Vaultwarden Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients
\n\nDuring the installation process, a container will be launched with root privileges. This is required\nin order to apply the correct permissions to the
\nVaultwardendata directory. Afterward, theVaultwardencontainer\nwill run as a non-root user (default568).\nSame applies to thepostgrescontainer. This will run afterwards as a non-root user (999).\nOn each upgrade, a container will be launched with root privileges in order to apply the correct\npermissions to thepostgresbackups directory. Container that performs the backup will run as a non-root user (999) afterwards.\nKeep in mind the permissions on the backup directory will be changed to999:999on every update.\nBut will only be changed once for theVaultwardenandpostgresdata directories.
While the option to use Rocket for TLS is there, it is not\nrecommended.\nInstead, use a reverse proxy to handle TLS termination.
Using HTTPS is required for the most of the features to work (correctly).
Interplanetary Filesystem - the Web3 standard for content-addressing, interoperable with HTTP
\n\n", "categories": [ @@ -307,6 +327,26 @@ "title": "IPFS", "icon_url": "https://avatars.githubusercontent.com/u/10536621" }, + "qbittorrent": { + "app_readme": "When application is installed, a container will be launched with root privileges.\nThis is required in order to apply the correct permissions to the ipfs directories.\nAfterward, the
\nipfscontainer will run as a non-root user (Default:568).
The qBittorrent project aims to provide an open-source software alternative to \u00b5Torrent.
\n\n", + "categories": [ + "media", + "torrent", + "download" + ], + "description": "The qBittorrent project aims to provide an open-source software alternative to \u00b5Torrent.", + "healthy": true, + "healthy_error": null, + "location": "/__w/charts/charts/community/qbittorrent", + "latest_version": "1.0.0", + "latest_app_version": "4.5.2", + "latest_human_version": "4.5.2_1.0.0", + "last_update": null, + "name": "qbittorrent", + "recommended": false, + "title": "qBittorrent", + "icon_url": "https://upload.wikimedia.org/wikipedia/commons/9/9e/Qbittorrent_logo.png" + }, "chia": { "app_readme": "When application is installed, a container will be launched with root privileges.\nThis is required in order to apply the correct permissions to the qBittorrent directories.\nAfterward, the
\nqBittorrentcontainer will run as a non-root user (Default:568).
This container runs as root user.
When a port is set to < 9000. Host Networking is enabled automatically.
\n\n\nAlso NodePort services turn to ClusterIP services, to avoid attempts to bind ports twice.
\n
Key file is stored in /plots/keyfile and is generated automatically, only if the file does not exist.\nIf you want to use your own keyfile, you can create a file called keyfile in the /plots directory and it will be used instead.
\n", "categories": [ diff --git a/community/qbittorrent/1.0.0/Chart.lock b/community/qbittorrent/1.0.0/Chart.lock new file mode 100644 index 0000000000..ad10850747 --- /dev/null +++ b/community/qbittorrent/1.0.0/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.1 +digest: sha256:ec8784f128039af68613a8268208bde360d5b178f811c4a16c79a1650ca8be92 +generated: "2023-04-03T17:54:32.688255209+03:00" diff --git a/community/qbittorrent/1.0.0/Chart.yaml b/community/qbittorrent/1.0.0/Chart.yaml new file mode 100644 index 0000000000..359cf235e4 --- /dev/null +++ b/community/qbittorrent/1.0.0/Chart.yaml @@ -0,0 +1,26 @@ +name: qbittorrent +description: The qBittorrent project aims to provide an open-source software alternative to µTorrent. +annotations: + title: qBittorrent +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: '4.5.2' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.1 +home: https://www.qbittorrent.org/ +icon: https://upload.wikimedia.org/wikipedia/commons/9/9e/Qbittorrent_logo.png +sources: +- https://github.com/onedr0p/containers/tree/main/apps/qbittorrent +- https://github.com/truenas/charts/tree/master/community/qbittorrent +- https://www.qbittorrent.org/ +keywords: +- media +- torrent +- download diff --git a/community/qbittorrent/1.0.0/README.md b/community/qbittorrent/1.0.0/README.md new file mode 100644 index 0000000000..a5cbcbd098 --- /dev/null +++ b/community/qbittorrent/1.0.0/README.md @@ -0,0 +1,7 @@ +# qBittorrent + +The [qBittorrent](https://www.qbittorrent.org/) project aims to provide an open-source software alternative to µTorrent. + +> When application is installed, a container will be launched with **root** privileges. +> This is required in order to apply the correct permissions to the qBittorrent directories. +> Afterward, the `qBittorrent` container will run as a **non**-root user (Default: `568`). diff --git a/community/qbittorrent/1.0.0/app-readme.md b/community/qbittorrent/1.0.0/app-readme.md new file mode 100644 index 0000000000..a5cbcbd098 --- /dev/null +++ b/community/qbittorrent/1.0.0/app-readme.md @@ -0,0 +1,7 @@ +# qBittorrent + +The [qBittorrent](https://www.qbittorrent.org/) project aims to provide an open-source software alternative to µTorrent. + +> When application is installed, a container will be launched with **root** privileges. +> This is required in order to apply the correct permissions to the qBittorrent directories. +> Afterward, the `qBittorrent` container will run as a **non**-root user (Default: `568`). diff --git a/community/qbittorrent/1.0.0/charts/common-1.0.1.tgz b/community/qbittorrent/1.0.0/charts/common-1.0.1.tgz new file mode 100644 index 0000000000..60818764b0 Binary files /dev/null and b/community/qbittorrent/1.0.0/charts/common-1.0.1.tgz differ diff --git a/community/qbittorrent/1.0.0/ci/basic-values.yaml b/community/qbittorrent/1.0.0/ci/basic-values.yaml new file mode 100644 index 0000000000..abb2549d2e --- /dev/null +++ b/community/qbittorrent/1.0.0/ci/basic-values.yaml @@ -0,0 +1,17 @@ +qbitNetwork: + webPort: 31000 + btPort: 32444 + +qbitRunAs: + user: 1000 + group: 1000 + +qbitStorage: + downloads: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/downloads + datasetName: "" + config: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/config + datasetName: "" diff --git a/community/qbittorrent/1.0.0/ci/extra-env-values.yaml b/community/qbittorrent/1.0.0/ci/extra-env-values.yaml new file mode 100644 index 0000000000..aafc675a72 --- /dev/null +++ b/community/qbittorrent/1.0.0/ci/extra-env-values.yaml @@ -0,0 +1,20 @@ +qbitConfig: + additionalEnvs: + - name: "TESTVAR" + value: "SOMEVALUE" + - name: "TESTVAR2" + value: "SOMEVALUE2" + +qbitNetwork: + webPort: 31000 + btPort: 32444 + +qbitStorage: + downloads: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/downloads + datasetName: "" + config: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/config + datasetName: "" diff --git a/community/qbittorrent/1.0.0/ci/hostNet-values.yaml b/community/qbittorrent/1.0.0/ci/hostNet-values.yaml new file mode 100644 index 0000000000..0a6906efbb --- /dev/null +++ b/community/qbittorrent/1.0.0/ci/hostNet-values.yaml @@ -0,0 +1,14 @@ +qbitNetwork: + webPort: 30000 + btPort: 32555 + hostNetwork: true + +qbitStorage: + downloads: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/downloads + datasetName: "" + config: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/config + datasetName: "" diff --git a/community/qbittorrent/1.0.0/ix_values.yaml b/community/qbittorrent/1.0.0/ix_values.yaml new file mode 100644 index 0000000000..e8d0c68727 --- /dev/null +++ b/community/qbittorrent/1.0.0/ix_values.yaml @@ -0,0 +1,34 @@ +image: + repository: ghcr.io/onedr0p/qbittorrent + pullPolicy: IfNotPresent + tag: "4.5.2" + +resources: + limits: + cpu: 4000m + memory: 8Gi + +qbitConfig: + additionalEnvs: [] +qbitNetwork: + webPort: 30000 + btPort: 50413 + hostNetwork: false +qbitRunAs: + user: 568 + group: 568 +qbitStorage: + downloads: + type: ixVolume + hostPath: "" + datasetName: downloads + config: + type: ixVolume + hostPath: "" + datasetName: config + +notes: + custom: | + Default credentials: + - username: admin + - password: adminadmin diff --git a/community/qbittorrent/1.0.0/questions.yaml b/community/qbittorrent/1.0.0/questions.yaml new file mode 100644 index 0000000000..3b4aee8ad4 --- /dev/null +++ b/community/qbittorrent/1.0.0/questions.yaml @@ -0,0 +1,209 @@ +groups: + - name: qBittorrent Configuration + description: Configure qBittorrent + - name: User and Group Configuration + description: Configure User and Group for qBittorrent + - name: Network Configuration + description: Configure Network for qBittorrent + - name: Storage Configuration + description: Configure Storage for qBittorrent + - name: Resources Configuration + description: Configure Resources for qBittorrent + +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" + +questions: + - variable: qbitConfig + label: "" + group: qBittorrent Configuration + schema: + type: dict + attrs: + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for qBittorrent. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: qbitRunAs + label: "" + group: User and Group Configuration + schema: + type: dict + attrs: + - variable: user + label: User ID + description: The user id that qBittorrent will run as. + schema: + type: int + min: 1 + default: 568 + required: true + - variable: group + label: Group ID + description: The group id that qBittorrent will run as. + schema: + type: int + min: 1 + default: 568 + required: true + + - variable: qbitNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: webPort + label: Web Port + description: The port for the qBittorrent Web UI. + schema: + type: int + default: 30000 + min: 9000 + max: 65535 + required: true + - variable: btPort + label: BT Port + description: The port for the qBittorrent BitTorrent protocol. Both TCP and UDP + schema: + type: int + default: 50413 + min: 9000 + max: 65535 + required: true + - variable: hostNetwork + label: Host Network + description: | + Bind to the host network. It's recommended to keep this disabled. + schema: + type: boolean + default: false + + - variable: qbitStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: downloads + label: qBittorrent Downloads Storage + description: The path to store qBittorrent Downloads. + schema: + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path + - value: ixVolume + description: ixVolume + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: downloads + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: config + label: qBittorrent Config Storage + description: The path to store qBittorrent Configuration. + schema: + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path + - value: ixVolume + description: ixVolume + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: config + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + + - variable: resources + label: Resources Configuration + group: Resources Configuration + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for qBittorrent. + schema: + type: string + default: 4000m + required: true + - variable: memory + label: Memory + description: Memory limit for qBittorrent. + schema: + type: string + default: 8Gi + required: true diff --git a/community/qbittorrent/1.0.0/templates/NOTES.txt b/community/qbittorrent/1.0.0/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/community/qbittorrent/1.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/community/qbittorrent/1.0.0/templates/_configuration.tpl b/community/qbittorrent/1.0.0/templates/_configuration.tpl new file mode 100644 index 0000000000..5be4e79e3e --- /dev/null +++ b/community/qbittorrent/1.0.0/templates/_configuration.tpl @@ -0,0 +1,11 @@ +{{- define "qbittorrent.configuration" -}} + +{{/* Configmaps */}} +configmap: + qbit-config: + enabled: true + data: + QBITTORRENT__BT_PORT: {{ .Values.qbitNetwork.btPort | quote }} + QBITTORRENT__PORT: {{ .Values.qbitNetwork.webPort | quote }} + +{{- end -}} diff --git a/community/qbittorrent/1.0.0/templates/_portal.tpl b/community/qbittorrent/1.0.0/templates/_portal.tpl new file mode 100644 index 0000000000..a9c110e08c --- /dev/null +++ b/community/qbittorrent/1.0.0/templates/_portal.tpl @@ -0,0 +1,12 @@ +{{- define "qbittorrent.portal" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + path: "/" + port: {{ .Values.qbitNetwork.webPort | quote }} + protocol: http + host: $node_ip +{{- end -}} diff --git a/community/qbittorrent/1.0.0/templates/_qbittorrent.tpl b/community/qbittorrent/1.0.0/templates/_qbittorrent.tpl new file mode 100644 index 0000000000..712ef63cdd --- /dev/null +++ b/community/qbittorrent/1.0.0/templates/_qbittorrent.tpl @@ -0,0 +1,138 @@ +{{- define "qbittorrent.workload" -}} +workload: + qbittorrent: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.qbitNetwork.hostNetwork }} + containers: + qbittorrent: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: {{ .Values.qbitRunAs.user }} + runAsGroup: {{ .Values.qbitRunAs.group }} + {{ with .Values.qbitConfig.additionalEnvs }} + env: + {{ range $env := . }} + {{ $env.name }}: {{ $env.value }} + {{ end }} + {{ end }} + envFrom: + - configMapRef: + name: qbit-config + probes: + liveness: + enabled: true + type: http + port: "{{ .Values.qbitNetwork.webPort }}" + path: / + readiness: + enabled: true + type: http + port: "{{ .Values.qbitNetwork.webPort }}" + path: / + startup: + enabled: true + type: http + port: "{{ .Values.qbitNetwork.webPort }}" + path: / + initContainers: + check-permissions: + enabled: true + type: init + imageSelector: bashImage + resources: + limits: + cpu: 1000m + memory: 512Mi + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + capabilities: + add: + - CHOWN + command: bash + args: + - -c + - | + for dir in /mnt/directories/*; do + if [ ! -d "$dir" ]; then + echo "[$dir] is not a directory, skipping" + continue + fi + + if [ $(stat -c %u "$dir") -eq {{ .Values.qbitRunAs.user }} ] && [ $(stat -c %g "$dir") -eq {{ .Values.qbitRunAs.group }} ]; then + echo "Permissions on ["$dir"] are correct" + else + echo "Permissions on ["$dir"] are incorrect" + echo "Changing ownership