install vaultwarden

soerenschneider · soerenschneider · commit 25a3e3eee3b7 · 2025-03-11T22:09:53.000+01:00
diff --git a/clusters/svc.ez.soeren.cloud/vaultwarden/external-secret-restic.yaml b/clusters/svc.ez.soeren.cloud/vaultwarden/external-secret-restic.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ExternalSecret"
+metadata:
+  name: "vaultwarden-restic-pvc"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "vaultwarden-restic-pvc"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "AWS_ACCESS_KEY_ID"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/vaultwarden/aws-credentials"
+        property: "AWS_ACCESS_KEY_ID"
+    - secretKey: "AWS_SECRET_ACCESS_KEY"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/vaultwarden/aws-credentials"
+        property: "AWS_SECRET_ACCESS_KEY"
+    - secretKey: "RESTIC_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/vaultwarden/restic"
+        property: "pass"
diff --git a/clusters/svc.ez.soeren.cloud/vaultwarden/kustomization.yaml b/clusters/svc.ez.soeren.cloud/vaultwarden/kustomization.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: "kustomize.config.k8s.io/v1beta1"
+kind: "Kustomization"
+namespace: "vaultwarden"
+resources:
+  - "namespace.yaml"
+  - pv.yaml
+  - external-secret-restic.yaml
+  - ../../../apps/vaultwarden
+components:
+  - ../../../apps/vaultwarden/components/istio
+  - ../../../apps/vaultwarden/components/pvc
+  - ../../../apps/vaultwarden/components/restic-pvc
+patches:
+  - target:
+      kind: "VirtualService"
+      name: "vaultwarden"
+    patch: |-
+      - op: "replace"
+        path: "/spec/hosts"
+        value:
+          - "vaultwarden.svc.ez.soeren.cloud"
+configMapGenerator:
+  - name: vaultwarden-restic-pvc
+    options:
+      disableNameSuffixHash: true
+    literals:
+      - "RETENTION_DAYS=7"
+      - "RETENTION_WEEKS=4"
+      - "RETENTION_MONTHS=6"
+      - "RESTIC_TARGETS=/data"
+      - "RESTIC_REPOSITORY=s3:https://s3.amazonaws.com/soerenschneider-restic-prod/vaultwarden"
+      - "RESTIC_BACKUP_ID=vaultwarden"
+      - "SQLITE_FILE=/data/db.sqlite3"
diff --git a/clusters/svc.ez.soeren.cloud/vaultwarden/namespace.yaml b/clusters/svc.ez.soeren.cloud/vaultwarden/namespace.yaml
@@ -0,0 +1,7 @@
+---
+kind: "Namespace"
+apiVersion: "v1"
+metadata:
+  name: "yt-dlp-webui"
+  labels:
+    name: "yt-dlp-webui"
diff --git a/clusters/svc.ez.soeren.cloud/vaultwarden/pv.yaml b/clusters/svc.ez.soeren.cloud/vaultwarden/pv.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: "v1"
+kind: "PersistentVolume"
+metadata:
+  name: "vaultwarden"
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  capacity:
+    storage: "50Gi"
+  storageClassName: "local-storage"
+  local:
+    path: "/mnt/k8s/vaultwarden"
+  claimRef:
+    namespace: "vaultwarden"
+    name: "vaultwarden"
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: "kubernetes.io/hostname"
+              operator: "In"
+              values:
+                - "k8s.ez.soeren.cloud"
