diff --git a/services/Bitwarden/deploy-Bitwarden.yml b/services/Bitwarden/deploy-Bitwarden.yml deleted file mode 100644 index a101bac..0000000 --- a/services/Bitwarden/deploy-Bitwarden.yml +++ /dev/null @@ -1,129 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bitwarden -spec: - ports: - - protocol: TCP - name: ui - port: 8080 - - protocol: TCP - name: websocket - port: 3012 - selector: - app: bitwarden ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bitwarden - labels: - app: bitwarden -spec: - replicas: 1 - selector: - matchLabels: - app: bitwarden - template: - metadata: - labels: - app: bitwarden - spec: - serviceAccountName: bitwarden - containers: - - name: bitwarden - image: bv11-cr01.bessems.eu/proxy/vaultwarden/server - env: - - name: ENABLE_DB_WAL - value: "false" - - name: ROCKET_PORT - value: "8080" - - name: SIGNUPS_ALLOWED - value: "false" - - name: WEBSOCKET_ENABLED - value: "true" - - name: WEBSOCKET_PORT - value: "3012" - - name: LOG_LEVEL - value: "debug" - - name: EXTENDED_LOGGING - value: "true" - envFrom: - - secretRef: - name: bitwarden-secret - ports: - - name: ui - containerPort: 8080 - - name: websocket - containerPort: 3012 - volumeMounts: - - mountPath: /data - name: flexvolsmb-bitwarden-data - volumes: - - name: flexvolsmb-bitwarden-data - persistentVolumeClaim: - claimName: flexvolsmb-bitwarden-data ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bitwarden - labels: - app: bitwarden ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: bitwarden -spec: - entryPoints: - - websecure - routes: - - match: Host(`vault.spamasaurus.com`) - kind: Rule - services: - - name: bitwarden - port: 8080 - middlewares: - - name: security-headers@file - - name: compression@file - - match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`) - kind: Rule - services: - - name: bitwarden - port: 3012 - middlewares: - - name: security-headers@file - - name: compression@file ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: flexvolsmb-bitwarden-data -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - storageClassName: flexvolsmb-bitwarden-data - flexVolume: - driver: mount/smb - secretRef: - name: smb-secret - options: - opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl - server: 192.168.11.225 - share: /K3s.Volumes/bitwarden/data ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: flexvolsmb-bitwarden-data - namespace: default -spec: - accessModes: - - ReadWriteMany - storageClassName: flexvolsmb-bitwarden-data - resources: - requests: - storage: 1Gi diff --git a/services/Bitwarden/sealedSecret-Bitwarden.yml b/services/Bitwarden/sealedSecret-Bitwarden.yml deleted file mode 100644 index 262dcd2..0000000 --- a/services/Bitwarden/sealedSecret-Bitwarden.yml +++ /dev/null @@ -1,27 +0,0 @@ -{ - "kind": "SealedSecret", - "apiVersion": "bitnami.com/v1alpha1", - "metadata": { - "name": "bitwarden-secret", - "namespace": "default", - "creationTimestamp": null - }, - "spec": { - "template": { - "metadata": { - "name": "bitwarden-secret", - "namespace": "default", - "creationTimestamp": null, - "labels": { - "app": "bitwarden" - } - }, - "data": null - }, - "encryptedData": { - "ADMIN_TOKEN": "AgBOegUE4Q0kKaTcDUrOlexTGqCECq5lV74ScLu4Qc+AsBPjsJDd/L/OADtg3rY7KOt+kaqNH+wop5PY540h8aB1CDSqRLtdqO2GmJT98muPJpOwPC6ynbW2Z1w9p6ptY1U41MqlPh0yiKyoIMwdrRBM0U+I23O8OkhNQNNA+Y98/SCEuCXIHgPZ+wwN6v8GgEh3ISrATdqcahPSr63BNHEw+alAevYJNd+b2K+zW2EjeS6+5cBe5zqtv16CEAt3o62j6kYD2ylox6UOoBXDRHkf3mINX/mBu/WUB9KHa/WvpX1toJ4orb6wWaZFNohw3/grMFnCov5Hmk2WkEUkhy6sjblyz7eUhmL8zXfJjqB4b0ekn/QkKJL5qp0lSHVKgHXPo+pu1l+Kh9RlqkLXwvbbH1HTYUEzvIN6+fwNkFz2g+IEqDhOGAhQHbBg13Q0+Qk/r9qdsrUQCDQLRxTH/qC7EKygFkvd23Tl4a/x7h++mgMCkDkceghtQXmJCxk/AjrjUAKaEGEFJDpPkW6EroJeZfgN2SUcfWymKULQw9TLhpts6EN0eOBK/pwV4pMeA7DD8XdJ7YkPRM4lzhNuHDgxwvPOt+i3RtVbKjpYoodsmZtFUm81Bi5VH+o3xxvlVKTKT4uGgUft1XbrtimR760eTMtabiSkQp9GIC/BhhuBCNZH9L5km+2d6TVHjumg7Pdz4EHQaDp1IHPNAnU1qaQzCPK9906645Jg0EUr8w7sR4wsoEtewKrTDEe0xhTCOIU=", - "YUBICO_CLIENT_ID": "AgCjzixOtJ3R6p25k+beRevZyRVB6gNVOzNd2nmIdHRqFkgWujZfFOPkwwV7RR2QgtdOAO0x48fF7oCHmbBz5gUIp62okLjZBNoeP5ekT1MyGxtda1Ce7DmceCn9I73sqSVRnave+7h0UjQHZ7da7Qw03GGrjNp9hNk6jPb5Y8KhHemfghqotUys5EflX4XOTsvz1pZOdzCySYvfSnitAWkRwHcBTsufryq6bbu743M0hQ0TVLOvTXFTV6v9HkzmVqBw8NQJlQiAItVzoN9c1wg81419SFYs5QqQZdqu7RjIY0SdsjLwjJCTJM3KoRHtTQNacbXFDT8TR2iFi6qf4E2/GISNbEZg8I3epgMvTtej/kNUMuCT1t93FvxwILOH5qWM4qG+ZogNrti4iIGw1GmTx/4YJapgRPSbSRH+h2HjXKfoiCGHVLOSHs9AOjJCsKj91fBoo+54qP+33muGHy/WFrWDBKI448EPWTUbTK6Mzt8aWcownVapXhCxhv1A/siuRr++bYiuueC1jnW5LK4xSNkGRK0fNB0yjBZJoyvlOfJbMLamk7aqGeygPQ/8MUIQ9tWLGti8VMuFjeuliUsxH+7BlHu74jNQCdQpXegH2eOj9kr1JlIzAVho1h+u/33jtFkwnoF1oX8npT2IfrZSOnkeX0klTjFbkpNBEUN7OehItO5Cxz2WDJ9DQs76E4sc1YsfLA==", - "YUBICO_SECRET_KEY": "AgDGnO3bkS2HuzBWvdyirs61iW2uV3qvdiEiEyOFrOvKBlxpJrjSgMUCAOjDeux4l/2QlovNLRxGoj6ti34ZhA4PAWjVWVdKNac3WB0pW3S1kVdLSQSc/rwi6ICHiz4wSuR+oYA4Uz/paewH7Y7KfsN7KF2aKCGADm3mMaw7ptYkMdUqNgJvsAFizjFATd8wV3KmAJAZlIgtULY83/2MC0Qn7wS9ySymks3cae+LtirUcWDMGFvJ/7KlyQyeMHdT+EOalM5uovoW/VI9sDanGHXnbn/ikDWmmmCOs6QkYh0aOb/OghJ5zj6kRG/rdfGN0UqZrgFzYAJ7ozwnqkABFdCs+J531HRg38CEvgXOUXEIJ2e2rsYzVccJUDD8hFCHpaShxAghccSEAptkXzI0mgtWe9sYnPfC5gQ/dlo/vIWbsEMOAIDl6poe+Dc7ZvwqQGIemLTm51lc99ocM9Ej/RChvTGS3iXeJAfD+43kfcAZl67nLEsh2GtE56EipA/uGwkFDvQZ7zPWaic/WzcsE5aEdkWUHSgGxLHsHAMb/zQySEIUyGj0ohMyvFE3cSdwRguzFFyqAbsgpQ4Pz28uSgCNNx7xe7wlO2QwHTpVL3cRiM1dnZIuTISFIF61RUoQbCOxnmbxyzMsk4+1Cv+DH9pgBtSDD4lGhb/2XM6o9/WWWRNrTsHnXJgtinq4jclJQ8RIVihiLWPEPbCvYEjJuMxtd+5jUMp6NKH5CHUq" - } - } -} diff --git a/services/Gitea/deployment-Gitea.yml b/services/Gitea/deployment-Gitea.yml index e7e1d66..6a549c9 100644 --- a/services/Gitea/deployment-Gitea.yml +++ b/services/Gitea/deployment-Gitea.yml @@ -17,7 +17,8 @@ spec: spec: containers: - name: gitea - image: bv11-cr01.bessems.eu/proxy/gitea/gitea:1.19 + # image: bv11-cr01.bessems.eu/proxy/gitea/gitea:1.19 + image: gitea/gitea:1.19 imagePullPolicy: Always env: - name: DB_TYPE diff --git a/services/Gitea/ingressRoute-Gitea.yml b/services/Gitea/ingressRoute-Gitea.yml index f799857..559f8fc 100644 --- a/services/Gitea/ingressRoute-Gitea.yml +++ b/services/Gitea/ingressRoute-Gitea.yml @@ -12,6 +12,6 @@ spec: services: - name: gitea port: 3000 - middlewares: - - name: security-headers@file - - name: compression@file + # middlewares: + # - name: security-headers@file + # - name: compression@file diff --git a/services/Gitea/persistentVolume-Gitea.yml b/services/Gitea/persistentVolume-Gitea.yml index babdb76..9d9bce3 100644 --- a/services/Gitea/persistentVolume-Gitea.yml +++ b/services/Gitea/persistentVolume-Gitea.yml @@ -11,10 +11,10 @@ spec: flexVolume: driver: mount/smb secretRef: - name: smb-secret + name: flexvolsmb-credentials options: - opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl - server: 192.168.11.225 + opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl + server: 192.168.154.225 share: /K3s.Volumes/gitea/data --- apiVersion: v1 @@ -30,8 +30,8 @@ spec: flexVolume: driver: mount/smb secretRef: - name: smb-secret + name: flexvolsmb-credentials options: - opts: domain=bessems.eu,file_mode=0600,dir_mode=0600,iocharset=utf8 - server: 192.168.11.225 + opts: file_mode=0600,dir_mode=0600,iocharset=utf8 + server: 192.168.154.225 share: /K3s.Volumes/gitea/ssh diff --git a/services/Gitea/sealedSecret-SMBSecret.yml b/services/Gitea/sealedSecret-SMBSecret.yml deleted file mode 100644 index 668836a..0000000 --- a/services/Gitea/sealedSecret-SMBSecret.yml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: smb-secret - namespace: gitea -spec: - encryptedData: - password: AgA2RNwf1Lv5KZQ3QrzNpwN0Bi1reMjEdeE6W+H86DGmHebic3yayuucntVBn3JFzBAd0yzFuAjpWSiJRhUiXDSz3Z+QvBiokXTYD14BQ2zTI11H0K3q3lbz9GWhZ7947rViRNIqjKDppZ2DHm+HbLpf5TnYVAqT2JBRoZYku0kDQ/xEDlLxOQ4l+ZCmJY1LGfxMrwo/pWcng1UdbiEF/zkeyAe+18fgrfDkG/kbeFKpX0TpO0fDvWxYt/QoQa2Ei5YNLCHHrZQz+y3MTrPpLdPkVK1ooBFxVNfVjdWbhHHlCbEAoPMcG1+TxOE4o9s8h0AgHUYTr992Cw0k4md3iHuRg7PeObweaa57LDASMLDfTymW8UFmDvpsurV/sB9CrBtmGE5vJzZ06NOU7UKqjWCjpWZ5uL1JUM54IgqJIqgWbmboM0NpLrinDLg/qvVKnndLzhgRGudFdqPzde/UqXebFd8BdFCnmXus/xPESOvl8gw7ucpVUHwJb8kFBTesMkYClDrGPHxLAqDQ3EkCEINxIGBZz6ycMirKYvsXPyB45/y/gGcbetgerWJ2j6nyjP3GtMpVuvw28oZW+lLRscSEoXd0fAgaKM83dJqfI025CKSYnY4ckpSiOvHr5xUs8o70PHCB8zHbeY1nhdzuc3qyCMP47tQOzqorz4YVqx8S3UwpbSU6wxXfXeJ2gZG6BwPgf/CRCdfjRcfGTHsico/o - username: AgBHQNeci3xoZ4ePihMM/EXK06kaUbrstRWqFJM67AnZuw66f8mAZWDYqpF8QynmaxwhyoTsS5vagFBh8KlfpNEVhl30w73+vb8j/xeq/32+d9ae++6q2CcbLAvn9Ezv6Y0PV3REbrlY5eGCMrc9AOIXZfNucZNcfZEbM547IEpxYTfmZLO7pwG0/c18IP6v/Lz2IdP80jkFK6yt0c7/x68v00UMDJ73RkpP0oKToQgAfmJrdXQTUfyA187Jr37umvnJW5gy5VPWaMzJ2B+sonkEGTCWWTji+P3dfBrHYa/kCYJwJqLoAuBbbkG3/NpbrdCnc35oOdmQOWVPj8fJdMDHE57F2dgWq3bnp23X05TDRaeSFSu24XDN2FWA/60jIE0ElX+e9oGgGainWEvOV9ekY6UZFhk1RzurvcUUGa9cilTiMtlnkLVWlLCEuI9tbwDVx2/bvAWuvmuwtyJhsl2cbu6ZHKMa+WF3K+Obrw4gWDHW+bmskw50fCZoQ0FK0b7Kdb+3qi5kBWaL006mXqJGHLnlNi2UA6F8SUPMcYYa34mv+IskBNrC/evxeaJ/3mC/sw3mBMwIOOzHWX/gMQRaghXZMks9X5ICpWodNPkizREy7Gc2yGnsHBX/FDhLmcCP2qzZ/352lQc0a5PKz2ZSYslULqjtbLUMqR/Td3ed017R7JSkbGNZeFYNO7was979jDRRuZA= - template: - data: null - metadata: - creationTimestamp: null - name: smb-secret - namespace: gitea - type: mount/smb - diff --git a/services/Gitea/sealedsecret-flexvolsmb-credentials.yaml b/services/Gitea/sealedsecret-flexvolsmb-credentials.yaml new file mode 100644 index 0000000..f089dca --- /dev/null +++ b/services/Gitea/sealedsecret-flexvolsmb-credentials.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: flexvolsmb-credentials + namespace: gitea +spec: + encryptedData: + password: AgBXexS/ciX+5APi07J2Y/UtRfRlI+EIls9TAabPnVaRWjeAUVzTlJ9duv491QalcLEZaDzu4jWCXhcYJqLVax+FFJJxaewPYfingS/Foaw03p6tE70CF3Dddeu0oNK2jwldDHL5/NHvH1o5QF7WgMu9gdrYPnUEwJ5vAInf7FOn+K35ewomAN5BBV23a3faohRGMYNms/JdNip456GSiVqKXbUL04eSvqKHhxgwqdLHD7mijV2a2GGmC9QQ886NKh+EDTsqg6skTQ7oEMejAQQOt6LyTr8OP2Phy6kkD++MTkSH5y6z9UJE4214WVE1Evhse94q9leS5pi/DD1s9xFXVXOGBScYOqrzm6dFjVaRrL4688ALcOykN92iIQJtPbBU9zV2mI1WwKet000AyJU5sr7yzl+d7dFOULPdkF5Wtuf0oAK6z6JLCmVZSPvrimKzsPNpuT1ziDaay/XBONU9KyjQG1Jf28THiXJni0/K8vEfjB/pp7010vBI+cW/c/zhi9dfzT1z0fVkA4tl4yjelRCEtFwj5b5qKPNrLjmcU5FPeIK+mv6iRW15Rn/cxK60vn61bHHI6NW+ozRuYJbknPd7AO5utjTntzAOZErLdqzXOmTWh8mJMqjoeeEwq9lROYRBjUWRGiTG8sOh4Z3NUcGH4oL7T2m8g9gUBEz99A3/lXurWBdYvssDCyxS9UXDPEUaI+yeLCepbVgcJeQd + username: AgBZQjEVHei5IOl9qZgBfA88DeP6aOridfWHKEY2e8JzqDb6xS0YXYHgc0LZwZ/HuhQljnhSfu+L/YbAfbaK0LJPSuq2pqfDMjbufBHZ9vmDHa/vVn5oWdAIaRViwohvjvQRtxMfQ53Q/zuKGQla0O7yB0J570F7/dnC52MvszwGs6Yfrp7M9OztC2P5zj7LoM7R8IkxJSihOA6K4Cmfs4yWzYFMwihoHg9LKS9QlpfjGlmpkfSfIOczJo3PMZjd+m4bhpa5phiUqGUYzqWdeIixTaLXmUP/x9psbsd/wDpYlZnKEXmVQnW4tQ/QSbNGFIYg28QamYvg1Qmd78zJ40D2n6VSg9krk8rDg/5TVd0Mqj0dPgRRauJpMm62o41SE6U3LdXvrQnfqtquHLig7wKCMt6+E/brKsULcFtK8X90PRqESUlywZHXBAzpk9+ALD5RwrrClyO+DqKLoYO+2TtFnVwJOPTDRQzUa5uXHOGHDTsDuZyL5IODPz+nodtQ9ty+qpruszLc45nAc1hEiNSKaqH824AKgRr790gvg0AqIvttAoxt9cE/d73F1MHyFd1uoBliL15JmxnNkn7gO3DPWvj9M1GTOFkrYFKNrH1WB+ines9zW0FHsbK+eRXC6YizTvuMg1YPNZfVE9gnKGw8RX92LWZft+dWLtgHmaMF0A3LYxF2Dnj6HyOhx8s2T2HcaC6D+TQ= + template: + metadata: + creationTimestamp: null + name: flexvolsmb-credentials + namespace: gitea + type: mount/smb diff --git a/services/Guacamole/deployment-Guacamole.yml b/services/Guacamole/deployment-Guacamole.yml index 1cd64ad..5e8f999 100644 --- a/services/Guacamole/deployment-Guacamole.yml +++ b/services/Guacamole/deployment-Guacamole.yml @@ -18,8 +18,8 @@ spec: hostname: guacamole containers: - name: guacamole -# image: bv11-cr01.bessems.eu/proxy/guacamole/guacamole:1.4.0 - image: bv11-cr01.bessems.eu/proxy/guacamole/guacamole:1.5.3 + # image: bv11-cr01.bessems.eu/proxy/guacamole/guacamole:1.5.3 + image: guacamole/guacamole:1.5.3 env: - name: GUACD_HOSTNAME value: 'guacamole.guacamole.svc.cluster.local' @@ -33,15 +33,12 @@ spec: volumeMounts: - name: flexvolsmb-guacamole-home mountPath: /etc/guacamole -# - name: flexvolsmb-guacamole-opt -# mountPath: /opt/guacamole/mysql/mysql-connector-java-5.1.46.jar -# subPath: mysql-connector-java-5.1.46.jar ports: - name: ui containerPort: 8080 - name: guacd -# image: bv11-cr01.bessems.eu/proxy/guacamole/guacd:1.4.0 - image: bv11-cr01.bessems.eu/proxy/guacamole/guacd:1.5.3 + # image: bv11-cr01.bessems.eu/proxy/guacamole/guacd:1.5.3 + image: guacamole/guacd:1.5.3 env: - name: GUACD_LOG_LEVEL value: 'debug' @@ -49,7 +46,8 @@ spec: - name: proxy containerPort: 4822 - name: mysql - image: bv11-cr01.bessems.eu/proxy/library/mysql:latest + # image: bv11-cr01.bessems.eu/proxy/library/mysql:latest + image: mysql:latest securityContext: runAsUser: 999 runAsGroup: 999 @@ -72,6 +70,3 @@ spec: - name: flexvolsmb-guacamole-home persistentVolumeClaim: claimName: flexvolsmb-guacamole-home -# - name: flexvolsmb-guacamole-opt -# persistentVolumeClaim: -# claimName: flexvolsmb-guacamole-opt diff --git a/services/Guacamole/ingressRoute-Guacamole.yml b/services/Guacamole/ingressRoute-Guacamole.yml index 5e39609..8e3b2e7 100644 --- a/services/Guacamole/ingressRoute-Guacamole.yml +++ b/services/Guacamole/ingressRoute-Guacamole.yml @@ -14,5 +14,5 @@ spec: port: 8080 middlewares: - name: prepend-path-guacamole - - name: security-headers@file - - name: compression@file + # - name: security-headers@file + # - name: compression@file diff --git a/services/Guacamole/persistentVolume-Guacamole.yml b/services/Guacamole/persistentVolume-Guacamole.yml index 2fc3c08..2ccfad9 100644 --- a/services/Guacamole/persistentVolume-Guacamole.yml +++ b/services/Guacamole/persistentVolume-Guacamole.yml @@ -11,10 +11,10 @@ spec: flexVolume: driver: mount/smb secretRef: - name: smb-secret + name: flexvolsmb-credentials options: - opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8,nobrl - server: 192.168.11.225 + opts: file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8,nobrl + server: 192.168.154.225 share: /K3s.Volumes/guacamole/db --- apiVersion: v1 @@ -30,8 +30,8 @@ spec: flexVolume: driver: mount/smb secretRef: - name: smb-secret + name: flexvolsmb-credentials options: - opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8 - server: 192.168.11.225 + opts: file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8 + server: 192.168.154.225 share: /K3s.Volumes/guacamole/home diff --git a/services/Guacamole/sealedSecret-SMBSecret.yml b/services/Guacamole/sealedSecret-SMBSecret.yml deleted file mode 100644 index 7d0a6c9..0000000 --- a/services/Guacamole/sealedSecret-SMBSecret.yml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: smb-secret - namespace: guacamole -spec: - encryptedData: - password: AgAltnI39VLMEunbwj29kqFyMTpMopC0XinqS6eK+ni7iE1GF3B8PQMkyHGhckmOQVLjlg5E7hT70wdwUFzzkkOFl6Ytvt9Vjp7d2Lkr7VbMKHAuxcfCp7uEk81AWvf0oK6Vk4Cle5PL//cJwSiuKdVa/wkKqjtsNLvsS2ufPHBSgUxylLgaJrFZPHgSScmdeLQk2Wd+uRkO2oo5t9QTNhvaRsgzOwzYzB27tT+8/I8g99Cod+mG2PaVVSQJ+6Vw0qQzXvU3EsnK3tQyKWYCMM4mLpqOyVE9S1sdAAmwrHNafZBApHyDm1fELH/cJ/Ps4pyXWn+VxzRPE8UfAcbORLSSF8hb+gpWsJ61OAssmCr/2zGEtKQ76QW2stJ2aMgdqn1sr+FPLEnRFQd3A0kILPqv04J70d/t5dLcyble7npMSHSvd0uL0kmNto/3AbPJpptHkW3MSeP+VcN3+zYFXHWroHHpSKvcYunPE/S5T/qOKN+BFkzoJXiwZh3OX0k6/0Enh3GuQQ9zTmAlx0yWdqM8ZJetPVajmbZO+IilZYiBXL+gYKHMqZfrhwUyW9gWx4VqhDmlI/jBCqqpBaErT+G1X23bFMbhdtn/SufRjbpz1hN6zKYkkW5gshZOwC64A3zcA2hsGY+fk3X7EW92A8VwfT1k57tEuvJIDB4ejcg9Sj3K1wvIH+goABybuiI/y+n0gKqyfseUjEYWJq5cJEHs - username: AgCiRQ0ql/PDGzdQCPTMM0GqhRD0KCTSQh0JGw2QTEEM2JeKiL0f2c9G/HEkPx+NJHv3E2wIJ+4Tt2OdpuB1jqgnShkc45KGbwZ0BwNoX8XjzEbPyjAEZyBPRiXYqEH2wwIqgce35pcsB6OIXdMV3p1h/j66kpV5rEQkYoj6BPi3UxTNvzgjExOZxeEwLQjVgSytwreex7gRE9B4ZZid8iBeZAzummGkdhpMePfPtrmrC2FYmejdaKEQEMgY3QIH/QHJUHqJ9V8SS8YUZ5/7mhiePnJUv/1spL9Cnp1qbdtKPB1nU3fu5bdqFN+UAMKFFNL/p1eueRDXZxgCobRtd17caRXtbGEc93sKINbd6iCQ6in0zcMTSWjy7ZGQNC0KcouEyR5n1VyJ4dYn82uhDlh9HUU/21WFkvr29CUJFfe/keHjSyaZOqdzFHj9FPLzewdDT0Dg3GPPROPcdd30CKtTKWzKbyJP0/CrIC17YtQSeFDwHLTIiggB5hZ4LaycSyrDdH/5rtYkOCk6O/kfzwHDHpNacWULfbPjqsAC2U9Ex1UOpawX1LX8gqPfHlM8ZBAixYopKTZpvwchUZubWkIchoOy4z/+8ynjXNblkfShs0/yvuV7sIFJCMfn39CP8ngdeJJKbBOGQ+LbqLoDnMA5LqV7vuhAZci27tlSeV7tZmjrAmdjCoFU/IzizqAZL5pGxJS/l3s= - template: - data: null - metadata: - creationTimestamp: null - name: smb-secret - namespace: guacamole - type: mount/smb - diff --git a/services/Guacamole/sealedsecret-flexvolsmb-credentials.yaml b/services/Guacamole/sealedsecret-flexvolsmb-credentials.yaml new file mode 100644 index 0000000..c64693a --- /dev/null +++ b/services/Guacamole/sealedsecret-flexvolsmb-credentials.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: flexvolsmb-credentials + namespace: guacamole +spec: + encryptedData: + password: AgA5Rj3gn3X5ITztEpXBzECP5GUHAQVY/KnDQYxJFXocY55x4i6ggTjRllXAstQhh6vkGNV0TGuuATV34/6qvt3UzTZoajicQ5cJ1nU2SiYMQWuZh7BoTDv6osua19jsS39gnJUGDvrVWNZ6sKPXK+B/2cBkqh6JKQWHYzJUy4iqJ6ZCKLOaEVSVibX+U5UAhKJ2KPH5jIxV/asO/PtjtC6saYWOPXyMCgjFwcVOs843/sagVJB46bkK8Ud8842vE8UrZtESxNY5d/TYZkWqQs/4OR14ceBtVr3AhmTy371LDzI8zkFxATfUSjBJ8nlmTy+SMjD5B8tgU3j/qKw0fmVRIcgYybd6H7WtdeQm+eKRx9fuHnYAqEGIkIm+zZ0tGYVRXsZ4dFIe3SZ7/Q1vylOSnPV1g3o4ofSQj/kMME4Rtczis6qJNsYZEbB55alKtQJZx+i86bYyqRlZvzamYzZUqfrMECkOlsqKOvQ0ZSRZxqBFR4hwxoRNs9THe02qMjpjKiqjAZrfn2GpuavKoEdUqwhcQOGdYBN7LNPcRdTxulE9d5jTwmZ+9hBdWLxP/tMcO72XlVQm9w59UXtA/FogN5d5e5B5Wu7qfodcmCToQ9O9BUCCeHl94U98IjzutSAOMbbaRp3XRbSEawpVyxIF4N7LVxm40VhlvZDScASkxyHENwIPAdP1ZWUGt0MTLOXFQ7rEwhdJrj2yszsnE9FP + username: AgBzKCegpgyL2EkamKd2VejVzroRz0fcVFnZ/9RuvYYSq2IyhJj4mbE0CUyGAX1mB48HsacloVMVTvFwDCoPRmsjR1qddiCWUaye9/wYsUYrYhEv+o+3IWFHIdzPN8ArF8B9DwcvAtamAx8BOf7Zx3UTbRYyrM8/2114VRVmtEcBpR7BUp+Djt4O2rJFPeDgHIkg3ljcg3hWdi3QO2NM8nvszn8rQCXBAKDJ1oQqFkUoXO+L6RBPmONVEjX5WN+noalf4C1ZSJNrLg0cCI4/2rpvt9LOkFlchI4h3c4xIj9mqkzj+d9FN0M55yfrAS6PbHXmd1GdoLqAbl8F0SV3kmm9SnCvxPQZOZTTkEs4zVrRYSgSt1s7I5t9Ng+/5kIXi6qN7YGtfvSbRGzFUO+39qRhtdpPvF3dpfFnGRFPdylrP5x067JKVywC/9gaHcVvlHHAwbFKnYh2lnDrmzwL3VqpVyxfxY7ksruUWrFGWhZKEfbw1m2d0oVO3fozgx+IxwGlnw1Lo1q2DFFY5zt47kRKC91cJBTGHZT8LUsyS8+WJpXRsrDQvp96gNgPs1+hQOJWl9g/HAyv2kbVnkRDPekOSzLwfDW4PAqwZ2NehUSP0G7jDZgLXTOFa5U+tZ0HBF0ENy5Ln2O7qlRqcX4tWXFUlffX7G/MRNof6HqYtU2ydo0iJSyvBbqe4hx2PHXOK3fYd/I8HAU= + template: + metadata: + creationTimestamp: null + name: flexvolsmb-credentials + namespace: guacamole + type: mount/smb diff --git a/services/Vaultwarden/_namespace-vaultwarden.yml b/services/Vaultwarden/_namespace-vaultwarden.yml new file mode 100644 index 0000000..6fc17a5 --- /dev/null +++ b/services/Vaultwarden/_namespace-vaultwarden.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vaultwarden diff --git a/services/Vaultwarden/deployment-vaultwarden.yaml b/services/Vaultwarden/deployment-vaultwarden.yaml new file mode 100644 index 0000000..3b1a2cd --- /dev/null +++ b/services/Vaultwarden/deployment-vaultwarden.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app: vaultwarden +spec: + replicas: 1 + selector: + matchLabels: + app: vaultwarden + template: + metadata: + labels: + app: vaultwarden + spec: + serviceAccountName: vaultwarden + containers: + - name: vaultwarden + # image: bv11-cr01.bessems.eu/proxy/vaultwarden/server + image: vaultwarden/server + env: + - name: ENABLE_DB_WAL + value: "false" + - name: ROCKET_PORT + value: "8080" + - name: SIGNUPS_ALLOWED + value: "false" + - name: WEBSOCKET_ENABLED + value: "true" + - name: WEBSOCKET_PORT + value: "3012" + - name: LOG_LEVEL + value: "debug" + - name: EXTENDED_LOGGING + value: "true" + envFrom: + - secretRef: + name: vaultwarden + ports: + - name: ui + containerPort: 8080 + - name: websocket + containerPort: 3012 + volumeMounts: + - mountPath: /data + name: flexvolsmb-vaultwarden-data + volumes: + - name: flexvolsmb-vaultwarden-data + persistentVolumeClaim: + claimName: flexvolsmb-vaultwarden-data diff --git a/services/Vaultwarden/ingressroute-vaultwarden.yaml b/services/Vaultwarden/ingressroute-vaultwarden.yaml new file mode 100644 index 0000000..c39df3d --- /dev/null +++ b/services/Vaultwarden/ingressroute-vaultwarden.yaml @@ -0,0 +1,25 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: vaultwarden + namespace: vaultwarden +spec: + entryPoints: + - websecure + routes: + - match: Host(`vault.spamasaurus.com`) + kind: Rule + services: + - name: vaultwarden + port: 8080 + middlewares: + - name: security-headers@file + - name: compression@file + - match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`) + kind: Rule + services: + - name: vaultwarden + port: 3012 + # middlewares: + # - name: security-headers@file + # - name: compression@file diff --git a/services/Vaultwarden/persistentvolume-flexvolsmb-vaultwarden-data.yaml b/services/Vaultwarden/persistentvolume-flexvolsmb-vaultwarden-data.yaml new file mode 100644 index 0000000..ed12d16 --- /dev/null +++ b/services/Vaultwarden/persistentvolume-flexvolsmb-vaultwarden-data.