Merge pull request #568 from 3dwardch3ng/app/vaultwarden

App/vaultwarden

apps/homer/base/kustomization.yaml

@@ -1,6 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./development.yaml
+  - deployment.yaml
   - ./service.yaml
   - ./ingress.yaml

apps/vaultwarden/base/deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+  labels:
+    app.kubernetes.io/name: vaultwarden
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: vaultwarden
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: vaultwarden
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+      containers:
+        - securityContext:
+            runAsUser: 1000
+            runAsNonRoot: true
+            runAsGroup: 1000
+          name: vaultwarden
+          image: vaultwarden/server:1.31.0
+          env:
+            - name: DOMAIN
+              value: https://vaultwarden.cluster.edward.sydney
+            - name: SIGNUPS_ALLOWED
+              value: "true"
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-secrets
+                  key: db_url
+          ports:
+            - protocol: TCP
+              containerPort: 80
+              name: http
+          volumeMounts:
+            - name: vaultwarden-data
+              mountPath: /data
+      volumes:
+        - name: vaultwarden-data
+          hostPath:
+            path: /mnt/nfs/AppData/vaultwarden/data
+            type: Directory
+

apps/vaultwarden/base/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./deployment.yaml
+  - ./service.yaml

apps/vaultwarden/base/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+  labels:
+    app.kubernetes.io/name: vaultwarden
+spec:
+  selector:
+    app.kubernetes.io/name: vaultwarden
+  type: ClusterIP
+  internalTrafficPolicy: Cluster
+  ports:
+    - protocol: TCP
+      port: 11080
+      targetPort: 80
+      name: http

apps/vaultwarden/env/k3s-cluster/config.json

@@ -0,0 +1,12 @@
+{
+  "appName": "vaultwarden",
+  "userGivenName": "vaultwarden",
+  "namespace": "vaultwarden",
+  "destNamespace": "vaultwarden",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "apps/vaultwarden/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

apps/vaultwarden/env/k3s-cluster/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden-ingress
+  namespace: vaultwarden
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "vaultwarden.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: vaultwarden
+                port:
+                  number: 11080

apps/vaultwarden/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+  - ./ingress.yaml

resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: vaultwarden-secrets
+  namespace: vaultwarden
+spec:
+  encryptedData:
+    db_host: AgAU/TG2d3KsOyghK/buhGEUoADufbw8GhZ8S3PGLM1AXvH8y8RnmVaVhwlirMWr+YmseXfmeJdkIGRqsQawTNx47kINweu/1DAWYaYuy+2DZwu1tdFWOehioT3iz2ULRItrRLrhFvdUv0nLxc8wXwP4z9HVb9ttKau/09rhBQqWHL5Mo4bivz1tm9RX7QzFCTicCsi586O5fdOn6ZCzxD1Kp/Bc0nV31iN8PGP/m1VNilQuQp6xnU14Pg6gd2rQ/g37iv6ndK4DrmhHNx2O1y0+cnvhgBpaBhlAPWyIJ3gOMs/775BSXpfJY9bAwO0JSWMtxadhVlWJiVg81YhydstZkpHF8Lv5oV9Bn/EF937PiMpL0mf7BIxbxjWKVmnOLnTtfWHzQRAoj6UzY9pMwRMY2UXHo1TMeodSru0lzhKL1/65bO5kpx/TC74zsk9bwhcT5FiBKPT0/j2g/A0DGRJYvHEE+ml25635oASPqcIb0iWD9AOxevprxXtC4GEkz/WfEk1WcVkrjbXWERSVereatLOa1oTNFfLKnomv1xpju3rN6KWaU7moLj4sB+6SWIwpPYz8qoIDnfeyq2cEy/KtqES6kF7pOm+3s4YbKmR7cGtHOFSYIidJYfWQw6/y8e4D/YtWsK90xJXXty7CEk40qpYr483QQVK6tO2J41NFuIpuFKefe9Vc09uc5fw5RLk14Sni6ZQyiAxzB2DE2jRmj2wz65oUc6YhuFcFI+BXoqvB5YNOdUp9PZhx0q7X4w==
+    db_name: AgBuSXLjCkX/acXfcnetongwEs60IhGBUSSjpPbo0ypHJDyqrmvxXOIwAZJrKtTzEl7+1hemKf4Ky01ABCnOrmg98j9PoFvKNn6hHplm3oBvOJdGyRqwI37+L01tzY3ESNXb+d6XnbpyfSwPSOAHR6m/RbtDQjSsdu9wx2m3pAEHHa8Z+sZJQugHqpfHL1PJPNcs03m0Ys9sChb9usG40sauotE0AfFQRf+dhUjDYiIWd2RAGbuSEcEuYyDTyZFd0x42ez8kpUN1ue6wj2H1wcyPmEj6OE8FoBilEusoSIutSuD7fwpTv3hgBQunywWWCJdCoJ8W3OuZ+UqG+i/sj5p3ffNiG2wvVLexaJg9HTcujeIVFT6vw6/kD16JgxCjWoPfy/CdTzkNfxXpDmkSlwzLzngUwRdvxwaV1ZKm97pnjrkdpPVkezQVcSaO+86jkYVvgQT6j2EEwScRQ772ZKHXvOgV8XUYM0Xs/ttbKxFZvp6SKdDo/ez3FEgaV/Qo5L3KLfj0lxRRKVJr2OlHD/HWOLLLDyrn8DoXGGQN7fm1u7pwRfa0i4rfLruTToSUgNN+OGaUzd8fPBUwdINI5TnfZy+CI0su5GJl2fmEHwvzuHXwb2Fnovmm9L5L2M2zx/3avZRnaFP+Hq6C9YS/18QKvzOpCz4ErXj8RofkR/C0QqjvyKbYAjJrlIZAmWqbybz3nai29fj8mx1OcQ==
+    db_password: AgCNGZ2Q1sFF2rVx1k+RPGZTAZu5NgPY0gf7MkwDnT7gaom1OZoetX8Fw9vQMQXla6vqK8gXLUOQaQPYPJejL5/QuyIpWOXodoRFHrWIgDpDVVLHX5L9apLvZiPCh7CGVG6e5x0iSJmR3zMEhjI3SiFaqnAf/a6w2Y3UptalfU8LdS6ggGD+g5Qp6X5Dh29deIz4noy8p3IFAF+RKMY/pzGHxOyR8a4B1Zv0iC22a6MA9K2gYS5affPAtGEjrFJ0/Hpn41toPQmHuNVh+SlpPtOLPG7Ol6qbvzG82U3GSbEx2OpEne0Kudb+LPoRGp7JmWLIiMkEBxXViuflBdUuyCTb8r4H6+KVnneLU9MQ3rVQ0TwYwe0JgKc1s7Gj8C9teR/x0bXVKzG7/I/P8YzWIED3eSHg6CKTUzo5lVgPRWYZ8hzsoKYn8g2n9azsiJrpKkVHTV9E9sJOi1rHwEH4gaBOMRPz5VFzRsXKWryY7fPaDBSYkISi4w3F0Po7q3ajIJ8b3wcO9YwwySxg2HAYwycZybTp4HLwfQYnacaG+WkCli4ycOziHiR2D+9sE41KaIa3qWPEJtxkLElizyhuer9tybXACkJPfBrUz05MKj615jQhXNAZN4z4Og1HuckCa0L8rGdzhG0AOnouz9rXlhpBuKgp02uyLU0Fl1AAbbsIxzJgh7pavlFrmD/E1mvT7N1v41jLV+ZbCUWjwSvNPASVh1gD9cH4JdE=