to {{ .Values.qbitRunAs.user }}:{{ .Values.qbitRunAs.group }} on the following directories: ["$dir"]" + chown -R {{ .Values.qbitRunAs.user }}:{{ .Values.qbitRunAs.group }} "$dir" + echo "Finished changing ownership" + echo "Permissions after changing ownership:" + stat -c "%u %g" "$dir" + fi + done + +{{/* Service */}} +service: + qbittorrent: + enabled: true + primary: true + type: NodePort + targetSelector: qbittorrent + ports: + webui: + enabled: true + primary: true + port: {{ .Values.qbitNetwork.webPort }} + nodePort: {{ .Values.qbitNetwork.webPort }} + targetSelector: qbittorrent + qbittorrent-bt: + enabled: true + type: NodePort + targetSelector: qbittorrent + ports: + bt-tcp: + enabled: true + primary: true + port: {{ .Values.qbitNetwork.btPort }} + nodePort: {{ .Values.qbitNetwork.btPort }} + targetSelector: qbittorrent + bt-upd: + enabled: true + primary: true + port: {{ .Values.qbitNetwork.btPort }} + nodePort: {{ .Values.qbitNetwork.btPort }} + protocol: udp + targetSelector: qbittorrent + +{{/* Persistence */}} +persistence: + config: + enabled: true + type: {{ .Values.qbitStorage.config.type }} + datasetName: {{ .Values.qbitStorage.config.datasetName | default "" }} + hostPath: {{ .Values.qbitStorage.config.hostPath | default "" }} + targetSelector: + qbittorrent: + qbittorrent: + mountPath: /config + check-permissions: + mountPath: /mnt/directories/config + downloads: + enabled: true + type: {{ .Values.qbitStorage.downloads.type }} + datasetName: {{ .Values.qbitStorage.downloads.datasetName | default "" }} + hostPath: {{ .Values.qbitStorage.downloads.hostPath | default "" }} + targetSelector: + qbittorrent: + qbittorrent: + mountPath: /downloads + check-permissions: + mountPath: /mnt/directories/downloads +{{- end -}} diff --git a/community/qbittorrent/1.0.0/templates/common.yaml b/community/qbittorrent/1.0.0/templates/common.yaml new file mode 100644 index 0000000000..b8ef1222cc --- /dev/null +++ b/community/qbittorrent/1.0.0/templates/common.yaml @@ -0,0 +1,10 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "qbittorrent.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "qbittorrent.configuration" $ | fromYaml) -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "qbittorrent.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/community/qbittorrent/item.yaml b/community/qbittorrent/item.yaml new file mode 100644 index 0000000000..d2f9c8f26b --- /dev/null +++ b/community/qbittorrent/item.yaml @@ -0,0 +1,5 @@ +icon_url: https://upload.wikimedia.org/wikipedia/commons/9/9e/Qbittorrent_logo.png +categories: + - media + - torrent + - download diff --git a/community/vaultwarden/1.0.0/Chart.lock b/community/vaultwarden/1.0.0/Chart.lock new file mode 100644 index 0000000000..e17b6357c4 --- /dev/null +++ b/community/vaultwarden/1.0.0/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.1 +digest: sha256:ec8784f128039af68613a8268208bde360d5b178f811c4a16c79a1650ca8be92 +generated: "2023-04-03T17:51:26.178586108+03:00" diff --git a/community/vaultwarden/1.0.0/Chart.yaml b/community/vaultwarden/1.0.0/Chart.yaml new file mode 100644 index 0000000000..bb085b9a73 --- /dev/null +++ b/community/vaultwarden/1.0.0/Chart.yaml @@ -0,0 +1,24 @@ +name: vaultwarden +description: Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients. +annotations: + title: Vaultwarden +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: '1.27.0' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ +dependencies: + - name: common + repository: file://../../../common + version: 1.0.1 +home: https://github.com/dani-garcia/vaultwarden +icon: https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png +sources: + - https://github.com/dani-garcia/vaultwarden + - https://github.com/truenas/charts/tree/master/community/vaultwarden +keywords: + - password + - manager diff --git a/community/vaultwarden/1.0.0/README.md b/community/vaultwarden/1.0.0/README.md new file mode 100644 index 0000000000..06e50608f5 --- /dev/null +++ b/community/vaultwarden/1.0.0/README.md @@ -0,0 +1,18 @@ +# Vaultwarden + +[Vaultwarden](https://github.com/dani-garcia/vaultwarden) Alternative implementation of the `Bitwarden` server API written in Rust and compatible with upstream Bitwarden clients + +> During the installation process, a container will be launched with **root** privileges. This is required +> in order to apply the correct permissions to the `Vaultwarden` data directory. Afterward, the `Vaultwarden` container +> will run as a **non**-root user (default `568`). +> Same applies to the `postgres` container. This will run afterwards as a **non**-root user (`999`). +> On each upgrade, a container will be launched with **root** privileges in