added vaultwarden

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>
2026-02-04 04:59:54 +00:00 · 2024-11-25 12:58:09 -05:00
parent 1762763031
commit 4c7336cc1f
8 changed files with 149 additions and 29 deletions
--- a/bootstrap/helmrepositories/helmrepository-vaultwarden.yaml
+++ b/bootstrap/helmrepositories/helmrepository-vaultwarden.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: vaultwarden
+  namespace: flux-system
+spec:
+  interval: 15m
+  url: https://guerzon.github.io/vaultwarden
--- a/bootstrap/kustomizations/kustomization-vaultwarden.yaml
+++ b/bootstrap/kustomizations/kustomization-vaultwarden.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: vaultwarden
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./vaultwarden
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta2
+      kind: HelmRelease
+      name: vaultwarden
+      namespace: vaultwarden
--- a/bootstrap/namespaces/namespace-vaultwarden.yaml
+++ b/bootstrap/namespaces/namespace-vaultwarden.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vaultwarden
--- a/mytls.crt
+++ b/mytls.crt
@@ -1,31 +1,28 @@
 -----BEGIN CERTIFICATE-----
-MIIFQTCCAymgAwIBAgIUY5XY25fJB0VKy2xLS4rPEHshR+gwDQYJKoZIhvcNAQEL
-BQAwMDEWMBQGA1UEAwwNc2VhbGVkLXNlY3JldDEWMBQGA1UECgwNc2VhbGVkLXNl
-Y3JldDAeFw0yMzExMjAyMTI2MDhaFw0yNDExMTkyMTI2MDhaMDAxFjAUBgNVBAMM
-DXNlYWxlZC1zZWNyZXQxFjAUBgNVBAoMDXNlYWxlZC1zZWNyZXQwggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQDfs0B+gK6MDpnyJONb1n1AyaZiobGW29bo
-+uowrDg7fJhol+PG+iexpTdYKUFrAVvs8V3Q3kdqp/w/W+R4GP1MZibfQ7BgaPDt
-i7fCSIO7jXhqdxkOqvYFXfPHVwx+D5jRuIimtQKZMu/yfk2r2tWxG+L+36QXoqGt
-3z9+vIX9bwndG+LXSnT3vppD6stDEepiV3E4D+RKPCSKAp8njxYqO3/X7iKFmR4l
-8TqPv4n+pkGR5pIQU0KqRdMaTkwjUtN0H1vJtDeXbjBbeC74ct+Dt9+GKjUDVzZS
-S8pYgPS25YMJkui9gWje3eh+uTH610Kn06r2rGkun0F1Tdho2mwVnY3xdsieyUZP
-t6yNNGg5h2Grrw+pt6Izc3i7kxJE0rQo1BZ4srbjt2XX/ME4M8Nj66xH+jadfFzM
-/1Xp1w+040wHte+GOAHRgfyN6yLUx1QZ1PcLZpZ6vuDzeMgd9I1A+p+nvG0l5xI/
-fR6Rx9UPh9Ev+cwGA2IXhuEPZoB4UUzVDtUlkmMREMKmkMa2UK+15QSjT7nRu4kc
-wCluziMI6E98sbMucot7KxAnm1RJzZTzitCJnAgcfxVh3C593YsVsVdm1VxKTwZU
-9Sl0C8XG1ZKXtez/LmWvV9v6iJ7GasdtqCZHaFfOlA7gGjmz/0h6S8XlAc+2+Bq8
-mkXtVLJDrQIDAQABo1MwUTAdBgNVHQ4EFgQUIk8j8LewHuCOxnCClxvd9yn9wqQw
-HwYDVR0jBBgwFoAUIk8j8LewHuCOxnCClxvd9yn9wqQwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAgEAk0wgNe071fLXV2J0OCXASttxq1XlB/RvlhJz