+    db_url: AgCym27CGiaU1kRRFWOmUFqbZBWLAzFINas016KQ2rSfzgMQl1EhLTjbD719/DrWomYKk3dUBJ0wP57A0e8ATwCttNJWq9AUJe1aXYUagOvzv+YF8QoG5y3lyS45tA2xbpxQv3a+AGtu4jgUrTiD9LlN8VtZLVikkx5i+uXdGZsqwmMm83o7ugqER2/kJhPmkWPWRnpaLhUyNlLYYNy+74tn6pKtJK4QGMxzQefU9i8m7wjOvPA22oeuuHwEpOEs6iPO9gQNCLaU73BDAEd1WU7aVNY0AF9+XYBrOhE9gPRLEWjX8YMHtkrm14qwPorPiU6NWujweJWFpoAycSfB9gb/07hAQlL2p+uTHjMtduhXsX8CSXEU3bUh9ZfE+9YkMDeW3o3FOBt4wS1SmwtSQkOXHQitqu0MkFY4VIFVczTaCkWuhoEV2/q1lECterGgoa3VvCzusKZSn+M2eDLE1kno5OX0t/HAZ8pLj26LSiMzLzoakXpl5EQGFZjsxJuSRbhk10LHXyWNgDOOwAbXmdxx8iWcP0FfKKo3nXshdwLGDq0F9rQQhac6G0MdJcTRMDHF1lE+CWIytHV1coYXpqNAgpr2/uX/xFFYg9K/Ypb0dXWJF57wULpPXd4oqWNQNxw7uq7UpO7ricdoVE+RUvoLfCj/79ZjavwNNP169Thyuq0TgJxWi+IDM6YEPNfI8B6WK92WnODjBPnTMxuEPUaXjt4lsMRd7noL1kNFTCeNQguFYP+aJ/T9WFm055k7F1PsNpsTjFY3yiELiOwmufDxNZcTUTv2drOuGMx31/2GquBEqis2xq2x3SywcNMcSDS5t7voHAyk9SgiPHdKGJ0kM0aTApxSLQ==
+    db_username: AgBdtZM8JndYydTgxap7BTVLGezRWLK68X6XXOXAdIqKjctTXmiUxxCkKbHLi/GmmsEWV2So9FbMHUieT4tn68JczZM0/CmQlOlimBL0Mdq/FaUAeMGGjHtY4LPzb9Fmusp7YOJwXN/7mUQykT6DmTIGpxM6rK03AE68xtuP8qKx1Y1BBTGc1XE9wzPWyPwf8Kvk/v/xcTtrspQrvX60RO2pOIKSqSN+c/d5nPDjaJwvs3+Wc7Wip4IOyGaXmItvXUPso+C4rgTJzdfwmnseOANZpCA4lQoDjkYd+f/dO5C9vbRTBosc2ri85QOQAIjVjW5NfSjOdzaGHy47ZzcexRVZiKvP3yp6wIuhYZOGWYnYy7iGcgvbIkbJsb3SHMIYleAV13weG1dzBI2yevZfCjeR6qObze2MGdCepNvYQ2Tfg1hFI1sOba+TrToys8Fi0AYJauJWmnYWjT/NXFCdTegv/F98L8A2BYAxBHmQA/qaU6YGwgzkTKCpkN/B3DEl3OXVsXvMFdHnNgyEi7p5R4NaAkqLg62vNheb6wmlijMPBbBiUZohqsC3OS6+z/tmtujDE/NSpaiSBU45nD/3RXHAqoe5HsggH1STVLCjXmNt7e16w3IjO4pWWG5Nt5zReRwbQt8UyjtgKwO5snkTV7phVcFqYEcMN7XFqu3++gofUOEKC4YXR4DI2YFcswd7rG1hPmtUTqErAhg7T6DyuXcL
+  template:
+    metadata:
+      annotations:
+        argocd.argoproj.io/sync-options: Prune=false
+        sealedsecrets.bitnami.com/cluster-wide: "true"
+        sealedsecrets.bitnami.com/managed: "true"
+      creationTimestamp: null
+      name: vaultwarden-secrets
+      namespace: vaultwarden
+    type: Opaque