order to apply the correct +> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards. +> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update. +> But will only be changed once for the `Vaultwarden` and `postgres` data directories. + +While the option to use `Rocket` for TLS is there, it is not +[recommended](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS#via-rocket). +Instead, use a reverse proxy to handle TLS termination. + +Using `HTTPS` is **required** for the most of the features to work (correctly). diff --git a/community/vaultwarden/1.0.0/app-readme.md b/community/vaultwarden/1.0.0/app-readme.md new file mode 100644 index 0000000000..06e50608f5 --- /dev/null +++ b/community/vaultwarden/1.0.0/app-readme.md @@ -0,0 +1,18 @@ +# Vaultwarden + +[Vaultwarden](https://github.com/dani-garcia/vaultwarden) Alternative implementation of the `Bitwarden` server API written in Rust and compatible with upstream Bitwarden clients + +> During the installation process, a container will be launched with **root** privileges. This is required +> in order to apply the correct permissions to the `Vaultwarden` data directory. Afterward, the `Vaultwarden` container +> will run as a **non**-root user (default `568`). +> Same applies to the `postgres` container. This will run afterwards as a **non**-root user (`999`). +> On each upgrade, a container will be launched with **root** privileges in order to apply the correct +> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards. +> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update. +> But will only be changed once for the `Vaultwarden` and `postgres` data directories. + +While the option to use `Rocket` for TLS is there, it is not +[recommended](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS#via-rocket). +Instead, use a reverse proxy to handle TLS termination. + +Using `HTTPS` is **required** for the most of the features to work (correctly). diff --git a/community/vaultwarden/1.0.0/charts/common-1.0.1.tgz b/community/vaultwarden/1.0.0/charts/common-1.0.1.tgz new file mode 100644 index 0000000000..aafa51055c Binary files /dev/null and b/community/vaultwarden/1.0.0/charts/common-1.0.1.tgz differ diff --git a/community/vaultwarden/1.0.0/ci/additional-env-values.yaml b/community/vaultwarden/1.0.0/ci/additional-env-values.yaml new file mode 100644 index 0000000000..976eaff776 --- /dev/null +++ b/community/vaultwarden/1.0.0/ci/additional-env-values.yaml @@ -0,0 +1,17 @@ +vaultwardenStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + pgData: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgData + pgBackup: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgBackup + +vaultwardenConfig: + additionalEnvs: + - name: LOG_LEVEL + value: debug + - name: SIGNUPS_ALLOWED + value: false diff --git a/community/vaultwarden/1.0.0/ci/admin-values.yaml b/community/vaultwarden/1.0.0/ci/admin-values.yaml new file mode 100644 index 0000000000..c4654d5d26 --- /dev/null +++ b/community/vaultwarden/1.0.0/ci/admin-values.yaml @@ -0,0 +1,13 @@ +vaultwardenStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + pgData: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgData + pgBackup: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgBackup + +vaultwardenConfig: + adminToken: "super-long-secret-password" diff --git a/community/vaultwarden/1.0.0/ci/basic-values.yaml b/community/vaultwarden/1.0.0/ci/basic-values.yaml new file mode 100644 index 0000000000..845deffc82 --- /dev/null +++ b/community/vaultwarden/1.0.0/ci/basic-values.yaml @@ -0,0 +1,10 @@ +vaultwardenStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + pgData: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgData + pgBackup: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgBackup diff --git a/community/vaultwarden/1.0.0/ci/https-values.yaml b/community/vaultwarden/1.0.0/ci/https-values.yaml new file mode 100644 index 0000000000..588faf86a4 --- /dev/null +++ b/community/vaultwarden/1.0.0/ci/https-values.yaml @@ -0,0 +1,100 @@ +vaultwardenStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + pgData: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgData + pgBackup: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgBackup + +vaultwardenNetwork: + certificateID: 1 + domain: https://vault.example.com:30000 + +ixCertificates: + "1": + certificate: | + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + privatekey: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- diff --git a/community/vaultwarden/1.0.0/ci/other-user-values.yaml b/community/vaultwarden/1.0.0/ci/other-user-values.yaml new file mode 100644 index 0000000000..ed43f9bbf9 --- /dev/null +++ b/community/vaultwarden/1.0.0/ci/other-user-values.yaml @@ -0,0 +1,14 @@ +vaultwardenStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + pgData: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgData + pgBackup: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgBackup + +vaultwardenRunAs: + user: 1000 + group: 1000 diff --git a/community/vaultwarden/1.0.0/ci/ws-disabled-values.yaml b/community/vaultwarden/1.0.0/ci/ws-disabled-values.yaml new file mode 100644 index 0000000000..7c6d1015b2 --- /dev/null +++ b/community/vaultwarden/1.0.0/ci/ws-disabled-values.yaml @@ -0,0 +1,13 @@ +vaultwardenStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + pgData: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgData + pgBackup: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/pgBackup + +vaultwardenNetwork: + wsEnabled: false diff --git a/community/vaultwarden/1.0.0/ix_values.yaml b/community/vaultwarden/1.0.0/ix_values.yaml new file mode 100644 index 0000000000..d188a7a6fd --- /dev/null +++ b/community/vaultwarden/1.0.0/ix_values.yaml @@ -0,0 +1,39 @@ +image: + repository: vaultwarden/server + pullPolicy: IfNotPresent + tag: "1.28.1" + +resources: + limits: + cpu: 4000m + memory: 8Gi + +vaultwardenConfig: + adminToken: "" + additionalEnvs: [] + +vaultwardenNetwork: + webPort: 30000 + wsEnabled: true + wsPort: 30001 + hostNetwork: false + certificateID: "" + domain: "" + +vaultwardenRunAs: + user: 568 + group: 568 + +vaultwardenStorage: + data: + type: ixVolume + hostPath: "" + datasetName: data + pgData: + type: ixVolume + hostPath: "" + datasetName: pgData + pgBackup: + type: ixVolume + hostPath: "" + datasetName: pgBackup diff --git a/community/vaultwarden/1.0.0/questions.yaml b/community/vaultwarden/1.0.0/questions.yaml new file mode 100644 index 0000000000..2992f23a86 --- /dev/null +++ b/community/vaultwarden/1.0.0/questions.yaml @@ -0,0 +1,285 @@ +groups: + - name: Vaultwarden Configuration + description: Configure Vaultwarden + - name: User and Group Configuration + description: Configure User and Group for Vaultwarden + - name: Network Configuration + description: Configure Network for Vaultwarden + - name: Storage Configuration + description: Configure Storage for Vaultwarden + - name: Resources Configuration + description: Configure Resources for Vaultwarden + +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" + admin_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_admin_path" + +questions: + - variable: vaultwardenConfig + label: "" + group: Vaultwarden Configuration + schema: + type: dict + attrs: + - variable: adminToken + label: Admin Token + description: Setting this, will enable the admin portal + schema: + type: string + private: true + max_length: 20 + default: "" + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for Vaultwarden. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: vaultwardenRunAs + label: "" + group: User and Group Configuration + schema: + type: dict + attrs: + - variable: user + label: User ID + description: The user id that Vaultwarden will run as. + schema: + type: int + min: 1 + default: 568 + required: true + - variable: group + label: Group ID + description: The group id that Vaultwarden will run as. + schema: + type: int + min: 1 + default: 568 + required: true + + - variable: vaultwardenNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: webPort + label: Web Port + description: The port for the Vaultwarden Web UI. + schema: + type: int + default: 30000 + min: 9000 + max: 65535 + required: true + - variable: wsEnabled + label: Enable Websocket + schema: + type: boolean + default: true + - variable: wsPort + label: Websocket Port + description: The port for the Vaultwarden Websocket. + schema: + type: int + show_if: [["wsEnabled", "=", true]] + default: 30001 + min: 9000 + max: 65535 + required: true + - variable: hostNetwork + label: Host Network + description: | + Bind to the host network. It's recommended to keep this disabled. + schema: + type: boolean + default: false + - variable: domain + label: Domain + description: | + The domain to use for Vaultwarden + Format is: https://sub.domain.tld:port + schema: + type: string + default: "" + - variable: certificateID + label: Certificate + description: | + The certificate to use for Vaultwarden + Using the Rocket method for TLS setup is NOT recommended + Prefer a reverse proxy with a valid certificate + schema: + type: int + "null": true + $ref: + - "definitions/certificate" + + - variable: vaultwardenStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: data + label: Vaultwarden Data Storage + description: The path to store Vaultwarden attachments, icons, etc. + schema: + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path + - value: ixVolume + description: ixVolume + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: data + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: pgData + label: Vaultwarden Postgres Data Storage + description: The path to store Vaultwarden Postgres Data. + schema: + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path + - value: ixVolume + description: ixVolume + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: pgData + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: pgBackup + label: Vaultwarden Postgres Backup Storage + description: The path to store Vaultwarden Postgres Backup. + schema: + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path + - value: ixVolume + description: ixVolume + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: pgBackup + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + + - variable: resources + label: "" + group: Resources Configuration + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for Vaultwarden. + schema: + type: string + default: 4000m + required: true + - variable: memory + label: Memory + description: Memory limit for Vaultwarden. + schema: + type: string + default: 8Gi + required: true diff --git a/community/vaultwarden/1.0.0/templates/NOTES.txt b/community/vaultwarden/1.0.0/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/community/vaultwarden/1.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/community/vaultwarden/1.0.0/templates/_configuration.tpl b/community/vaultwarden/1.0.0/templates/_configuration.tpl new file mode 100644 index 0000000000..bd5cd15fdb --- /dev/null +++ b/community/vaultwarden/1.0.0/templates/_configuration.tpl @@ -0,0 +1,34 @@ +{{- define "vaultwarden.configuration" -}} + + {{- if and .Values.vaultwardenNetwork.domain (not (hasPrefix "http" .Values.vaultwardenNetwork.domain)) -}} + {{- fail "Vaultwarden - Expected [Domain] to have the following format [http(s)://(sub).domain.tld(:port)]." -}} + {{- end -}} + + {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} + + {{- $dbHost := (printf "%s-postgres" $fullname) -}} + {{- $dbUser := "vaultwarden" -}} + {{- $dbName := "vaultwarden" -}} + + {{- $dbPass := (randAlphaNum 32) -}} + {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}} + {{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}} + {{- end -}} + + {{ $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }} +secret: + postgres-creds: + enabled: true + data: + POSTGRES_USER: {{ $dbUser }} + POSTGRES_DB: {{ $dbName }} + POSTGRES_PASSWORD: {{ $dbPass }} + POSTGRES_HOST: {{ $dbHost }} + POSTGRES_URL: {{ $dbURL }} + {{ with .Values.vaultwardenConfig.adminToken }} + vaultwarden: + enabled: true + data: + ADMIN_TOKEN: {{ . | quote }} + {{ end }} +{{- end -}} diff --git a/community/vaultwarden/1.0.0/templates/_portal.tpl b/community/vaultwarden/1.0.0/templates/_portal.tpl new file mode 100644 index 0000000000..e723ae3d94 --- /dev/null +++ b/community/vaultwarden/1.0.0/templates/_portal.tpl @@ -0,0 +1,24 @@ +{{- define "vaultwarden.portal" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + path: / + admin_path: /admin + port: {{ .Values.vaultwardenNetwork.webPort | quote }} + + {{ if or (hasPrefix "https://" .Values.vaultwardenNetwork.domain) .Values.vaultwardenNetwork.certificateID }} + protocol: https + {{ else }} + protocol: http + {{ end }} + + {{- $host := "$node_ip" -}} + {{ with .Values.vaultwardenNetwork.domain }} {{/* Trim protocol and trailing slash */}} + {{ $host = (. | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/") }} + {{ $host = mustRegexReplaceAll "(.*):[0-9]+" $host "${1}" }} + {{ end }} + host: {{ $host }} +{{- end -}} diff --git a/community/vaultwarden/1.0.0/templates/_postgres.tpl b/community/vaultwarden/1.0.0/templates/_postgres.tpl new file mode 100644 index 0000000000..d1fc9dba86 --- /dev/null +++ b/community/vaultwarden/1.0.0/templates/_postgres.tpl @@ -0,0 +1,48 @@ +{{- define "postgres.workload" -}} +{{/* Postgres Database */}} +workload: +{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds" "resources" .Values.resources) | nindent 2 }} + +{{/* Service */}} +service: + postgres: + enabled: true + type: ClusterIP + targetSelector: postgres + ports: + postgres: + enabled: true + primary: true + port: 5432 + targetSelector: postgres +{{/* Persistence */}} +persistence: + postgresdata: + enabled: true + type: {{ .Values.vaultwardenStorage.pgData.type }} + datasetName: {{ .Values.vaultwardenStorage.pgData.datasetName | default "" }} + hostPath: {{ .Values.vaultwardenStorage.pgData.hostPath | default "" }} + targetSelector: + # Postgres pod + postgres: + # Postgres container + postgres: + mountPath: /var/lib/postgresql/data + # Permissions