Refactor Gitea,Guacamole,Vaultwarden

This commit is contained in:
2023-12-26 19:52:08 +11:00
parent 998c6e888e
commit 6780322b44
21 changed files with 225 additions and 221 deletions

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: vaultwarden

View File

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
namespace: vaultwarden
labels:
app: vaultwarden
spec:
replicas: 1
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
serviceAccountName: vaultwarden
containers:
- name: vaultwarden
# image: bv11-cr01.bessems.eu/proxy/vaultwarden/server
image: vaultwarden/server
env:
- name: ENABLE_DB_WAL
value: "false"
- name: ROCKET_PORT
value: "8080"
- name: SIGNUPS_ALLOWED
value: "false"
- name: WEBSOCKET_ENABLED
value: "true"
- name: WEBSOCKET_PORT
value: "3012"
- name: LOG_LEVEL
value: "debug"
- name: EXTENDED_LOGGING
value: "true"
envFrom:
- secretRef:
name: vaultwarden
ports:
- name: ui
containerPort: 8080
- name: websocket
containerPort: 3012
volumeMounts:
- mountPath: /data
name: flexvolsmb-vaultwarden-data
volumes:
- name: flexvolsmb-vaultwarden-data
persistentVolumeClaim:
claimName: flexvolsmb-vaultwarden-data

View File

@ -0,0 +1,25 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
entryPoints:
- websecure
routes:
- match: Host(`vault.spamasaurus.com`)
kind: Rule
services:
- name: vaultwarden
port: 8080
middlewares:
- name: security-headers@file
- name: compression@file
- match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`)
kind: Rule
services:
- name: vaultwarden
port: 3012
# middlewares:
# - name: security-headers@file
# - name: compression@file

View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-vaultwarden-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-vaultwarden-data
flexVolume:
driver: mount/smb
secretRef:
name: flexvolsmb-credentials
options:
opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.154.225
share: /K3s.Volumes/vaultwarden/data

View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-vaultwarden-data
namespace: vaultwarden
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-vaultwarden-data
resources:
requests:
storage: 1Gi

