add vaultwarden

vaultwarden/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+  annotations:
+    haproxy-ingress.github.io/ssl-redirect: "true"
+spec:
+  ingressClassName: haproxy
+  rules:
+  - host: warden.strudelline.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: vaultwarden
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - warden.strudelline.net
+    secretName: wildcard-tls

vaultwarden/nfs-data-vol.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden-data
+  namespace: vaultwarden
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: nfs

vaultwarden/ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vaultwarden

vaultwarden/svc.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: vaultwarden
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  selector:
+    app: vaultwarden
+  ports:
+   - name: http
+     port: 80
+     protocol: TCP
+     targetPort: 80
+  clusterIP: None
+  type: ClusterIP

vaultwarden/vaultwarden-deployment.yaml

@@ -0,0 +1,76 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: vaultwarden
+  name: vaultwarden
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vaultwarden
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      containers:
+        - env:
+            - name: ADMIN_RATELIMIT_MAX_BURST
+              value: "2"
+            - name: ADMIN_RATELIMIT_SECONDS
+              value: "60"
+            - name: ADMIN_TOKEN
+              value: '"AIRN*hup*twed@grif6prud"'
+            - name: DOMAIN
+              value: https://warden.strudelline.net
+            - name: EMERGENCY_ACCESS_ALLOWED
+              value: "true"
+            - name: IP_HEADER
+              value: CF-Connecting-IP
+            - name: LOGIN_RATELIMIT_MAX_BURST
+              value: "2"
+            - name: LOGIN_RATELIMIT_SECONDS
+              value: "30"
+            - name: SENDS_ALLOWED
+              value: "true"
+            - name: SIGNUPS_ALLOWED
+              value: "true"
+            - name: SIGNUPS_DOMAINS_WHITELIST
+              value: strudelline.net,werts.us,brechy.net,andariese.net
+            - name: SIGNUPS_VERIFY
+              value: "true"
+            - name: SIGNUPS_VERIFY_RESEND_LIMIT
+              value: "5"
+            - name: SIGNUPS_VERIFY_RESEND_TIME
+              value: "3600"
+            - name: SMTP_AUTH_MECHANISM
+              value: '"Login"'
+            - name: SMTP_FROM
+              value: vaultwarden@strudelline.net
+            - name: SMTP_FROM_NAME
+              value: vaultwarden
+            - name: SMTP_HOST
+              value: smtp.mailgun.org
+            - name: SMTP_PASSWORD
+              value: 5d83cb4fad5c81fe3a9bb952a3fba23a-81bd92f8-d226d236
+            - name: SMTP_PORT
+              value: "465"
+            - name: SMTP_SECURITY
+              value: force_tls
+            - name: SMTP_USERNAME
+              value: vaultwarden@strudelline.net
+            - name: WEB_VAULT_ENABLED
+              value: "true"
+          image: vaultwarden/server:latest
+          name: vaultwarden
+          resources: {}
+          volumeMounts:
+            - mountPath: /data
+              name: vaultwarden-data
+      restartPolicy: Always
+      volumes:
+        - name: vaultwarden-data
+          persistentVolumeClaim:
+            claimName: vaultwarden-data