j/home-server
1
0
Fork 0
Code Issues 7 Pull requests Projects 1 Releases Packages Wiki Activity Actions

still drinking yolo vaultwarden

Browse source
This commit is contained in:
j 2025-07-12 18:53:13 +10:00
parent b325f73d63
commit 8b0f9f17f2
1 changed files with 36 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

92
deployments/home-server/vaultwarden.yaml
View file

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: vaultwarden-pv name: vaultwarden-pgdata-pv
spec: spec:
capacity: capacity:
storage: 5Gi storage: 5Gi
@ -11,12 +11,12 @@ spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: local-path storageClassName: local-path
hostPath: hostPath:
path: /dpool/services/vaultwarden/data path: /dpool/services/vaultwarden-pgdata
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: vaultwarden-pvc name: vaultwarden-pgdata-pvc
namespace: home-server namespace: home-server
spec: spec:
accessModes: accessModes:
@ -25,83 +25,63 @@ spec:
resources: resources:
requests: requests:
storage: 5Gi storage: 5Gi
volumeName: vaultwarden-pv volumeName: vaultwarden-pgdata-pv
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: vaultwarden name: vaultwarden-postgres
namespace: home-server namespace: home-server
spec: spec:
selector:
app: vaultwarden
ports: ports:
- port: 80 - port: 5432
targetPort: 80 selector:
protocol: TCP app: vaultwarden-postgres
---
apiVersion: v1
kind: Secret
metadata:
name: vaultwarden-postgres-secret
namespace: home-server
type: Opaque
stringData:
postgres-password: "super-strong-password"
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: vaultwarden name: vaultwarden-postgres
namespace: home-server namespace: home-server
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: vaultwarden app: vaultwarden-postgres
template: template:
metadata: metadata:
labels: labels:
app: vaultwarden app: vaultwarden-postgres
spec: spec:
containers: containers:
- name: vaultwarden - name: postgres
image: vaultwarden/server:latest image: postgres:15
imagePullPolicy: Always
env: env:
- name: TZ - name: POSTGRES_DB
value: "Australia/Brisbane" value: vaultwarden
- name: WEBSOCKET_ENABLED - name: POSTGRES_USER
value: "true" value: vaultuser
- name: SIGNUPS_ALLOWED - name: POSTGRES_PASSWORD
value: "false" # Set to "true" if you want open registration valueFrom:
- name: ADMIN_TOKEN secretKeyRef:
value: 0h12893hj0129j30129j3 name: vaultwarden-postgres-secret
key: postgres-password
ports: ports:
- containerPort: 80 - containerPort: 5432
volumeMounts: volumeMounts:
- name: vaultwarden-data - name: pgdata
mountPath: /data mountPath: /var/lib/postgresql/data
volumes: volumes:
- name: vaultwarden-data - name: pgdata
persistentVolumeClaim: persistentVolumeClaim:
claimName: vaultwarden-pvc claimName: vaultwarden-pgdata-pvc
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vaultwarden
namespace: home-server
annotations:
external-dns.alpha.kubernetes.io/hostname: vault.hxme.net
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
nginx.ingress.kubernetes.io/server-snippet: |
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
spec:
tls:
- hosts:
- vault.hxme.net
secretName: wildcard-hxme-net
rules:
- host: vault.hxme.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vaultwarden
port:
number: 80