View File

@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: flexvolsmb-credentials
namespace: vaultwarden
spec:
encryptedData:
password: AgAFSxyvsZICWKYR0ZY7tNH17VP2XPrOIA//MldFVwm4f7npDiclcO/buJE8k/S4iWx5VA9mPXwboZOzUJOakL/6G5rhQ0VxpkaQXDHOqv5412NA0j9lc+ZvB3WD32AvujNUOXgPj4PenmUKe1SX4LT8p3QXbC/3Cpl9YmgsB7c7T3TNg9NGtztbPibwHPUn/wc9wcGbyZQVN7JUd0U9eayifucGxdzjVQtNx9khHerCHDdEJ9AzM4YDPAUwLrkML3KaKO4Kr7XhNRDYV1eGNWBTFbM1O/kISJmt2TBXDe+cQjcygznmybcs8lhX3nHSjJ27SzheBtnD26SwcZ5UqihExK6m1qvl62ePwtztUlHFJeCSTfwWZHigVFwi7TIw6xaXvdDX6Th4/KN403hh0EkxHvlvcHOLsI3eu8predUf3ZyqpZex6fB+c9CBrCRMQzoMXeSBntC+59NxfH7tDLthAS+nHMrBEJDvpckPFd/SZe2xA6nBZngaA0NZewWwBgMVhyjp9/zvHyLwfItb0IgVIN7sfK58BKDT40JdbdwwpvB1xdZ8IktAoUpMc+pSI+ZrVtQwrPYR6g09QzMV6qqTfz/V34zkScaK/E5vLr4hhUv2gjJeqWKc+xg7vrLg3z6K2Ssys21o+UyzOlm3tPl+LPTMFor1B8QrPLX/hFQX2kzG7wblWt1PHA7PoYLby/VEXRiOeDv3Aq30+TyF8RaH
username: AgAErKLnO4ikMdR2PSkFdBIFY3deVh1dcpe6+bbOoXCSfqThLnXlszT5xyfgicwYH21MkTjaGovX63CPNva7SgN430nJHZ6v0TbSRwABVFvyXQJxFGTKe+9Bv6+FF76de/qZyhdgXFkX9Wseh1YdEhKmzopUYLtFjArYOGkGE8antUDs448OALwT73ZoRUFnUVfDxdAinKwdzcGQFr6zbK7LeflhX6buCC/+arJxoG3lDDjiuz00bliZf6+Fa5N0JohaUrWp2vOU25IHnVD7GawLWP6Eihb7GbM4BK9/h4oLcyUr9mD5DP/NsNeDe023mbrsog0vcyAG+y1oxYmknB5JKhTbdkwOEubmoQFLvF8qqARsZSg22twWTHayGZrK9Egj1N+kkQyiHLFJCCAu5YDzBLfBRgH1GIQNVFiFi1BDHS/3X+LJpSW5RhHhN7StfDUL81ej9heFbpvwVo8FwcT1Z0sSJ6OIEgIKmg0XVy7NCFdsiUkIwA1dndbHBFtlmrmUaTxnxKS7H73RI1v9OO7FLtX3RYgiKflR+rmggn2M1vaIS+FrgAdowQyDToxlRV2uMpiPJAlaURb/0GnNjN/7UaLtyM42DSBbKs7TO+vQ0UI6WjsZoEGPhJb8pN9LdUpUS0g6QRSCxHTDykEy4b2bmVqlf44bbTDBl0HzbmQXPkHKympQb6otIUy5m61Iy0XNjrCDyJw=
template:
metadata:
creationTimestamp: null
name: flexvolsmb-credentials
namespace: vaultwarden
type: mount/smb

