Refining vaultwarden

Merge branch 'vaultwarden'
Finished vaultwarden
2024-11-14 23:25:16 +00:00 · 2024-11-14 23:07:49 +00:00 · 2024-11-14 23:07:23 +00:00 · 2024-11-14 10:17:26 +00:00 · 2024-11-14 10:10:31 +00:00 · 2024-11-14 09:58:26 +00:00
12 changed files with 88 additions and 18 deletions
--- a/immich-argocd-apps/Chart.yaml
+++ b/immich-argocd-apps/Chart.yaml
@@ -2,4 +2,5 @@ apiVersion: v2
 name: immich-argocd-apps
 description: A Helm chart for deploying Immich as an ArgoCD app
 type: application
-version: 0.1.0
+version: 0.1.4
+appVersion: v1.120.2
--- a/immich-argocd-apps/templates/immich-main-chart.yaml
+++ b/immich-argocd-apps/templates/immich-main-chart.yaml
@@ -17,6 +17,8 @@ spec:
    helm:
      releaseName: immich
      valuesObject:
+        image:
+          tag: {{ .Chart.AppVersion }}
        immich:
          persistence:
            library:
--- a/vaultwarden-argocd-apps/templates/vaultwarden-chart.yaml
+++ b/vaultwarden-argocd-apps/templates/vaultwarden-chart.yaml
@@ -15,12 +15,22 @@ spec:
    helm:
      releaseName: vaultwarden
      valuesObject:
+        domain: {{ .Values.vaultwarden.fqdn }}
+        timeZone: {{ .Values.vaultwarden.timeZone }}
        database:
          type: postgresql
          existingSecret: {{ .Values.vaultwarden.dbCluster.secretName }}
          existingSecretKey: uri
+        data:
+          name: {{ .Values.vaultwarden.dataPvc.name }}
+          size: {{ .Values.vaultwarden.dataPvc.size }}
+          class: {{ .Values.vaultwarden.dataPvc.storageClassName }}
+        attachments:
+          name: {{ .Values.vaultwarden.attachmentPvc.name }}
+          size: {{ .Values.vaultwarden.attachmentPvc.size }}
+          class: {{ .Values.vaultwarden.attachmentPvc.storageClassName }}
        ingress:
-          enabled: true
+          enabled: false
  destination:
    server: {{ .Values.mainDestination }}
    namespace: {{ .Values.mainNamespace }}
--- a/vaultwarden-argocd-apps/templates/vaultwarden-postinstall.yaml
+++ b/vaultwarden-argocd-apps/templates/vaultwarden-postinstall.yaml
@@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vaultwarden-postinstall
+  namespace: {{ .Values.argocd.namespace }}
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
+spec:
+  project: {{ .Values.argocd.project }}
+  source:
+    repoURL: {{ .Values.argocd.postinstall.repoURL }}
+    targetRevision: {{ .Values.argocd.postinstall.targetRevision }}
+    path: {{ .Values.argocd.postinstall.path }}
+    helm:
+      releaseName: vaultwarden-postinstall
+      valuesObject:
+        tailscaleIngresses:
+          vaultwardenHostname: {{ .Values.tailscaleIngresses.vaultwardenHostname }}
+  destination:
+    server: {{ .Values.destination.server }} 
+    namespace: {{ .Values.destination.namespace }}
+  syncPolicy:
+    automated:
+      prune: true           # Automatically remove resources no longer in the repo
+      selfHeal: true        # Automatically self-heal when drift is detected
+    syncOptions:
+      - ApplyOutOfSyncOnly=true
+      - ServerSideApply=true
+      - CreateNamespace=true
--- a/vaultwarden-argocd-apps/templates/vaultwarden-requirements-app.yaml
+++ b/vaultwarden-argocd-apps/templates/vaultwarden-requirements-app.yaml
@@ -22,7 +22,8 @@ spec:
          dataPvc:
            name: {{ .Values.vaultwarden.dataPvc.name }}
            storageClassName: {{ .Values.vaultwarden.dataPvc.storageClassName }}
-            size: {{ .Values.vaultwarden.dataPvc.size }}        
+            size: {{ .Values.vaultwarden.dataPvc.size }}
+        mainNamespace: {{ .Values.destnation.namespace }}
  destination:
    server: {{ .Values.destination.server }} 