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-vaultwarden-data +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-vaultwarden-data + flexVolume: + driver: mount/smb + secretRef: + name: flexvolsmb-credentials + options: + opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl + server: 192.168.154.225 + share: /K3s.Volumes/vaultwarden/data diff --git a/services/Vaultwarden/persistentvolumeclaim-flexvolsmb-vaultwarden-data.yaml b/services/Vaultwarden/persistentvolumeclaim-flexvolsmb-vaultwarden-data.yaml new file mode 100644 index 0000000..77558cc --- /dev/null +++ b/services/Vaultwarden/persistentvolumeclaim-flexvolsmb-vaultwarden-data.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-vaultwarden-data + namespace: vaultwarden +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-vaultwarden-data + resources: + requests: + storage: 1Gi diff --git a/services/Vaultwarden/sealedsecret-flexvolsmb-credentials.yaml b/services/Vaultwarden/sealedsecret-flexvolsmb-credentials.yaml new file mode 100644 index 0000000..408db9c --- /dev/null +++ b/services/Vaultwarden/sealedsecret-flexvolsmb-credentials.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: flexvolsmb-credentials + namespace: vaultwarden +spec: + encryptedData: + password: AgAFSxyvsZICWKYR0ZY7tNH17VP2XPrOIA//MldFVwm4f7npDiclcO/buJE8k/S4iWx5VA9mPXwboZOzUJOakL/6G5rhQ0VxpkaQXDHOqv5412NA0j9lc+ZvB3WD32AvujNUOXgPj4PenmUKe1SX4LT8p3QXbC/3Cpl9YmgsB7c7T3TNg9NGtztbPibwHPUn/wc9wcGbyZQVN7JUd0U9eayifucGxdzjVQtNx9khHerCHDdEJ9AzM4YDPAUwLrkML3KaKO4Kr7XhNRDYV1eGNWBTFbM1O/kISJmt2TBXDe+cQjcygznmybcs8lhX3nHSjJ27SzheBtnD26SwcZ5UqihExK6m1qvl62ePwtztUlHFJeCSTfwWZHigVFwi7TIw6xaXvdDX6Th4/KN403hh0EkxHvlvcHOLsI3eu8predUf3ZyqpZex6fB+c9CBrCRMQzoMXeSBntC+59NxfH7tDLthAS+nHMrBEJDvpckPFd/SZe2xA6nBZngaA0NZewWwBgMVhyjp9/zvHyLwfItb0IgVIN7sfK58BKDT40JdbdwwpvB1xdZ8IktAoUpMc+pSI+ZrVtQwrPYR6g09QzMV6qqTfz/V34zkScaK/E5vLr4hhUv2gjJeqWKc+xg7vrLg3z6K2Ssys21o+UyzOlm3tPl+LPTMFor1B8QrPLX/hFQX2kzG7wblWt1PHA7PoYLby/VEXRiOeDv3Aq30+TyF8RaH + username: AgAErKLnO4ikMdR2PSkFdBIFY3deVh1dcpe6+bbOoXCSfqThLnXlszT5xyfgicwYH21MkTjaGovX63CPNva7SgN430nJHZ6v0TbSRwABVFvyXQJxFGTKe+9Bv6+FF76de/qZyhdgXFkX9Wseh1YdEhKmzopUYLtFjArYOGkGE8antUDs448OALwT73ZoRUFnUVfDxdAinKwdzcGQFr6zbK7LeflhX6buCC/+arJxoG3lDDjiuz00bliZf6+Fa5N0JohaUrWp2vOU25IHnVD7GawLWP6Eihb7GbM4BK9/h4oLcyUr9mD5DP/NsNeDe023mbrsog0vcyAG+y1oxYmknB5JKhTbdkwOEubmoQFLvF8qqARsZSg22twWTHayGZrK9Egj1N+kkQyiHLFJCCAu5YDzBLfBRgH1GIQNVFiFi1BDHS/3X+LJpSW5RhHhN7StfDUL81ej9heFbpvwVo8FwcT1Z0sSJ6OIEgIKmg0XVy7NCFdsiUkIwA1dndbHBFtlmrmUaTxnxKS7H73RI1v9OO7FLtX3RYgiKflR+rmggn2M1vaIS+FrgAdowQyDToxlRV2uMpiPJAlaURb/0GnNjN/7UaLtyM42DSBbKs7TO+vQ0UI6WjsZoEGPhJb8pN9LdUpUS0g6QRSCxHTDykEy4b2bmVqlf44bbTDBl0HzbmQXPkHKympQb6otIUy5m61Iy0XNjrCDyJw= + template: + metadata: + creationTimestamp: null + name: flexvolsmb-credentials + namespace: vaultwarden + type: mount/smb diff --git a/services/Vaultwarden/sealedsecret-vaultwarden.yaml b/services/Vaultwarden/sealedsecret-vaultwarden.yaml new file mode 100644 index 0000000..4e93b30 --- /dev/null +++ b/services/Vaultwarden/sealedsecret-vaultwarden.yaml @@ -0,0 +1,19 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: vaultwarden + namespace: vaultwarden +spec: + encryptedData: + ADMIN_TOKEN: AgCTXDX4Dan6UyXd8CK4VB5LG6ReeDOD8Pz/9DYMzaDsTOEw5CUXZ09TkNxB89f6yKHcrjpOA0YOSFs3pF532bw643pY5PrK3rVjRNNxTc9OlvHa/+iv/piiKCzowiq2Bv7tCVJ3UUPlaB3DgLTZxRfobqyryi8CE8ybMSGXkGA7X9hqYKbu2izFOLcQPFbUEqBkqQoh4Di94D6CO+aTuBo3irOypmOa3RG/ELk6DVYsRZG1FLBitI554pRfcxCnO2loQsSSKX5npC1PwpPJCjSgKS1UTC5zqMSLAyXG6RNtnP1zVDM55+Xc/TZ1i0luT5ED6KltigU4ugEuBN7wx/TICzWB9HI9eCaZ33KERMiOx1sn5W4PE3/3qOaLjUJDEW1wbW3j9whm1xMm1Mt5UqwVONUEwoEAg1TMkDGP/1+C230hZ8JNa31f2XfjTgmroApbK9mPEwa020EoqFzBNCznsEv0x3FYkcRhMZ5Cbefc4ZHNZzMpBcEEtoXtGBgRVHaHsi1ftq402w9LNqbBE87JLV55aSy6cyseZL56gqSlu7tRdCr0EDndHn7hE+yT1EwYudmfW1B4AaHSw+FcI5l6IeR1UNkNSKg5h0d+p2kEdXdO1w5mpa7XXiu8bob5xJPiz0siD/WjhjZbMXzdWs8D7y7gJlaCIx8NW7+wirEZEtef8Hd0Cd/GiZ8mU/ODAVENPir/mwlT/5a04TaFzKCrXgIrwSzagMw632C9olWUHfDZKsJMBkCDeR7LDwfIIos= + YUBICO_CLIENT_ID: AgCTwkK6e5gMpl9yquaCDadFTlBa8LqWGOaadEqG8801+z66LiUptoPKxl7+j22Zg44w4kdcv/HAIEzjkVvOs+iC5PhGLO389GcpPaNvwuqxcKqraU2CSNbANByB+vFyy1zO1NgmE68PMC2/siZIF/NP58j6Ca6JJTzy9Pm+m2/YhqdlnBdlGopzpbIf9PSpNaZUQSowpySBtlWOVcVNxRgOCbkLxYnb3Ykq3+gYFcbSi3HWVAz3Kb4LbypqOV0Kt8kkf6Jy5kjQAIowuooVyUZI4ZKWpgGwvseJBfEqjhoNkaR6UduL6gnwfNcA8e09q+HsbnLOsLOVAFxrPRxcOOKy4UNi1q66K4bXIR+kN4auvKIzJIW4oJUzKqNpHZ5RPFaLrfEOQEL/H37hd4KpqRPHP3fPw/DKlXWLYlYpzR4tSab9csw9o/lkfN5sQQXPIIUuYdAURLlLI/kX2rnbkHx8HhjveeIW9qQx0bkcJN5lOUwyhCt4pXmNXUyVP1ydqRZ2SBtAbfxIZGdTEnFGEAk6H5cw6i7RCFfgfWp9MUbIWmmjwK4RQe3dVs000+6gTUVfYBOa755GMdR0ODxRcghfT8+e/NpXHbn1Dhuc5kcc1oRbGGOdu/F22b5j6tCdrbdLbUUsxugpzxidohVBRhrDfTETB1HkZM9LrlN5EXElfsEKhRTr0XP9O+rtkaraedOOj935Zg== + YUBICO_SECRET_KEY: AgAsQmn/4Z9C/Edo6UEnTSdJ2X55vf+aPt7vzattekf48Xc9fXZ9uN7B/3rA1Dg9HhuBWVQc8SaN3sJqRP0c4tzl5zYUZqgf9ZXZ53ZkXRI2yqcud8bCyHsbvJKXerOHpkkTjLyZjuj6f5I5rBQr12PYejcqGir+wdV7fgzJ//ArTLXlevWsrpA5amzYjqk59rCsw6BxIkFev1vux7Xes1/ODB8Hr40bhq5h0eeIwmK/d8xI0LSn79qP6S1SnWWyMAJ49Lnp90kBPBDzSftjT47KHaZBuVq5gol7Fk0Pb1pI0XipSy5S+hKkAMDcRuUVMY42y64J5Zvc938NU0zwv7ITyl8J+FIeMknLqy30p5a6j0F6/O0a+zTw+uXZzg2a68YnSCgclAp4mCF1C+Q8rnTVGNETwefsbXQtLUvyqJJ0l893u+TcE0Wr5WJsOimfRU2r2KSg6H89/pulm6wNkerbl7xireJCMP+syxw7qntRueLtmUkZ7E9tJnKWCLjr6jxasm51RLZO3DUAPyMs2CB5G1iLCHvkwpU9MW+tf43DOQ+IX1MC893OQugeXW+tAKtqcF5oaIXVt56383CnalKUdCyddy67YQ7hpuA1L14varLRf3VhSpNtGdzZshhmbFx2Msd4gtwW+3xB9ODbKtiI3pHBA8NnlFJ8mTo6SI31VfBc7N/IGlu+yqOLy371culfG5QvXleQv4bD2namOSM8+84SlfewxQTxFWVV + template: + metadata: + creationTimestamp: null + labels: + app: vaultwarden + name: vaultwarden + namespace: vaultwarden + type: Opaque diff --git a/services/Vaultwarden/service-vaultwarden.yaml b/services/Vaultwarden/service-vaultwarden.yaml new file mode 100644 index 0000000..077cfb8 --- /dev/null +++ b/services/Vaultwarden/service-vaultwarden.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden + namespace: vaultwarden +spec: + ports: + - protocol: TCP + name: ui + port: 8080 + - protocol: TCP + name: websocket + port: 3012 + selector: + app: vaultwarden diff --git a/services/Vaultwarden/serviceaccount-vaultwarden.yaml b/services/Vaultwarden/serviceaccount-vaultwarden.yaml new file mode 100644 index 0000000..7df94bc --- /dev/null +++ b/services/Vaultwarden/serviceaccount-vaultwarden.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app: vaultwarden