TrueChartsClone/charts/enterprise/vaultwarden/values.yaml

image:
  repository: docker.io/vaultwarden/server
  pullPolicy: IfNotPresent
  tag: 1.30.1@sha256:ab9fe547277245533a28d8e0a0c4a1e1120daf469f983fd683fc13556927d4fe
manifestManager:
  enabled: true
service:
  main:
    ports:
      main:
        port: 10102
        targetPort: 8080
workload:
  main:
    podSpec:
      containers:
        main:
          env:
            DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
            DATABASE_URL:
              secretKeyRef:
                name: cnpg-main-urls
                key: std
          envFrom:
            - configMapRef:
                name: vaultwardenconfig
            - secretRef:
                name: vaultwardensecret
database:
  # -- Database type,
  # must be one of: 'sqlite', 'mysql' or 'postgresql'.
  type: postgresql
  # -- Enable DB Write-Ahead-Log for SQLite,
  # disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
  wal: true
  ## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
  # url: ""
  ## Set the size of the database connection pool.
  # maxConnections: 10
  ## Connection retries during startup, 0 for infinite. 1 second between retries.
  # retries: 15
# Set Bitwarden_rs application variables
vaultwarden:
  # -- Allow any user to sign-up
  # see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
  allowSignups: true
  ## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
  # signupDomains:
  #  - domain.tld
  # -- Verify e-mail before login is enabled.
  # SMTP must be enabled.
  verifySignup: false
  # When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
  requireEmail: false
  ## Maximum attempts before an email token is reset and a new email will need to be sent.
  # emailAttempts: 3
  ## Email token validity in seconds.
  # emailTokenExpiration: 600
  # Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
  allowInvitation: true
  # Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
  ## Default organization name in invitation e-mails that are not coming from a specific organization.
  # defaultInviteName: ""
  showPasswordHint: true
  # Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
  enableWebVault: true
  # Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
  orgCreationUsers: all
  ## Limit attachment disk usage per organization.
  # attachmentLimitOrg:
  ## Limit attachment disk usage per user.
  # attachmentLimitUser:
  ## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
  # hibpApiKey:

  admin:
    # Enable admin portal.
    enabled: false
    # Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
    disableAdminToken: false
    ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
    # token:
  # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
  smtp:
    enabled: false
    # SMTP hostname, required if SMTP is enabled.
    host: ""
    # SMTP sender e-mail address, required if SMTP is enabled.
    from: ""
    ## SMTP sender name, defaults to 'Bitwarden_RS'.
    # fromName: ""
    ## Enable SSL connection.
    # security: starttls
    ## SMTP port. Defaults to 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL.
    # port: 587
    ## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
    # authMechanism: Plain
    ## Hostname to be sent for SMTP HELO. Defaults to pod name.
    # heloName: ""
    ## SMTP timeout.
    # timeout: 15
    ## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
    # invalidHostname: false
    ## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
    # invalidCertificate: false
    ## SMTP username.
    # user: ""
    ## SMTP password. Required is user is specified, ignored if no user provided.
    # password: ""
  ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
  yubico:
    enabled: false
    ## Yubico server. Defaults to YubiCloud.
    # server:
    ## Yubico ID and Secret Key.
    # clientId:
    # secretKey:
  ## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host
  push:
    enabled: false
    # installationId:
    # installationKey:
  ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
  log:
    # Log to file.
    file: ""
    # Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
    level: "trace"
    ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
    # timeFormat: ""
  icons:
    # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
    disableDownload: false
    ## Cache time-to-live for icons fetched. 0 means no purging.
    # cache: 2592000
    ## Cache time-to-live for icons that were not available. 0 means no purging.
    # cacheFailed: 259200
persistence:
  data:
    enabled: true
    mountPath: "/data"
cnpg:
  main:
    enabled: true
    user: vaultwarden
    database: vaultwarden
portal:
  open:
    enabled: true
ingress:
  main:
    required: true