment" allowed_workload_kinds: "Deployment"

View File

@ -2,6 +2,5 @@
{{ include "lib.service" . }} {{ include "lib.service" . }}
{{ include "lib.ingress" . }} {{ include "lib.ingress" . }}
{{ include "lib.config.env" . }} {{ include "lib.config.env" . }}
{{ include "lib.config.files" . }}
{{ include "lib.pvc" . }} {{ include "lib.pvc" . }}
{{ include "lib.raw" . }} {{ include "lib.raw" . }}

View File

@ -66,6 +66,7 @@ storage:
- ReadWriteOnce - ReadWriteOnce
env: env:
environment: environment:
enabled: true
sensitive: false sensitive: false
data: data:
ALLOW_SIGNUP: true ALLOW_SIGNUP: true
@ -77,10 +78,11 @@ env:
BASE_URL: https://mealie.softplayer.com BASE_URL: https://mealie.softplayer.com
DB_ENGINE: postgres DB_ENGINE: postgres
secrets: secrets:
enabled: true
sensitive: true sensitive: true
data: data:
POSTGRES_USER: mealie POSTGRES_USER: ~
POSTGRES_PASSWORD: mealie POSTGRES_PASSWORD: ~
POSTGRES_SERVER: postgres POSTGRES_SERVER: ~
POSTGRES_PORT: 5432 POSTGRES_PORT: ~
POSTGRES_DB: mealie POSTGRES_DB: ~

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: team-fortress-2 name: team-fortress-2
description: A Helm chart for running a Team Fortress 2 server description: A Helm chart for running a Team Fortress 2 server
type: application type: application
version: 0.1.1 version: 0.1.2
appVersion: "latest" appVersion: "latest"
maintainers: maintainers:
- name: allanger - name: allanger

View File

@ -0,0 +1,6 @@
dependencies:
- name: softplayer-lib-workload
repository: oci://git.badhouseplants.net/softplayer
version: 0.2.1
digest: sha256:a3a4a69717a3549841454a0e27a1a9114ea8a03543caf5c0c9a184d5a98f36b4
generated: "2024-07-15T19:54:46.672967+02:00"

View File

@ -2,12 +2,18 @@ apiVersion: v2
name: vaultwarden name: vaultwarden
description: Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs description: Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
type: application type: application
version: 1.2.0 version: 2.0.0
appVersion: 1.30.5 appVersion: 1.31.0
maintainers: maintainers:
- name: allanger - name: allanger
email: allanger@zohomail.com email: allanger@zohomail.com
url: https://badhouseplants.net url: https://badhouseplants.net
dependencies:
- name: softplayer-lib-workload
version: 0.2.1
repository: oci://git.badhouseplants.net/softplayer
annotations:
allowed_workload_kinds: "Deployment"
sources: sources:
- https://github.com/dani-garcia/vaultwarden/tree/main - https://github.com/dani-garcia/vaultwarden/tree/main
keywords: keywords:

View File

@ -1,22 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "vaultwarden.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "vaultwarden.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "vaultwarden.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "vaultwarden.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

View File

@ -1,46 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "vaultwarden.fullname" . }}
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
data:
DOMAIN: {{ .Values.vaultwarden.domain | quote }}
{{- if and .Values.vaultwarden.smtp.host .Values.vaultwarden.smtp.from | quote }}
SMTP_HOST: {{ .Values.vaultwarden.smtp.host | quote }}
SMTP_SECURITY: {{ .Values.vaultwarden.smtp.security | quote }}
SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
{{- if .Values.vaultwarden.smtp.authMechanism }}
SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
{{- end }}
SMTP_FROM: {{ .Values.vaultwarden.smtp.from | quote }}
SMTP_FROM_NAME: {{ default "Vaultwarden" .Values.vaultwarden.smtp.fromName | quote }}
SMTP_DEBUG: {{ .Values.vaultwarden.smtp.debug | quote }}
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.acceptInvalidHostnames | quote }}
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.acceptInvalidCerts | quote }}
SMTP_USERNAME: {{ .Values.vaultwarden.smtp.username | quote }}
{{- end }}
{{- if .Values.vaultwarden.websocket.enabled }}
WEBSOCKET_ENABLED: "true"
WEBSOCKET_ADDRESS: {{ .Values.vaultwarden.websocket.address | quote }}
WEBSOCKET_PORT: {{ .Values.vaultwarden.websocket.port | quote }}
{{- end }}
DATA_FOLDER: {{ .Values.vaultwarden.storage.dataDir | quote }}
ROCKET_PORT: {{ .Values.vaultwarden.rocket.port | quote }}
ROCKET_WORKERS: {{ .Values.vaultwarden.rocket.workers | quote }}
SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPassHint | quote }}
SIGNUPS_ALLOWED: {{ .Values.vaultwarden.signupsAllowed | quote }}
INVITATIONS_ALLOWED: {{ .Values.vaultwarden.invitationsAllowed | quote }}
SIGNUPS_DOMAINS_WHITELIST: {{ .Values.vaultwarden.signupDomains | quote }}
SIGNUPS_VERIFY: {{ .Values.vaultwarden.signupsVerify | quote }}
WEB_VAULT_ENABLED: {{ .Values.vaultwarden.webVaultEnabled | quote }}
{{- if .Values.vaultwarden.logging.enabled }}
LOG_FILE: {{ .Values.vaultwarden.logging.logfile | quote }}
LOG_LEVEL: {{ .Values.vaultwarden.logging.loglevel | quote }}
{{- end }}
DB_CONNECTION_RETRIES: {{ .Values.vaultwarden.database.connectionRetries | quote }}
DATABASE_MAX_CONNS: {{ .Values.vaultwarden.database.maxConnections | quote }}
# -------------------------------------------------------------------
ORG_GROUPS_ENABLED: {{ .Values.vaultwarden.organizations.enabled | quote }}
ORG_EVENTS_ENABLED: {{ .Values.vaultwarden.organizations.orgEvents | quote }}
ORG_CREATION_USERS: {{ .Values.vaultwarden.organizations.crationUsers | quote }}

