prettysunflower/infra
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

The great reset, we moved infra into two clusters (sekibanki et seija)

Browse Source
This commit is contained in:
prettysunflower
2025-07-16 10:39:09 -04:00
parent 68f1108c2d
commit 1df5459f70
145 changed files with 2431 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/sekibanki/vaultwarden/configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: vaultwarden-config
data:
DOMAIN: "https://passwords.prettysunflower.moe"
SMTP_HOST: mail.prettysunflower.moe
SMTP_FROM: vaultwarden@prettysunflower.moe
SMTP_PORT: "587"
SMTP_SECURITY: starttls
SMTP_USERNAME: me@prettysunflower.moe
SIGNUPS_DOMAINS_WHITELIST: prettysunflower.moe

58
apps/sekibanki/vaultwarden/deployment.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
labels:
app.kubernetes.io/name: vaultwarden
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: vaultwarden
template:
metadata:
labels:
app.kubernetes.io/name: vaultwarden
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: location
operator: In
values:
- fsn
volumes:
- name: vaultwarden-data
persistentVolumeClaim:
claimName: vaultwarden-data-pvc
hostAliases:
- ip: "100.113.193.5"
hostnames:
- "mail.prettysunflower.moe"
containers:
- name: teable
image: vaultwarden/server:1.34.1
ports:
- containerPort: 80
name: http
envFrom:
- configMapRef:
name: vaultwarden-config
- secretRef:
name: vaultwarden-secrets
volumeMounts:
- name: vaultwarden-data
mountPath: "/data"
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault

6
apps/sekibanki/vaultwarden/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
resources:
- configmap.yaml
- deployment.yaml
- pvc.yaml
- secrets.yaml
- services.yaml

11
apps/sekibanki/vaultwarden/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-data-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: nfs-csi

23
apps/sekibanki/vaultwarden/secrets.sops.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Secret
metadata:
name: vaultwarden-secrets
type: Opaque
stringData:
SMTP_PASSWORD: ENC[AES256_GCM,data:xyLyid9vbNnZqSZmlOzr0w==,iv:FqgmKBNXi3z6rP2OkpnBvCcrUJFNuyXSZqEveRjHgXc=,tag:uNzVVes83mEIRXX8eONyxg==,type:str]
DATABASE_URL: ENC[AES256_GCM,data:O7ziU0tNyTwlxauvYvKP9cbvmQrGiczq8PVeTiO6TM4G5MX3C44EBGh8toWIFqDH3CtTl3fZ2HWzR4Jz+v8ffhLW886ruOMZLk207PwI2Xhm8rJ5+jPLTtjn,iv:M9V+FFzmlvC3gSPq9X7YFjg8+ag7pEOFsrY2DXuq/8I=,tag:+7Lt8WcIzItetgRcEC0DyA==,type:str]
sops:
age:
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdUhTOGc0TVVyNlNOeHMx
YmxzQSsxUVoyZGlMU29RRk5ERGRjdHdvSlFRCjUrYTkwTXJPQ1J6VGlPbG80YnB2
cjJ1RXNTL1hvZFkvL0o1L1VPMC9pRlEKLS0tIDZXYlRrRGtGcjJac1NWb3lhd0U5
OTFtdU1IUjlrVnlaQ0VBTnludmJTbFEKzWnGs3tiHrmIcYftVn79QxTI5MmzyZCQ
EvnSjD/WyNNf1iXpH9jsvuoFDIiaS3aWh0Y6Lbc4EcnKQWUq/buaIw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-16T14:35:28Z"
mac: ENC[AES256_GCM,data:i/U+lQrXgCcva8ukhSyoqG+f6k5ZiYI8UtBQngud3UnuMnEuyGgY1iuovdsYj1KuGnvZ3d5vnqMIccevQhLXFJVL1LHmRSiLIf2Ugs7r5SsEb7kAFMF2BAtyht75r0oJ/d9Uui+mnxC71GuowRf0uSlIeP545cOb1BebHRk5Y5o=,iv:3FL0djcCnr2UhtO0t52625rALsA25kTUKB4b95Y4nH0=,tag:BnWDkst2Z0wSqV/MmIYqzQ==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.10.2

12
apps/sekibanki/vaultwarden/services.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: vaultwarden
ports:
- protocol: TCP
port: 80
targetPort: http