View File

@ -0,0 +1,19 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: vaultwarden
namespace: vaultwarden
spec:
encryptedData:
ADMIN_TOKEN: AgCTXDX4Dan6UyXd8CK4VB5LG6ReeDOD8Pz/9DYMzaDsTOEw5CUXZ09TkNxB89f6yKHcrjpOA0YOSFs3pF532bw643pY5PrK3rVjRNNxTc9OlvHa/+iv/piiKCzowiq2Bv7tCVJ3UUPlaB3DgLTZxRfobqyryi8CE8ybMSGXkGA7X9hqYKbu2izFOLcQPFbUEqBkqQoh4Di94D6CO+aTuBo3irOypmOa3RG/ELk6DVYsRZG1FLBitI554pRfcxCnO2loQsSSKX5npC1PwpPJCjSgKS1UTC5zqMSLAyXG6RNtnP1zVDM55+Xc/TZ1i0luT5ED6KltigU4ugEuBN7wx/TICzWB9HI9eCaZ33KERMiOx1sn5W4PE3/3qOaLjUJDEW1wbW3j9whm1xMm1Mt5UqwVONUEwoEAg1TMkDGP/1+C230hZ8JNa31f2XfjTgmroApbK9mPEwa020EoqFzBNCznsEv0x3FYkcRhMZ5Cbefc4ZHNZzMpBcEEtoXtGBgRVHaHsi1ftq402w9LNqbBE87JLV55aSy6cyseZL56gqSlu7tRdCr0EDndHn7hE+yT1EwYudmfW1B4AaHSw+FcI5l6IeR1UNkNSKg5h0d+p2kEdXdO1w5mpa7XXiu8bob5xJPiz0siD/WjhjZbMXzdWs8D7y7gJlaCIx8NW7+wirEZEtef8Hd0Cd/GiZ8mU/ODAVENPir/mwlT/5a04TaFzKCrXgIrwSzagMw632C9olWUHfDZKsJMBkCDeR7LDwfIIos=
YUBICO_CLIENT_ID: AgCTwkK6e5gMpl9yquaCDadFTlBa8LqWGOaadEqG8801+z66LiUptoPKxl7+j22Zg44w4kdcv/HAIEzjkVvOs+iC5PhGLO389GcpPaNvwuqxcKqraU2CSNbANByB+vFyy1zO1NgmE68PMC2/siZIF/NP58j6Ca6JJTzy9Pm+m2/YhqdlnBdlGopzpbIf9PSpNaZUQSowpySBtlWOVcVNxRgOCbkLxYnb3Ykq3+gYFcbSi3HWVAz3Kb4LbypqOV0Kt8kkf6Jy5kjQAIowuooVyUZI4ZKWpgGwvseJBfEqjhoNkaR6UduL6gnwfNcA8e09q+HsbnLOsLOVAFxrPRxcOOKy4UNi1q66K4bXIR+kN4auvKIzJIW4oJUzKqNpHZ5RPFaLrfEOQEL/H37hd4KpqRPHP3fPw/DKlXWLYlYpzR4tSab9csw9o/lkfN5sQQXPIIUuYdAURLlLI/kX2rnbkHx8HhjveeIW9qQx0bkcJN5lOUwyhCt4pXmNXUyVP1ydqRZ2SBtAbfxIZGdTEnFGEAk6H5cw6i7RCFfgfWp9MUbIWmmjwK4RQe3dVs000+6gTUVfYBOa755GMdR0ODxRcghfT8+e/NpXHbn1Dhuc5kcc1oRbGGOdu/F22b5j6tCdrbdLbUUsxugpzxidohVBRhrDfTETB1HkZM9LrlN5EXElfsEKhRTr0XP9O+rtkaraedOOj935Zg==
YUBICO_SECRET_KEY: AgAsQmn/4Z9C/Edo6UEnTSdJ2X55vf+aPt7vzattekf48Xc9fXZ9uN7B/3rA1Dg9HhuBWVQc8SaN3sJqRP0c4tzl5zYUZqgf9ZXZ53ZkXRI2yqcud8bCyHsbvJKXerOHpkkTjLyZjuj6f5I5rBQr12PYejcqGir+wdV7fgzJ//ArTLXlevWsrpA5amzYjqk59rCsw6BxIkFev1vux7Xes1/ODB8Hr40bhq5h0eeIwmK/d8xI0LSn79qP6S1SnWWyMAJ49Lnp90kBPBDzSftjT47KHaZBuVq5gol7Fk0Pb1pI0XipSy5S+hKkAMDcRuUVMY42y64J5Zvc938NU0zwv7ITyl8J+FIeMknLqy30p5a6j0F6/O0a+zTw+uXZzg2a68YnSCgclAp4mCF1C+Q8rnTVGNETwefsbXQtLUvyqJJ0l893u+TcE0Wr5WJsOimfRU2r2KSg6H89/pulm6wNkerbl7xireJCMP+syxw7qntRueLtmUkZ7E9tJnKWCLjr6jxasm51RLZO3DUAPyMs2CB5G1iLCHvkwpU9MW+tf43DOQ+IX1MC893OQugeXW+tAKtqcF5oaIXVt56383CnalKUdCyddy67YQ7hpuA1L14varLRf3VhSpNtGdzZshhmbFx2Msd4gtwW+3xB9ODbKtiI3pHBA8NnlFJ8mTo6SI31VfBc7N/IGlu+yqOLy371culfG5QvXleQv4bD2namOSM8+84SlfewxQTxFWVV
template:
metadata:
creationTimestamp: null
labels:
app: vaultwarden
name: vaultwarden
namespace: vaultwarden
type: Opaque

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
ports:
- protocol: TCP
name: ui
port: 8080
- protocol: TCP
name: websocket
port: 3012
selector:
app: vaultwarden

View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: vaultwarden
namespace: vaultwarden
labels:
app: vaultwarden