added vaultwarden

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>
2026-02-04 13:09:53 +00:00 · 2024-11-25 12:58:09 -05:00
parent 1762763031
commit 4c7336cc1f
8 changed files with 149 additions and 29 deletions
--- a/vaultwarden/admincreds_secret.yaml
+++ b/vaultwarden/admincreds_secret.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: admincreds_secret
+  namespace: vaultwarden
+spec:
+  encryptedData:
+    ADMIN_TOKEN: AgBq9/RdgzBv/zI3hfCNT9VRFb++rd47xGsCG/zWJb9UeTCOEXsbnGaRKz5YtSUtpPIxz8PkdQT1M6+4y0X2yp2XzecGk9OWFC+aLTDxPeHnxeVQrMQoNqEWRnLCFR6HoZJrqhdOWuNu9H3dyfx4H34xS22t8kBkr0kK7gc3n2qhGSua5m7K6j5LOVrETjOQYtZWCmfK4ObijE07nPZF9oMCCzKRknRtR2ZSfriRuCbwc+fEZYtP+Vmw0fNvjnrOGxdDaatl37kC9WjHXAtEt8Qc1ZpOlc1VEA32Hs5w50ZbtBKDTyzqeKTKzkQ1g9KNYGyoh2kZ0gu9iBt8u43f4yBQEDDWJZxHhfajTt4Kq3GNUSW8dqw61nQkSBpVWecQvjd4t/NUeJKyeNT+LWdaOhaabWT+84YkaMw6693ertK6XLdMFPgOuehlvrt9Cc6MU4N+5kjhup83rfLtzfaEBO1iGdroKMdJltJMzJZmBLdOhDGy0ZvroOwf1xKTcbAdADirgojRgMx+BBZPaMRa7mQNf9LrtG2MvDsGpeI0nfyaGSBKuKDOB4NiWzE71NKvDtEBjbcIa5L2N+TGm8EqMHNElYhtgYcRnsEUMsAGpfFQUrEL4Q0aV62bcnc/EosRnntpVPXe3JCae5080sJoNNoItXW2XXAgUuSJfemMH+bTOcJNkpHzpeYeDY+Ih6YyVx//SkytSZKLK8eZQk1s
+  template:
+    metadata:
+      creationTimestamp: null
+      name: admincreds_secret
+      namespace: vaultwarden
--- a/vaultwarden/dns-endpoint.yaml
+++ b/vaultwarden/dns-endpoint.yaml
@@ -0,0 +1,15 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: vaultwarden.michaelthomson.dev
+  namespace: vaultwarden
+spec:
+  endpoints:
+  - dnsName: vaultwarden.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+      - michaelthomson.ddns.net
+    providerSpecific:
+      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+        value: "true"
--- a/vaultwarden/helmrelease-woodpecker.yaml
+++ b/vaultwarden/helmrelease-woodpecker.yaml
@@ -0,0 +1,47 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  chart:
+    spec:
+      chart: vaultwarden
+      version: 0.30.x
+      sourceRef:
+        kind: HelmRepository
+        name: vaultwarden
+        namespace: flux-system
+  interval: 15m
+  timeout: 5m
+  releaseName: vaultwarden
+  values:
+    domain: "https://vaultwarden.michaelthomson.dev"
+    signupsAllowed: false
+    signupsVerify: "true"
+    requireDeviceEmail: "true"
+    adminToken:
+      existingSecret: "admincreds_secret"
+      existingSecretKey: "ADMIN_TOKEN"
+    timeZone: "America/Toronto"
+    smtp:
+      existingSecret: "smtpcreds_secret"
+      host: "mail.michaelthomson.dev"
+      security: "starttls"
+      port: 465
+      from: "vaultwarden@michaelthomson.dev"
+      fromName: "Vaultwarden"
+      username:
+        existingSecretKey: "SMTP_USERNAME"
+      password:
+        existingSecretKey: "SMTP_PASSWORD"
+    ingress:
+      enabled: true
+      class: "traefik"
+      additionalAnnotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+      labels: {}
+      tls: true
+      hostname: "vaultwarden.michaelthomson.dev"
+      tlsSecret: "letsencrypt-wildcard-cert-michaelthomson.dev"
--- a/vaultwarden/smtpcreds_secret.yaml
+++ b/vaultwarden/smtpcreds_secret.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smtpcreds_secret
+  namespace: vaultwarden
+spec:
+  encryptedData:
+    SMTP_PASSWORD: AgAp/KXEWFfdjITDfcJt+JZ6WuqO9Vm2Zw3ivC1ilqzV50W1CenDn9R78dHfmOP1rx4dvwOaIZ1EPgVAQ7RACXs7AHtL7LcGCRdJwwhArOMHo3Uaxm8pCw+yBwA6dNLtfJpwcjmGa9aErNKhIFBhBfwjNjBc1jRiB0UgDGZy5HbI3ARtFlOtQoe5FssrxysMnebgiFxUcXNTDOQEAP7Pi1JgrlGvI1Tm6+uwb3esS2El8EqJDu6s8oj/dis4T6qNoACe5W5mZCjfKlndwM1LFo8jUUxk13CqU7aQXXTlCQHM+N+mit+x+CDQQH+svqhZtMQMgxAnmU6uHdsHFGfqYb3ZcE/xyljWEGEp3wrcchBuVnUILl/FpxpVOIytZNVpOMbMrFNAZ10ELoLbDPkqH0zrEQPVU6LrS+vsIeEJ8dWsKgBTrO1UtdJ5BRbpuGBbQ+8BmU9YEGQRGUOZRQP0FIYmFg/8D82Zv3fHtCE3kTKJuapTDlA/L7DtuMNZmdyDwtABpeyyufiqRT5sIEHusiivB5OkcASWwMCr7TZA7IE/lOePEbteOAI2ifGGuROv31BQp7tNAQl8XyKetkUlPjG/b+w50FE7q9HXBGkNugB73V3Qc4oLq9xosX4+k8F1P95JSfPpHg3NhXM+vpsmT9EWhxtLZyKLpz4cyyQDNa+/YGFI2VYo3xiuLNPdL6OFeul0w/WuJrcB1yQtdsu2KNvvG8O4Enf0eTkZ
+    SMTP_USERNAME: AgAPnFtz05NZl/PzniXrdnpq1RpG7cE16jtfqE7TsJCcbFb2e7PcEiMfLGK+lyHK4uSRLoJbQDy+q9lyYx65yodScYd5614XP87U5aqRf8oeI+2qGbY9me/hvO52Y7NHitG1ukv8nZX5ps5s7lT7RV0E1pjKpMGLZ1HvK/1OqACcP8a86RIMLAvUEQFwZu1tm+0hJXqvcMRiYiVQGV85dgsZUMiEvCtcQFlo7CKuivqYV0M575yrkmgjkHzS5r6/FZE0dDRau7gvgUvGmcaKuuRAMGfPaDrYXXHDIo8rzQY4srqwFDTaOfKqQWAoBwnNihkR4e7QNFZqE9mZTEqTTR0V3J5WfNPiwQdPGeoLz8iWBFFvJt0oWuPXec5kJpnqhu5XtILD9CuKzGMLNkpdtZedvEZuWp0+o2MMtfPKTiBgVd331vATDApa/O2+dhYabOtYY3yWPNenoxkFfvVGGB1MDN+jiClIHQX+8xd2xk7ZKCifuH/vf9vDxdVz7w/T7NUE13anvCd8igbbsFPzyaCYTl9pQiJWyLBJj7p0r6IUvGQAP8UMP8u6bfqe0RAMzWrXMXlEgKO+pdawrWhhINQ05GfAf+i+FNO9tIcM0tWR1w3osKCh+AKOaD+qH8sC9kl1XjlECAIESoRixdR2CZcontVR2fHbYGhhd5WaZQRWaIs6sx0aYb/fFi28UC/P/srlvpgeY0jRZ2rd1RLR+lY3NoESlWbWC9jlpJ5+pD4=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smtpcreds_secret
+      namespace: vaultwarden