container, for postgres, container is named "permissions" + permissions: + mountPath: /mnt/directories/postgres_data + postgresbackup: + enabled: true + type: {{ .Values.vaultwardenStorage.pgBackup.type }} + datasetName: {{ .Values.vaultwardenStorage.pgBackup.datasetName | default "" }} + hostPath: {{ .Values.vaultwardenStorage.pgBackup.hostPath | default "" }} + targetSelector: + # Postgres backup pod + postgresbackup: + # Postgres backup container + postgresbackup: + mountPath: /postgres_backup + # Permissions container, for postgres, container is named "permissions" + permissions: + mountPath: /mnt/directories/postgres_backup +{{- end -}} diff --git a/community/vaultwarden/1.0.0/templates/_vaultwarden.tpl b/community/vaultwarden/1.0.0/templates/_vaultwarden.tpl new file mode 100644 index 0000000000..97f4c7a365 --- /dev/null +++ b/community/vaultwarden/1.0.0/templates/_vaultwarden.tpl @@ -0,0 +1,119 @@ +{{- define "vaultwarden.workload" -}} +workload: + vaultwarden: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.vaultwardenNetwork.hostNetwork }} + containers: + vaultwarden: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: {{ .Values.vaultwardenRunAs.user }} + runAsGroup: {{ .Values.vaultwardenRunAs.group }} + env: + ROCKET_PORT: {{ .Values.vaultwardenNetwork.webPort }} + WEBSOCKET_PORT: {{ .Values.vaultwardenNetwork.wsPort }} + WEBSOCKET_ENABLED: {{ .Values.vaultwardenNetwork.wsEnabled }} + DATABASE_URL: + secretKeyRef: + name: postgres-creds + key: POSTGRES_URL + {{ if .Values.vaultwardenConfig.adminToken }} + ADMIN_TOKEN: + secretKeyRef: + name: vaultwarden + key: ADMIN_TOKEN + {{ end }} + {{ if .Values.vaultwardenNetwork.certificateID }} + ROCKET_TLS: '{certs="/certs/public.crt",key="/certs/private.key"}' + {{ end }} + {{ with .Values.vaultwardenNetwork.domain }} + DOMAIN: {{ . }} + {{ end }} + {{ with .Values.vaultwardenConfig.additionalEnvs }} + {{ range $env := . }} + {{ $env.name }}: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: true + type: exec + command: /healthcheck.sh + readiness: + enabled: true + type: exec + command: /healthcheck.sh + startup: + enabled: true + type: exec + command: /healthcheck.sh + initContainers: + {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions" + "UID" .Values.vaultwardenRunAs.user + "GID" .Values.vaultwardenRunAs.group + "type" "install") | nindent 8 }} + {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait" + "secretName" "postgres-creds") | nindent 8 }} + +{{/* Service */}} +service: + vaultwarden: + enabled: true + primary: true + type: NodePort + targetSelector: vaultwarden + ports: + webui: + enabled: true + primary: true + port: {{ .Values.vaultwardenNetwork.webPort }} + nodePort: {{ .Values.vaultwardenNetwork.webPort }} + targetSelector: vaultwarden + ws: + enabled: {{ .Values.vaultwardenNetwork.wsEnabled }} + port: {{ .Values.vaultwardenNetwork.wsPort }} + nodePort: {{ .Values.vaultwardenNetwork.wsPort }} + targetSelector: vaultwarden + +{{/* Persistence */}} +persistence: + data: + enabled: true + type: {{ .Values.vaultwardenStorage.data.type }} + datasetName: {{ .Values.vaultwardenStorage.data.datasetName | default "" }} + hostPath: {{ .Values.vaultwardenStorage.data.hostPath | default "" }} + targetSelector: + vaultwarden: + vaultwarden: + mountPath: /data + 01-permissions: + mountPath: /mnt/directories/data + + {{- if .Values.vaultwardenNetwork.certificateID }} + cert: + enabled: true + type: secret + objectName: vaultwarden-cert + defaultMode: "0600" + items: + - key: tls.key + path: private.key + - key: tls.crt + path: public.crt + targetSelector: + vaultwarden: + vaultwarden: + mountPath: /certs + readOnly: true + +scaleCertificate: + vaultwarden-cert: + enabled: true + id: {{ .Values.vaultwardenNetwork.certificateID }} + {{- end -}} +{{- end -}} diff --git a/community/vaultwarden/1.0.0/templates/common.yaml b/community/vaultwarden/1.0.0/templates/common.yaml new file mode 100644 index 0000000000..a892f75b24 --- /dev/null +++ b/community/vaultwarden/1.0.0/templates/common.yaml @@ -0,0 +1,11 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "vaultwarden.configuration" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "vaultwarden.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "vaultwarden.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/community/vaultwarden/item.yaml b/community/vaultwarden/item.yaml new file mode 100644 index 0000000000..d7fad19236 --- /dev/null +++ b/community/vaultwarden/item.yaml @@ -0,0 +1,4 @@ +icon: https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png +categories: + - password + - managerWhen set on
\nharvestermodekeysvariable is set tononeand no generation is performed.