vaultwarden restructure

2025-08-27 00:15:12 +02:00
parent 2384144cd6
commit 56db75f1c4
5 changed files with 965 additions and 155 deletions
--- a/vaultwarden/main.yaml
+++ b/vaultwarden/main.yaml
@@ -97,6 +97,85 @@ subjects:
  name: vaultwarden-svc
 ---
 apiVersion: v1
+data:
+  _enable_duo: "false"
+  _enable_email_2fa: "false"
+  _enable_smtp: "true"
+  _enable_yubico: "false"
+  ADMIN_RATELIMIT_MAX_BURST: "3"
+  ADMIN_RATELIMIT_SECONDS: "300"
+  admin_session_lifetime: "20"
+  authenticator_disable_time_drift: "false"
+  DATABASE_MAX_CONNS: "10"
+  DB_CONNECTION_RETRIES: "15"
+  disable_2fa_remember: "false"
+  disable_icon_download: "false"
+  DOMAIN: https://vault.borninpain.de
+  email_2fa_enforce_on_verified_invite: "false"
+  email_2fa_auto_fallback: "false"
+  email_attempts_limit: "3"
+  EMAIL_CHANGE_ALLOWED: "true"
+  email_expiration_time: "600"
+  email_token_size: "6"
+  EMERGENCY_ACCESS_ALLOWED: "true"
+  EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * *
+  EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * *
+  EXTENDED_LOGGING: "true"
+  EXPERIMENTAL_CLIENT_FEATURE_FLAGS: ssh-key-vault-item,ssh-agent
+  http_request_block_non_global_ips: "true"
+  ICON_BLACKLIST_NON_GLOBAL_IPS: "true"
+  icon_cache_ttl: "2592000"
+  icon_cache_negttl: "259200"
+  icon_download_timeout: "10"
+  ICON_REDIRECT_CODE: "302"
+  ICON_SERVICE: internal
+  incomplete_2fa_time_limit: "3"
+  increase_note_size_limit: "false"
+  INVITATION_EXPIRATION_HOURS: "120"
+  INVITATION_ORG_NAME: Vaultwarden
+  INVITATIONS_ALLOWED: "true"
+  IP_HEADER: X-Real-IP
+  LOG_TIMESTAMP_FORMAT: '%Y-%m-%d %H:%M:%S.%3f'
+  ORG_EVENTS_ENABLED: "false"
+  ORG_GROUPS_ENABLED: "false"
+  password_hints_allowed: "true"
+  password_iterations: "600000"
+  reload_templates: "false"
+  REQUIRE_DEVICE_EMAIL: "false"
+  ROCKET_ADDRESS: 0.0.0.0
+  ROCKET_PORT: "8080"
+  ROCKET_WORKERS: "10"
+  SENDS_ALLOWED: "true"
+  SHOW_PASSWORD_HINT: "false"
+  SIGNUPS_ALLOWED: "true"
+  SIGNUPS_VERIFY: "true"
+  signups_verify_resend_limit: "6"
+  signups_verify_resend_time: "3600"
+  smtp_host: mxe965.netcup.net
+  smtp_security: starttls
+  smtp_port: "587"
+  smtp_from: noreply@borninpain.de
+  smtp_from_name: Vaultwarden
+  smtp_timeout: "15"
+  smtp_embed_images: "true"
+  smtp_accept_invalid_certs: "false"
+  smtp_accept_invalid_hostnames: "false"
+  TRASH_AUTO_DELETE_DAYS: ""
+  use_sendmail: "false"
+  WEB_VAULT_ENABLED: "true"
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: vaultwarden
+    app.kubernetes.io/instance: vaultwarden
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: vaultwarden
+    app.kubernetes.io/version: 1.33.2
+    helm.sh/chart: vaultwarden-0.31.8
+  name: vaultwarden
+  namespace: vaultwarden
+---
+apiVersion: v1
 kind: Service
 metadata:
  labels:
@@ -120,3 +199,77 @@ spec:
    app.kubernetes.io/instance: vaultwarden
    app.kubernetes.io/name: vaultwarden
  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app.kubernetes.io/component: vaultwarden
+    app.kubernetes.io/instance: vaultwarden
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: vaultwarden
+    app.kubernetes.io/version: 1.33.2
+    helm.sh/chart: vaultwarden-0.31.8
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  persistentVolumeClaimRetentionPolicy:
+    whenDeleted: Retain
+    whenScaled: Retain
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: vaultwarden
+      app.kubernetes.io/instance: vaultwarden
+      app.kubernetes.io/name: vaultwarden
+  serviceName: vaultwarden
+  template:
+    metadata:
+      annotations:
+        checksum/config: 168947ab11e3ea29e464b86f13ba129b41fa167f
+        checksum/secret: 63df1807c40909b47d8731b04a208cffc9f387f4
+      labels:
+        app.kubernetes.io/component: vaultwarden
+        app.kubernetes.io/instance: vaultwarden
+        app.kubernetes.io/name: vaultwarden
+    spec:
+      containers:
+      - envFrom:
+        - configMapRef:
+            name: vaultwarden
+        - secretRef:
+            name: vaultwarden
+        image: docker.io/vaultwarden/server:1.33.2-alpine
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 10
+          httpGet:
+            path: /alive
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        name: vaultwarden
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /alive
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        resources: {}
+        volumeMounts:
+        - name: vaultwarden-data
+          mountPath: /data
+      volumes:
+      - name: vaultwarden-data
+        persistentVolumeClaim:
+          claimName: vaultwarden-data-pvc
+      serviceAccountName: vaultwarden-svc