View File

@ -1,96 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "vaultwarden.fullname" . }}
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "vaultwarden.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
labels:
{{- include "vaultwarden.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.vaultwarden.storage.enabled }}
volumes:
- name: data
persistentVolumeClaim:
claimName: {{ include "vaultwarden.fullname" . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
exec:
command:
- sh
- /healthcheck.sh
readinessProbe:
exec:
command:
- sh
- /healthcheck.sh
resources:
{{- toYaml .Values.resources | nindent 12 }}
envFrom:
- configMapRef:
name: {{ include "vaultwarden.fullname" . }}
env:
{{- if or (.Values.vaultwarden.smtp.password.value) (.Values.vaultwarden.smtp.password.existingSecretKey )}}
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.vaultwarden.smtp.password.existingSecret | default ( printf "%s-smtp" ( include "vaultwarden.fullname" . )) }}
key: {{ default "SMTP_PASSWORD" .Values.vaultwarden.smtp.password.existingSecretKey }}
{{- end }}
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.vaultwarden.adminToken.existingSecret | default ( printf "%s-admin-token" ( include "vaultwarden.fullname" . )) }}
key: {{ default "ADMIN_TOKEN" .Values.vaultwarden.adminToken.existingSecretKey }}
{{- if ne "default" .Values.vaultwarden.database.type }}
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: {{ .Values.vaultwarden.database.existingSecret | default ( printf "%s-db-creds" ( include "vaultwarden.fullname" . )) }}
key: {{ default "DATABASE_URL" .Values.vaultwarden.database.existingSecretKey }}
{{- end }}
{{- if .Values.vaultwarden.storage.enabled }}
volumeMounts:
- mountPath: {{ .Values.vaultwarden.storage.dataDir }}
name: data
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

View File

@ -1,61 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "vaultwarden.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,6 @@
{{ include "lib.workload" . }}
{{ include "lib.service" . }}
{{ include "lib.ingress" . }}
{{ include "lib.config.env" . }}
{{ include "lib.pvc" . }}
{{ include "lib.raw" . }}

View File

@ -1,15 +0,0 @@
{{- if .Values.vaultwarden.storage.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "vaultwarden.fullname" . }}
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.vaultwarden.storage.size }}
storageClassName: {{ .Values.vaultwarden.storage.class }}
{{- end }}

View File

@ -1,38 +0,0 @@
{{- if not .Values.vaultwarden.adminToken.existingSecret }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "vaultwarden.fullname" . }}-admin-token
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
data:
ADMIN_TOKEN: {{ .Values.vaultwarden.adminToken.value | b64enc | quote }}
{{- end }}
{{- if not .Values.vaultwarden.database.existingSecret }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "vaultwarden.fullname" . }}-db-creds
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
data:
DATABASE_URL: {{ .Values.vaultwarden.database.connectionString | b64enc | quote }}
{{- end }}
{{- if not .Values.vaultwarden.smtp.password.existingSecret }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "vaultwarden.fullname" . }}-smtp
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
data:
SMTP_PASSWORD: {{ .Values.vaultwarden.smtp.password.value | b64enc | quote }}
{{- end }}

