initial refactor

2026-02-04 04:59:54 +00:00 · 2025-06-07 16:33:55 -04:00
parent 5ac011f02b
commit b09446668d
249 changed files with 74 additions and 186 deletions
--- a/apps/vaultwarden/admincreds-secret.yaml
+++ b/apps/vaultwarden/admincreds-secret.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: admincreds-secret
+  namespace: vaultwarden
+spec:
+  encryptedData:
+    ADMIN_TOKEN: AgCJVPwzV2YGD7gK8K4XgCeUwGm7nXD1S7rLD2Sec6GulWiD7ZlhEOWzzzhbwIXoihWSTx49ZMrsFBWz14sV5ILNHgHjJ0XuXHsUMnQYp8+KVhGUakXQweus9GmlY0xnEF4Vy0Tsl4E/deKFp/mLNWsWAVEVvbfJgjH7KILUmNjyP0LcoedlAYB8qgq6NgjJ0uNkOkJE4VA8+wpjH7s2TcE+w4Nl/C1BpyRNpfshmWz3lpkUT5zDyWjrp95P17jsjeYBm7RP+Vkv4edq+VHIsM8/YJrjrhUVhhxSHHBAuDA6g/Sgf+mn9Y4Q/J4MWh8/iCqYagyWA2rD1ej13xBpeJ+XoSptDskP7nHYvmq2ML6MtpB/ZeURwWoPi+8lGTvXZZoQICbuQy9vTRrkHHnAJgUUQIc9Vic8Q3lqu2gSkMRkfyI/C0Eg6/mxtyHJ92ayiVWWfChXJIEw8d8LzbsCD62dXPs7+6EpP3NGodB/0bOA2vmHqkY9ndxOB9pKv/ka905BE2yL7JyyF/BF1FnRd79ZxgE9SYYOPVGWAZiXE0PFGnT1kIPWw5MULntszNlKi6i8olRy8v7IOSfkE0K35s10Aukt0Me4vreBqi1+1paNVMH+gNX+rZrc5OVT229BGaNu556/Il9bFEncjxNSHPs0pRpnzUnZK5O9DjQFTj+Na+14UASvR/OaZcX6uh0QQBC+6D2qjaMFdYa9HZ8e
+  template:
+    metadata:
+      creationTimestamp: null
+      name: admincreds-secret
+      namespace: vaultwarden
--- a/apps/vaultwarden/dns-endpoint.yaml
+++ b/apps/vaultwarden/dns-endpoint.yaml
@@ -0,0 +1,15 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: vaultwarden.michaelthomson.dev
+  namespace: vaultwarden
+spec:
+  endpoints:
+  - dnsName: vaultwarden.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+      - michaelthomson.ddns.net
+    providerSpecific:
+      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+        value: "true"
--- a/apps/vaultwarden/namespace.yaml
+++ b/apps/vaultwarden/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vaultwarden
--- a/apps/vaultwarden/release.yaml
+++ b/apps/vaultwarden/release.yaml
@@ -0,0 +1,52 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  chart:
+    spec:
+      chart: vaultwarden
+      version: 0.30.x
+      sourceRef:
+        kind: HelmRepository
+        name: vaultwarden
+  interval: 15m
+  timeout: 5m
+  releaseName: vaultwarden
+  values:
+    resourceType: Deployment
+    data:
+      name: "vaultwarden-data"
+      size: "15Gi"
+      class: "longhorn"
+      accessMode: "ReadWriteOnce"
+    domain: "https://vaultwarden.michaelthomson.dev"
+    signupsAllowed: false
+    signupsVerify: "true"
+    requireDeviceEmail: "true"
+    adminToken:
+      existingSecret: "admincreds-secret"
+      existingSecretKey: "ADMIN_TOKEN"
+    timeZone: "America/Toronto"
+    smtp:
+      existingSecret: "smtpcreds-secret"
+      host: "mail.michaelthomson.dev"
+      security: "force_tls"
+      port: 465
+      from: "vaultwarden@michaelthomson.dev"
+      fromName: "Vaultwarden"
+      username:
+        existingSecretKey: "SMTP_USERNAME"
+      password:
+        existingSecretKey: "SMTP_PASSWORD"
+    ingress:
+      enabled: true
+      class: "traefik"
+      additionalAnnotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+      labels: {}
+      tls: true
+      hostname: "vaultwarden.michaelthomson.dev"
+      tlsSecret: "letsencrypt-wildcard-cert-michaelthomson.dev"
--- a/apps/vaultwarden/repository.yaml
+++ b/apps/vaultwarden/repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  interval: 15m
+  url: https://guerzon.github.io/vaultwarden
--- a/apps/vaultwarden/smtpcreds-secret.yaml
+++ b/apps/vaultwarden/smtpcreds-secret.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smtpcreds-secret
+  namespace: vaultwarden
+spec:
+  encryptedData:
+    SMTP_PASSWORD: AgApr8G6ZenwY8qG3KF7YQI4q+Q9dYYByYIOuYB9d6DHRfEp0ktGt6dR6b5byCCB5QN5qXMy6LMMftMsvY+dhmg8jVtLh/TbR+fFAUFfQJCklzO61uVp+yfxgzsA5A6Utp325SWo6cyLibEMicO/CutYpmMP8VkBayby74KU9leykWDwOq+4o159MAxR8EgFXmD8Ve+2ZwW+Zi4lif+EP2vDFKJyeEdzGpYLu5GIMjySsjdYG7jlGiQ9VQygqRChTcuGT5ucRlODQEy5atuteV59jzynZ092pW/CmifPHYWt2w6DwtdtUmXGLBwBjr7ZOIQaZksJOC93gFiIjx8hNE4GZTPAkCodH7yGqUx4c8G//VxJuB8UjRR1FtZTUnj/1xiZPo2VodESykpyVB699teuuvNFswxl1sQWHLaKN7D+hyOru/69FJW17UO8IFAzCBOyvQmPL6xkeZ6bbiPAvIffoMDJupFhOjolyKPrOUbZ7ZDtZa+YM+BKue42XevBImE3uWvPCt66HKTw5DzpOt5Xrpdf6Rr1RdDeJgAbbkUDv50qugW4Zrx1y92+ZNJwqQy0OsEUxKiwYQjq1YPwBYt0XLjL5ih3PR6TuRcd/qukQMKM0v6NgNZ/jW8A7l09vntuyONqib8VyO4aIBQ8aPR71wcd3SCbfH/w6m8JAbfGoOVg7BEqT82h7HiHG+3JmKQ9c7QTNaSpYX0c6baAGov/LrzK2RmJGhy+
+    SMTP_USERNAME: AgDe9QtO0PGzRrboUmUpGBNmCtcfsonToGVGpB3F9J1NHY/ShVUPk4hAss0539w1mKx0dXQMB7OIXtk2IwgivjxH0DF0okO41GMvs8y0+/PBG4dd2/l5w/ITirDbCIJ99iDmqBiwAcejhc+Fz5yE2/SOrj3fFC7xh4W8IuUxLJXocSmnMMRTmlwoDunE6qm/c8neQTu9GLgvZtzGiYvCKeKgzE83jMhb80lowO3ei6ggVBEHrZc6fyAyXYXVrDx6+vYZVwcnMZB1p3dyUcUE+WvFqRHBFFrd+diJ21/eN7Nd2zSzm6M4l7h2wwc4Ww6At+UfoQZ3oGlQ6DS4iuEk+TBAw7j+yhB+Nj6Q1NVqbG+ml4GNIFVVKLu7twk3A7rA5BqJi6yCzoVMhLSLU+bXycuW8lywj73nuSxa5aqqFBmhWvpqayA5Qx6zQNFtM/KesFe+s3UEHeQjyTl5Ib2cGmN2AwyusmbHaTTH/gK03SfgHKrOndsICWitXyI6OPTZ5n60QF2HLNz4eLgwmMFInCgGwNuq9SLthPafEbYKDwFhfbYDI32kMdnUc1lXAfrs60D1pMpywpVLIj9Vpnrr81m0WbiUmf6QTmO2sTRR4CV/4w/sI8ZsoQxc8Eieg+h/5WN0qusLZpOATsZx1CPlP+p/k3ey/X3VDEZ/ZjAniDJ5h6NllF8w4avfkr1aTaXdIQxVPSzCB9ZR6u5q63qt4WEp7Z8uGCKr7H0c9uFoIkA=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smtpcreds-secret
+      namespace: vaultwarden