diff --git a/README.md b/README.md index 28fab7e..29503af 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Torrent stack +# Bitwarden server (Vaultwarden) ## Usage Self-hosted password manager, giving individual the insurance that data is not used by unkown entity, with the drawback of having to take care of the security yourself. diff --git a/manifests/database.yaml b/manifests/database.yaml new file mode 100644 index 0000000..bc149d1 --- /dev/null +++ b/manifests/database.yaml @@ -0,0 +1,30 @@ +kind: "postgresql" +apiVersion: "acid.zalan.do/v1" + +metadata: + name: "vaultwarden" + namespace: "vaultwarden" + labels: + team: acid + +spec: + teamId: "acid" + postgresql: + version: "15" + numberOfInstances: 1 + volume: + size: "1Gi" + storageClass: "flat-storage-class" + users: + vaultwarden: [] + databases: + vaultwarden: vaultwarden + allowedSourceRanges: + # IP ranges to access your cluster go here + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml new file mode 100644 index 0000000..260599a --- /dev/null +++ b/manifests/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: vaultwarden +spec: + replicas: 1 + selector: + matchLabels: + app: vaultwarden + template: + metadata: + labels: + app: vaultwarden + spec: + hostname: vaultwarden + subdomain: vaultwarden + containers: + - name: vaultwarden + image: vaultwarden/server + ports: + - containerPort: 80 + env: + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: vaultwarden.vaultwarden.credentials.postgresql.acid.zalan.do + key: password + - name: SIGNUPS_ALLOWED + value: "true" + - name: DATABASE_URL + value: "postgresql://vaultwarden:$(DB_PASSWORD)@vaultwarden.vaultwarden.svc.cluster.local:5432/vaultwarden" + volumes: + - name: vaultwarden-pv + hostPath: + path: "/mnt/vaultwarden" diff --git a/manifests/ingress.yaml b/manifests/ingress.yaml new file mode 100644 index 0000000..65b24f3 --- /dev/null +++ b/manifests/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden-ingress + namespace: vaultwarden + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + tls: + - secretName: vaultwarden-beta-tls + hosts: + - bitwarden.beta.halia.dev + rules: + - host: bitwarden.beta.halia.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vaultwarden-svc + port: + number: 80 diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml new file mode 100644 index 0000000..131512f --- /dev/null +++ b/manifests/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - database.yaml + - service.yaml + - ingress.yaml + - deployment.yaml diff --git a/manifests/namespace.yaml b/manifests/namespace.yaml new file mode 100644 index 0000000..6fc17a5 --- /dev/null +++ b/manifests/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vaultwarden diff --git a/manifests/service.yaml b/manifests/service.yaml new file mode 100644 index 0000000..471c7aa --- /dev/null +++ b/manifests/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden-svc + namespace: vaultwarden +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + app: vaultwarden