-76PWChacLHmK3KcCjmXs6A6dwnCeEvade21HQV/mi/r7Y1PK9jyguysRChMaSTCx
-XY7ZSY/vqVhGWbH5svDuKf8S+eLqTFOiMI/2nbvNwNW3/cgT8Tw+aHFTZ8S6tZCB
-4TswlV7/4C9O87sYKksuaBfy3b9lSincfrTf1GDwMuAChwm8HfqNSh1TC+WNg+uC
-D4sbvMuydRqUNLvfAqH8JYrOyg7aXoEPqVI3vq6VQam5PM1YofFNZVlXj47yEUyx
-lSIgxxAHWGv9CVBayjdHsXcWM4+S1ELv82WcW47lylzo4iLeJJewCMqWY+X57Jvn
-IKPn0Hf4farU0ZwH4544Q7Un/0w1e+Q/s/qLTdqUr0rYh0CDieCaKvfFsmdsvyaC
-0vs7Qqh1xXh7RunFgrvIMxRHbYrQauV08fJYjIbewtYq+b+ONIX4gOLhcV+ATEmG
-kYzGwJ1MD1i/tEJgL638vt10h+SP9hUuYRPSQrwTCIzNYUiBAHKaob/1tFIW35w0
-rtN/JKCwvaN0VPr/OLJCDOCtKccZs5nnNAiSti9LV6mqh/cCPhfYMsbZhilY1AJC
-JuDDtNIRgeitD6Zgo+eKjqjUWzxTx1jcMZILw36tJhKjQjm5s1XDjHH+1bKAC2eq
-VLC/zWk=
+MIIEzDCCArSgAwIBAgIQLlDPRQv6L9tMQoBb+BVv0zANBgkqhkiG9w0BAQsFADAA
+MB4XDTI0MTExODExMzIxOFoXDTM0MTExNjExMzIxOFowADCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAOzsY3VngR61osK/s1bu/O5CUTRfPVw1G4ckcIzm
+nFNTl6DWQ9bfBqaSn+qhwLIG3j4AIkJfr5nEl8XcQ8OLFdfrqfMf/Xh+gL/WJRLM
+97jAVplNEgESCg95T8Nfdyyc3l/tKn66DZlG7QG7slq0NJ5xD71b5UDhaReMjkTk
+cu+ii0UaF0XzsvGU546pwtRb67LUe2HzUAWTcXEDdeTjJFqRLB/Q12zIxHejHU6
+ZCzh46qVRa1VnKr2og1u85+L+NStDeSBkqHk7dzrHULP97+Lqd5k2v4iDUt3SCVb
+Jf8uI2YTNuRkcFCqDSUhlobToq7Vs4gTeRG3xkrXVjIip0p9gypLHxsPyYcDkdp5
+HJF5pkQY+iHji6ah1OZIcQgUzsYYlpVh3RmzlIpH+ZTE0GL6t1zEnRCmV3FX8CYA
+w1Oce3ppqaZstzWZVneLhTm/3C+tc+1ttr/WjLiLdcFD+hO1wxTYXuc2Gi92TK5H
+th5WuBTqDE4HxFzzKDYWz5BXBs1nfnBHN3ytzgwvEyYECMED3Ng1SDvs9Am3VgZL
+xLaWgcmy0ngDlDQrHuavOYrCyZjfVSQw/oO0okOPf+ThS6sQdWUag3dQv8Ts1tqs
+RpiWi8zkfx8aytVnApRHgvgu7/ADyFe3cjJLDHy28ZnHJrB5ryge4HW3dc6Xavok
+NtSPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MB0G
+A1UdDgQWBBTau1lw2zmui8sn8hi7fJrO44EDKTANBgkqhkiG9w0BAQsFAAOCAgEA
+Z+JQecM6Mv5ZdOmqOzdd+iIVzW6iidVrxurXkU6XZYKND3FeMJbQYbwK55x5rMeg
+HlVa/6qoFal5H3lzXdtwbZaidMIVyyq1TbtntO2j4u7P9dRKmfA0Nu/i8RUMXtAP
+Sc62dF5ixd9mZUNEgnU+TtATPNWSGG+B/t5bl1lCA/jjbZRdALN2Bj1VTE7Zi0yc
+H6HSJnFFQ22fX6JhHy7u6Z4nIq/TIbEvCD4OtXGPt2jcGNhf4vBhtbMVJuK+bN3W
+lNODSY0z/LW/C/J8BYMHTpkJIi5OhGdhKeuzhtns80r8mO43KNVzs88DzKvtWa6a
+B+Gnu4SSevODFG/XSOYaHtXxfPaHKUF0uxomNKbW0uzCdPQQZUmrRACTD487G3Cm
+WXIpCU6uQ3rreqKfbbVTmeZCXlqWaF7wrrbX05rp4WwGjLWLMcGLSrddGOHUBEyM
+heDR24FR3atlsFXs+eUDy6g4qriINzTu3i0TUfYvpz3VYdrVXpvoYNuF4G+4pI5u
+hMsoQZ4B5cNFNm9ly6qYHmFuidalapniYOlAC6qDEUdY+JhsNG4ppqQLns5lCa4y
+LDY9OvrpqXwpO1Vq++5nRSbsxl0YGySOAYEZCeAIywV9PBwIzAuIKcipg8jHHz9l
