prettysunflower/infra
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

apps(vaultwarden): Added Vaultwarden to cluster

Browse Source
This commit is contained in:
prettysunflower
2025-06-23 11:30:37 -04:00
parent 99d8360344
commit 8cf8177e45
7 changed files with 124 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/kustomization.yaml
View File

@@ -15,3 +15,4 @@ resources:
- thelounge
- uptime-kuma
- znc
- vaultwarden

12
apps/vaultwarden/configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: vaultwarden-config
data:
DOMAIN: "https://passwords.prettysunflower.moe"
SMTP_HOST: mail.prettysunflower.moe
SMTP_FROM: vaultwarden@prettysunflower.moe
SMTP_PORT: "587"
SMTP_SECURITY: starttls
SMTP_USERNAME: me@prettysunflower.moe
SIGNUPS_DOMAINS_WHITELIST: prettysunflower.moe

58
apps/vaultwarden/deployment.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
labels:
app.kubernetes.io/name: vaultwarden
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: vaultwarden
template:
metadata:
labels:
app.kubernetes.io/name: vaultwarden
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: location
operator: In
values:
- fsn
volumes:
- name: vaultwarden-data
persistentVolumeClaim:
claimName: vaultwarden-data-pvc
hostAliases:
- ip: "100.113.193.5"
hostnames:
- "mail.prettysunflower.moe"
containers:
- name: teable
image: vaultwarden/server:1.34.1
ports:
- containerPort: 80
name: http
envFrom:
- configMapRef:
name: vaultwarden-config
- secretRef:
name: vaultwarden-secrets
volumeMounts:
- name: vaultwarden-data
mountPath: "/data"
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault

6
apps/vaultwarden/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
resources:
- configmap.yaml
- deployment.yaml
- pvc.yaml
- secrets.yaml
- services.yaml

11
apps/vaultwarden/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-data-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: seaweedfs-storage

23
apps/vaultwarden/secrets.sops.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Secret
metadata:
name: vaultwarden-secrets
type: Opaque
stringData:
SMTP_PASSWORD: ENC[AES256_GCM,data:ufFFpjspCNUdGT3sYNuuKQ==,iv:D3h1kX9ZQ9530gJ63L/YBD15NKu8j8OxhKcCzP61vnM=,tag:IxXauPdCxSqlYRtzFH0Hhw==,type:str]
DATABASE_URL: ENC[AES256_GCM,data:7+H4czU+m7HZhda+y7mj9ST6bayMgC+jcQmRgcLlmZFV+4Nnzypd2vefOrhLAiZV9wpOi1orKvUtcrl9gNsBjOXxgkVGSos6W+pKnckupikbknW+Ra99ij5VJw==,iv:f3zvmuf1Z6ysdmvC0kbstOnkvM9O/zYsrkv5pP026HA=,tag:286U6+3GZyfwZxK2L4wWSw==,type:str]
sops:
age:
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VFNZYnJzd2NQYXV1ckd2
d3lybWtYbUJIcWxnVlhLV09STTRtVDdhZVZVClZQOVZQZTJqQzJkb3R0clBxNG5q
elY2MFNpNGVLTVYyQkJENUJ5SmQ5TWsKLS0tIGFmWDRsUS9YZVgwaFBsN3RZcVlz
VFRQMEprYVA0ZEU1ZG5ienJ1dEt5S28KgCutiomxOnX/G58d4XOBOJxgr5W9NW0s
GogonWwuW7gCHvS0K2LQFYaQpZtM++9y+IjTFwUYv2fIxuKBkd5QVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-23T15:29:56Z"
mac: ENC[AES256_GCM,data:fFr7jczPTJKtBui7cItBem3TEO2VAEGp6GfyvPeJ3/ZjxUJzxSjIUiTTAVWKYq4a4O69tCHijFfXMlAXSf4C/CgjfFpi0y459gn4Iz0GC8uD2YlJS5558tB8roc5QPF5NK6SN2AtIAOTe37ScbI//aKzM0LYTEb1Lke18yei4Fw=,iv:GzIaYOUgk684UX1lpIhP6iuoxVTenVWfhAbV4tcO8So=,tag:+mY461BhKOJUggExjK7AHA==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.10.2

12
apps/vaultwarden/services.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: vaultwarden
ports:
- protocol: TCP
port: 80
targetPort: http