    namespace: {{ .Values.destination.namespace }}
--- a/vaultwarden-argocd-apps/values.yaml
+++ b/vaultwarden-argocd-apps/values.yaml
@@ -23,8 +23,12 @@ vaultwarden:
    name: vaultwarden-data
    storageClassName: ''
    size: 10Gi
-  FQDN: vaultwarden.domain.net
-  replicaCount: 1
+  attachmentPvc:
+    name: vaultwarden-attachments
+    storageClassName: 'linode-block-storage-retain-luks-vw'
+    size: 10Gi
+  fqdn: vaultwarden.domain.net
+  timeZone: "Europe/Lisbon"

 tailscaleIngresses:
-  odooHostname: odoo
+  vaultwardenHostname: vaultwarden
--- a/vaultwarden-postinstall/Chart.yaml
+++ b/vaultwarden-postinstall/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
 name: vaultwarden-postinstall
-description: A Helm chart for Kubernetes
+description: A Helm chart for deploynig vaultwarden's ingress
 type: application
 version: 0.1.0
--- a/vaultwarden-postinstall/templates/vaultwarden-ingress.yaml
+++ b/vaultwarden-postinstall/templates/vaultwarden-ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ts-vaultwarden
+  annotations:
+    tailscale.com/funnel: "true"
+spec:
+  defaultBackend:
+    service:
+      name: vaultwarden
+      port:
+        name: http
+  ingressClassName: tailscale
+  tls:
+    - hosts:
+        - {{ .Values.tailscaleIngresses.vaultwardenHostname }}
--- a/vaultwarden-postinstall/values.yaml
+++ b/vaultwarden-postinstall/values.yaml
@@ -0,0 +1,2 @@
+tailscaleIngresses:
+  vaultwardenHostname: vaultwarden
--- a/vaultwarden-requirements/templates/encrypted-storage-class.yaml
+++ b/vaultwarden-requirements/templates/encrypted-storage-class.yaml
@@ -0,0 +1,14 @@
+allowVolumeExpansion: true
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: linode-block-storage-retain-luks-vw
+  namespace: kube-system
+provisioner: linodebs.csi.linode.com
+reclaimPolicy: Retain
+parameters:
+  linodebs.csi.linode.com/luks-encrypted: "true"
+  linodebs.csi.linode.com/luks-cipher: "aes-xts-plain64"
+  linodebs.csi.linode.com/luks-key-size: "512"
+  csi.storage.k8s.io/node-stage-secret-namespace: {{ .Values.mainNamespace }}
+  csi.storage.k8s.io/node-stage-secret-name: vw-data-luks-key
--- a/vaultwarden-requirements/templates/vaultwarden-data.yaml
+++ b/vaultwarden-requirements/templates/vaultwarden-data.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Values.vaultwarden.dataPvc.name }}
-spec:
-  storageClassName: {{ .Values.vaultwarden.dataPvc.storageClassName }}
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.vaultwarden.dataPvc.size }}
--- a/vaultwarden-requirements/values.yaml
+++ b/vaultwarden-requirements/values.yaml
@@ -6,3 +6,4 @@ vaultwarden:
    name: vaultwarden-data
    storageClassName: ''
    size: 10Gi
+mainNamespace: vaultwarden
Author	SHA1	Message	Date
Thomas Blarre	71d8aa9fc5	Refining vaultwarden	2024-11-14 23:25:16 +00:00
Thomas Blarre	b648b0fc49	Merge branch 'vaultwarden'	2024-11-14 23:07:49 +00:00
Thomas Blarre	5ffcfa4039	Finished vaultwarden	2024-11-14 23:07:23 +00:00
roukydesbois	661abbce61	Bumped immich to 1.120.2	2024-11-14 10:17:26 +00:00
roukydesbois	d6c0a3c548	Bumped immich to 1.120.1	2024-11-14 10:10:31 +00:00
roukydesbois	05f4d90f56	Bumped immich to 1.120.0	2024-11-14 09:58:26 +00:00
roukydesbois	9ac2647482	PROPERLY binding immich argocd apps appversion to immich version	2024-11-14 09:42:34 +00:00
roukydesbois	a3fa03c9f3	PROPERLY binding immich argocd apps appversion to immich version	2024-11-14 09:41:05 +00:00
roukydesbois	d3cb5b4365	PROPERLY binding immich argocd apps appversion to immich version	2024-11-14 09:38:51 +00:00
roukydesbois	277ea22a82	Binding immich argocd apps appversion to immich version	2024-11-14 09:36:05 +00:00