+Z/mw/plHgkLR6RPtWkBFsDAQU0teWxwLJCAtNjFcmPU=
 -----END CERTIFICATE-----
--- a/vaultwarden/admincreds_secret.yaml
+++ b/vaultwarden/admincreds_secret.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: admincreds_secret
+  namespace: vaultwarden
+spec:
+  encryptedData:
+    ADMIN_TOKEN: AgBq9/RdgzBv/zI3hfCNT9VRFb++rd47xGsCG/zWJb9UeTCOEXsbnGaRKz5YtSUtpPIxz8PkdQT1M6+4y0X2yp2XzecGk9OWFC+aLTDxPeHnxeVQrMQoNqEWRnLCFR6HoZJrqhdOWuNu9H3dyfx4H34xS22t8kBkr0kK7gc3n2qhGSua5m7K6j5LOVrETjOQYtZWCmfK4ObijE07nPZF9oMCCzKRknRtR2ZSfriRuCbwc+fEZYtP+Vmw0fNvjnrOGxdDaatl37kC9WjHXAtEt8Qc1ZpOlc1VEA32Hs5w50ZbtBKDTyzqeKTKzkQ1g9KNYGyoh2kZ0gu9iBt8u43f4yBQEDDWJZxHhfajTt4Kq3GNUSW8dqw61nQkSBpVWecQvjd4t/NUeJKyeNT+LWdaOhaabWT+84YkaMw6693ertK6XLdMFPgOuehlvrt9Cc6MU4N+5kjhup83rfLtzfaEBO1iGdroKMdJltJMzJZmBLdOhDGy0ZvroOwf1xKTcbAdADirgojRgMx+BBZPaMRa7mQNf9LrtG2MvDsGpeI0nfyaGSBKuKDOB4NiWzE71NKvDtEBjbcIa5L2N+TGm8EqMHNElYhtgYcRnsEUMsAGpfFQUrEL4Q0aV62bcnc/EosRnntpVPXe3JCae5080sJoNNoItXW2XXAgUuSJfemMH+bTOcJNkpHzpeYeDY+Ih6YyVx//SkytSZKLK8eZQk1s
+  template:
+    metadata:
+      creationTimestamp: null
+      name: admincreds_secret
+      namespace: vaultwarden
--- a/vaultwarden/dns-endpoint.yaml
+++ b/vaultwarden/dns-endpoint.yaml
@@ -0,0 +1,15 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: vaultwarden.michaelthomson.dev
+  namespace: vaultwarden
+spec:
+  endpoints:
+  - dnsName: vaultwarden.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+      - michaelthomson.ddns.net
+    providerSpecific:
+      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+        value: "true"
--- a/vaultwarden/helmrelease-woodpecker.yaml
+++ b/vaultwarden/helmrelease-woodpecker.yaml
@@ -0,0 +1,47 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  chart:
+    spec:
+      chart: vaultwarden
+      version: 0.30.x
+      sourceRef:
+        kind: HelmRepository
+        name: vaultwarden
+        namespace: flux-system
+  interval: 15m
+  timeout: 5m
+  releaseName: vaultwarden
+  values:
+    domain: "https://vaultwarden.michaelthomson.dev"
+    signupsAllowed: false
+    signupsVerify: "true"
+    requireDeviceEmail: "true"
+    adminToken:
+      existingSecret: "admincreds_secret"
+      existingSecretKey: "ADMIN_TOKEN"
+    timeZone: "America/Toronto"
+    smtp:
+      existingSecret: "smtpcreds_secret"
+      host: "mail.michaelthomson.dev"
