Reset git history for making manifests public

This commit is contained in:
2026-06-01 10:30:39 +02:00
commit c75a08ddde
398 changed files with 41799 additions and 0 deletions

View File

@@ -0,0 +1,46 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vaultwarden-route
namespace: vaultwarden
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: gateway-internal
namespace: envoy-gateway
sectionName: vaultwarden
hostnames:
- "vault.jsme.be"
rules:
- matches:
- path:
type: PathPrefix
value: /
filters:
- type: RequestHeaderModifier
requestHeaderModifier:
set:
- name: X-Forwarded-Host
value: "vault.jsme.be"
- name: X-Forwarded-Proto
value: https
- type: ResponseHeaderModifier
responseHeaderModifier:
set:
- name: Strict-Transport-Security
value: "max-age=31536000; includeSubDomains"
- name: X-Content-Type-Options
value: nosniff
- name: X-Frame-Options
value: SAMEORIGIN
- name: Referrer-Policy
value: strict-origin-when-cross-origin
- name: Permissions-Policy
value: "camera=(), microphone=(), geolocation=(), payment=()"
backendRefs:
- name: vaultwarden
port: 80
kind: Service
group: ""
weight: 1

View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: vaultwarden

View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-data
namespace: vaultwarden
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 5Gi

View File

@@ -0,0 +1,120 @@
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
selector:
app: vaultwarden
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
serviceName: vaultwarden
replicas: 1
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
containers:
- name: vaultwarden
image: vaultwarden/server:1.35.6-alpine
ports:
- name: http
containerPort: 80
env:
- name: DOMAIN
value: "https://vault.jsme.be"
- name: SIGNUPS_ALLOWED
value: "false"
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: admin_token
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: smtp_host
- name: SMTP_FROM
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: smtp_from
- name: SMTP_PORT
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: smtp_port
- name: SSO_ENABLED
value: "true"
- name: SSO_AUTHORITY
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: sso_authority
- name: SSO_CLIENT_ID
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: sso_client_id
- name: SSO_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: sso_client_secret
- name: SSO_SCOPES
value: "email profile offline_access"
- name: SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION
value: "false"
- name: SSO_CLIENT_CACHE_EXPIRATION
value: "0"
- name: SSO_ONLY
value: "true"
- name: SSO_SIGNUPS_MATCH_EMAIL
value: "true"
- name: SMTP_SECURITY
value: "starttls"
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: smtp_username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: vaultwarden-secrets
key: smtp_password
volumeMounts:
- name: vaultwarden-data
mountPath: /data
livenessProbe:
httpGet:
path: /alive
port: 80
initialDelaySeconds: 15
periodSeconds: 30
failureThreshold: 3
readinessProbe:
httpGet:
path: /alive
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3
volumes:
- name: vaultwarden-data
persistentVolumeClaim:
claimName: vaultwarden-data