diff --git a/vaultwarden/ingress.yaml b/vaultwarden/ingress.yaml new file mode 100644 index 0000000..5e7c1e4 --- /dev/null +++ b/vaultwarden/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden + namespace: vaultwarden + annotations: + haproxy-ingress.github.io/ssl-redirect: "true" +spec: + ingressClassName: haproxy + rules: + - host: warden.strudelline.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vaultwarden + port: + number: 80 + tls: + - hosts: + - warden.strudelline.net + secretName: wildcard-tls diff --git a/vaultwarden/nfs-data-vol.yaml b/vaultwarden/nfs-data-vol.yaml new file mode 100644 index 0000000..21c1554 --- /dev/null +++ b/vaultwarden/nfs-data-vol.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vaultwarden-data + namespace: vaultwarden +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: nfs diff --git a/vaultwarden/ns.yaml b/vaultwarden/ns.yaml new file mode 100644 index 0000000..6fc17a5 --- /dev/null +++ b/vaultwarden/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vaultwarden diff --git a/vaultwarden/svc.yaml b/vaultwarden/svc.yaml new file mode 100644 index 0000000..1931ba1 --- /dev/null +++ b/vaultwarden/svc.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: vaultwarden + name: vaultwarden + namespace: vaultwarden +spec: + selector: + app: vaultwarden + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + clusterIP: None + type: ClusterIP diff --git a/vaultwarden/vaultwarden-deployment.yaml b/vaultwarden/vaultwarden-deployment.yaml new file mode 100644 index 0000000..a939410 --- /dev/null +++ b/vaultwarden/vaultwarden-deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: vaultwarden + name: vaultwarden +spec: + replicas: 1 + selector: + matchLabels: + app: vaultwarden + strategy: + type: Recreate + template: + metadata: + labels: + app: vaultwarden + spec: + containers: + - env: + - name: ADMIN_RATELIMIT_MAX_BURST + value: "2" + - name: ADMIN_RATELIMIT_SECONDS + value: "60" + - name: ADMIN_TOKEN + value: '"AIRN*hup*twed@grif6prud"' + - name: DOMAIN + value: https://warden.strudelline.net + - name: EMERGENCY_ACCESS_ALLOWED + value: "true" + - name: IP_HEADER + value: CF-Connecting-IP + - name: LOGIN_RATELIMIT_MAX_BURST + value: "2" + - name: LOGIN_RATELIMIT_SECONDS + value: "30" + - name: SENDS_ALLOWED + value: "true" + - name: SIGNUPS_ALLOWED + value: "true" + - name: SIGNUPS_DOMAINS_WHITELIST + value: strudelline.net,werts.us,brechy.net,andariese.net + - name: SIGNUPS_VERIFY + value: "true" + - name: SIGNUPS_VERIFY_RESEND_LIMIT + value: "5" + - name: SIGNUPS_VERIFY_RESEND_TIME + value: "3600" + - name: SMTP_AUTH_MECHANISM + value: '"Login"' + - name: SMTP_FROM + value: vaultwarden@strudelline.net + - name: SMTP_FROM_NAME + value: vaultwarden + - name: SMTP_HOST + value: smtp.mailgun.org + - name: SMTP_PASSWORD + value: 5d83cb4fad5c81fe3a9bb952a3fba23a-81bd92f8-d226d236 + - name: SMTP_PORT + value: "465" + - name: SMTP_SECURITY + value: force_tls + - name: SMTP_USERNAME + value: vaultwarden@strudelline.net + - name: WEB_VAULT_ENABLED + value: "true" + image: vaultwarden/server:latest + name: vaultwarden + resources: {} + volumeMounts: + - mountPath: /data + name: vaultwarden-data + restartPolicy: Always + volumes: + - name: vaultwarden-data + persistentVolumeClaim: + claimName: vaultwarden-data