+      security: "starttls"
+      port: 465
+      from: "vaultwarden@michaelthomson.dev"
+      fromName: "Vaultwarden"
+      username:
+        existingSecretKey: "SMTP_USERNAME"
+      password:
+        existingSecretKey: "SMTP_PASSWORD"
+    ingress:
+      enabled: true
+      class: "traefik"
+      additionalAnnotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+      labels: {}
+      tls: true
+      hostname: "vaultwarden.michaelthomson.dev"
+      tlsSecret: "letsencrypt-wildcard-cert-michaelthomson.dev"
--- a/vaultwarden/smtpcreds_secret.yaml
+++ b/vaultwarden/smtpcreds_secret.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smtpcreds_secret
+  namespace: vaultwarden
+spec:
+  encryptedData:
+    SMTP_PASSWORD: AgAp/KXEWFfdjITDfcJt+JZ6WuqO9Vm2Zw3ivC1ilqzV50W1CenDn9R78dHfmOP1rx4dvwOaIZ1EPgVAQ7RACXs7AHtL7LcGCRdJwwhArOMHo3Uaxm8pCw+yBwA6dNLtfJpwcjmGa9aErNKhIFBhBfwjNjBc1jRiB0UgDGZy5HbI3ARtFlOtQoe5FssrxysMnebgiFxUcXNTDOQEAP7Pi1JgrlGvI1Tm6+uwb3esS2El8EqJDu6s8oj/dis4T6qNoACe5W5mZCjfKlndwM1LFo8jUUxk13CqU7aQXXTlCQHM+N+mit+x+CDQQH+svqhZtMQMgxAnmU6uHdsHFGfqYb3ZcE/xyljWEGEp3wrcchBuVnUILl/FpxpVOIytZNVpOMbMrFNAZ10ELoLbDPkqH0zrEQPVU6LrS+vsIeEJ8dWsKgBTrO1UtdJ5BRbpuGBbQ+8BmU9YEGQRGUOZRQP0FIYmFg/8D82Zv3fHtCE3kTKJuapTDlA/L7DtuMNZmdyDwtABpeyyufiqRT5sIEHusiivB5OkcASWwMCr7TZA7IE/lOePEbteOAI2ifGGuROv31BQp7tNAQl8XyKetkUlPjG/b+w50FE7q9HXBGkNugB73V3Qc4oLq9xosX4+k8F1P95JSfPpHg3NhXM+vpsmT9EWhxtLZyKLpz4cyyQDNa+/YGFI2VYo3xiuLNPdL6OFeul0w/WuJrcB1yQtdsu2KNvvG8O4Enf0eTkZ
+    SMTP_USERNAME: AgAPnFtz05NZl/PzniXrdnpq1RpG7cE16jtfqE7TsJCcbFb2e7PcEiMfLGK+lyHK4uSRLoJbQDy+q9lyYx65yodScYd5614XP87U5aqRf8oeI+2qGbY9me/hvO52Y7NHitG1ukv8nZX5ps5s7lT7RV0E1pjKpMGLZ1HvK/1OqACcP8a86RIMLAvUEQFwZu1tm+0hJXqvcMRiYiVQGV85dgsZUMiEvCtcQFlo7CKuivqYV0M575yrkmgjkHzS5r6/FZE0dDRau7gvgUvGmcaKuuRAMGfPaDrYXXHDIo8rzQY4srqwFDTaOfKqQWAoBwnNihkR4e7QNFZqE9mZTEqTTR0V3J5WfNPiwQdPGeoLz8iWBFFvJt0oWuPXec5kJpnqhu5XtILD9CuKzGMLNkpdtZedvEZuWp0+o2MMtfPKTiBgVd331vATDApa/O2+dhYabOtYY3yWPNenoxkFfvVGGB1MDN+jiClIHQX+8xd2xk7ZKCifuH/vf9vDxdVz7w/T7NUE13anvCd8igbbsFPzyaCYTl9pQiJWyLBJj7p0r6IUvGQAP8UMP8u6bfqe0RAMzWrXMXlEgKO+pdawrWhhINQ05GfAf+i+FNO9tIcM0tWR1w3osKCh+AKOaD+qH8sC9kl1XjlECAIESoRixdR2CZcontVR2fHbYGhhd5WaZQRWaIs6sx0aYb/fFi28UC/P/srlvpgeY0jRZ2rd1RLR+lY3NoESlWbWC9jlpJ5+pD4=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smtpcreds_secret
+      namespace: vaultwarden