View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "vaultwarden.fullname" . }}
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "vaultwarden.selectorLabels" . | nindent 4 }}

View File

@ -1,106 +1,114 @@
image: ---
repository: registry.hub.docker.com/vaultwarden/server workload:
pullPolicy: IfNotPresent kind: Deployment
# Overrides the image tag whose default is the chart appVersion. strategy:
tag: "" type: RollingUpdate
imagePullSecrets: [] containers:
nameOverride: "" mealie:
fullnameOverride: "" image:
podAnnotations: {} registry: registry.hub.docker.com
podSecurityContext: {} repository: vaultwarden/server
# fsGroup: 2000 tag:
pullPolicy: Always
ports:
- vaultwarden
mounts:
storage:
data:
path: /app/data/
# logs:
# path: /app/logs
envFrom:
- environment
- secrets
livenessProbe:
exec:
command:
- sh
- /healthcheck.sh
readinessProbe:
exec:
command:
- sh
- /healthcheck.sh
initialDelaySeconds: 10
periodSeconds: 10
securityContext: {} ingress:
# capabilities: main:
# drop: class: traefik
# - ALL annotations:
# readOnlyRootFilesystem: true annotation: test
# runAsNonRoot: true rules:
# runAsUser: 1000 - hosts: vaultwarden.softplayer.net
http:
paths:
- backend:
service:
name: '{{ include "chart.fullname" $ }}'
port: 8080
tls:
- hosts:
- vaultwarden.softplayer.net
secretName: vaultwarden.softplayer.net
service: service:
type: ClusterIP type: ClusterIP
port: 8080 ports:
ingress: vaultwarden:
enabled: false port: 9000
className: "" targetPort: 9000
annotations: {} protocol: TCP
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {} storage:
tolerations: [] data:
affinity: {} storageClassName: default
vaultwarden: size: 1G
smtp: accessModes:
host: "" - ReadWriteOnce
security: "starttls" # logs:
port: 25 # storageClassName: default
from: vaultwarden@badhouseplants.net # size: 1G
fromName: vaultwarden # accessModes:
username: vaultwarden # - ReadWriteOnce
password:
value: "VerySecurePassword" # -- Please have a look here: https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
existingSecret: "" env:
existingSecretKey: "" environment:
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
adminToken:
existingSecret: ""
existingSecretKey: ""
value: "R@ndomToken$tring"
domain: "https://badhouseplants.vaultwarden.com"
websocket:
enabled: true enabled: true
address: "0.0.0.0" sensitive: false
port: 3012 data:
rocket: DOMAIN: vaultwarden.softplayer.net
port: "8080" SMTP_HOST: ~
workers: "10" SMTP_SECURITY: startls
webVaultEnabled: "true" SMTP_PORT: 587
signupsAllowed: true SMTP_AUTH_MECHANISM: Plain
invitationsAllowed: true SMTP_FROM: vaultwarden@softplayer.net
signupDomains: "https://badhouseplants.vaultwarden.com" SMTP_FROM_NAME: Soft Player
signupsVerify: "true" SMTP_DEBUG: false
showPassHint: "false" SMTP_ACCEPT_INVALID_HOSTNAMES: false
database: SMTP_ACCEPT_INVALID_CERTS: false
connectionString: "data/db.sqlite3" SMTP_USERNAME: ~
existingSecret: "" DATA_FOLDER: /app/data/
existingSecretKey: "" ROCKET_PORT: 8080
connectionRetries: 15 SHOW_PASSWORD_HINT: true
maxConnections: 10 SIGNUPS_ALLOWED: false
storage: INVITATIONS_ALLOWED: true
enabled: false SIGNUPS_DOMAINS_WHITELIST: "*"
size: 1Gi SIGNUPS_VERIFY: true
class: default WEB_VAULT_ENABLED: true
dataDir: /data LOG_FILE: /app/logs
logging: LOG_LEVEL: info
enabled: false DB_CONNECTION_RETRIES: 10
logfile: "/data/vaultwarden.log" DATABASE_MAX_CONNS: 10
loglevel: "warn" ORG_GROUPS_ENABLED: true
organizations: ORG_EVENTS_ENABLED: true
enabled: false ORG_CREATION_USERS: ""
orgEvents: false # -- ORG_GROUPS_ENABLED
crationUsers: "" # -- ORG_CREATION_USERS secrets:
enabled: true
sensitive: true
data:
ADMIN_TOKEN: "R@ndomToken$tring"
DATABASE_URL: ~
SMTP_PASSWORD: ~