temporarily remove vaultwarden and fireflyiii

This commit is contained in:
kjeld Schouten-Lebbing 2021-08-31 19:50:59 +02:00
parent 1d57893b56
commit 11a8f2e08d
No known key found for this signature in database
GPG Key ID: 4CDAD4A532BC1EDB
92 changed files with 0 additions and 10458 deletions

View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

View File

@ -1,9 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.2
- name: postgresql
repository: https://truecharts.org/
version: 1.5.7
digest: sha256:5fe2dff8cc01322db4829246b0d78df216641773fea323979c66719cbf02a172
generated: "2021-08-31T16:44:30.632251331Z"

View File

@ -1,30 +0,0 @@
apiVersion: v2
appVersion: auto
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.2
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 1.5.7
deprecated: false
description: A free and open source personal finance manager
home: https://github.com/firefly-iii/firefly-iii/
icon: https://www.firefly-iii.org/assets/logo/color.png
keywords:
- fireflyiii
- finacial
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: truecharts.org
- email: 20650065+warllo54@users.noreply.github.com
name: warllo54
url: truecharts.org
name: fireflyiii
sources:
- https://github.com/firefly-iii/firefly-iii/
type: application
version: 6.0.11

View File

@ -1,38 +0,0 @@
# Introduction
A free and open source personal finance manager
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/firefly-iii/firefly-iii/>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org/ | common | 6.12.1 |
| https://truecharts.org/ | postgresql | 1.5.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -1,4 +0,0 @@
A free and open source personal finance manager
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
A free and open source personal finance manager

View File

@ -1,50 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| env.APP_KEY | string | `"AGcfkCUS233ZWmBXztYbdyCs2u7kkz55"` | |
| env.DB_CONNECTION | string | `"pgsql"` | |
| env.DB_DATABASE | string | `"firefly"` | |
| env.DB_PORT | int | `5432` | |
| env.DB_USERNAME | string | `"firefly"` | |
| envValueFrom.DB_HOST.secretKeyRef.key | string | `"postgresql_host"` | |
| envValueFrom.DB_HOST.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| envValueFrom.DB_PASSWORD.secretKeyRef.key | string | `"postgresql-password"` | |
| envValueFrom.DB_PASSWORD.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"fireflyiii/core"` | |
| image.tag | string | `"version-5.5.12"` | |
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/var/www/html/storage/upload"` | |
| persistence.data.size | string | `"100Gi"` | |
| persistence.data.type | string | `"pvc"` | |
| podSecurityContext.fsGroup | int | `0` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsNonRoot | bool | `false` | |
| podSecurityContext.runAsUser | int | `0` | |
| postgresql.enabled | bool | `true` | |
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
| postgresql.postgresqlDatabase | string | `"firefly"` | |
| postgresql.postgresqlUsername | string | `"firefly"` | |
| probes.liveness.path | string | `"/login"` | |
| probes.readiness.path | string | `"/login"` | |
| probes.startup.path | string | `"/login"` | |
| service.main.ports.main.port | int | `8080` | |
| service.tcp.enabled | bool | `true` | |
| service.tcp.ports.tcp.enabled | bool | `true` | |
| service.tcp.ports.tcp.port | int | `51080` | |
| service.tcp.ports.tcp.protocol | string | `"TCP"` | |
| service.tcp.type | string | `"ClusterIP"` | |
| strategy.type | string | `"Recreate"` | |
All Rights Reserved - The TrueCharts Project

View File

@ -1,54 +0,0 @@
##
# This file contains Values.yaml content that gets added to the output of questions.yaml
# It's ONLY meant for content that the user is NOT expected to change.
# Example: Everything under "image" is not included in questions.yaml but is included here.
##
image:
repository: fireflyiii/core
pullPolicy: IfNotPresent
tag: version-5.5.12
probes:
liveness:
path: "/login"
readiness:
path: "/login"
startup:
path: "/login"
env:
DB_USERNAME: fireflyiii
DB_DATABASE: fireflyiii
DB_CONNECTION: pgsql
DB_PORT: 5432
envValueFrom:
DB_HOST:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql_host
DB_PASSWORD:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql-password
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: fireflyiii
postgresqlDatabase: fireflyiii
existingSecret: "{{ .Release.Name }}-dbcreds"
persistence:
db:
storageClass: "SCALE-ZFS"
dbbackups:
storageClass: "SCALE-ZFS"
##
# Most other defaults are set in questions.yaml
# For other options please refer to the wiki, default_values.yaml or the common library chart
##

File diff suppressed because it is too large Load Diff

View File

@ -1,24 +0,0 @@
{{/* Define the secrets */}}
{{- define "fireflyiii.secrets" -}}
---
apiVersion: v1
kind: Secret
metadata:
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
name: {{ $dbcredsname }}
data:
{{- if .Release.IsInstall }}
postgresql-password: {{ randAlphaNum 50 | b64enc | quote }}
postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }}
{{ else }}
# `index` function is necessary because the property name contains a dash.
# Otherwise (...).data.db_password would have worked too.
postgresql-password: {{ index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-password" }}
postgresql-postgres-password: {{ index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" }}
{{ end }}
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
postgresql_host: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }}
type: Opaque
{{- end -}}

View File

@ -1,8 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.values.setup" . }}
{{/* Render the templates */}}
{{ include "common.all" . }}
{{/* Render secrets for fireflyiii */}}
{{- include "fireflyiii.secrets" . }}

View File

@ -1,72 +0,0 @@
# Default values for fireflyIII.
image:
repository: fireflyiii/core
pullPolicy: IfNotPresent
tag: version-5.5.12
strategy:
type: Recreate
podSecurityContext:
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
fsGroup: 0
service:
main:
ports:
main:
port: 8080
tcp:
enabled: true
type: ClusterIP
ports:
tcp:
enabled: true
port: 51080
protocol: TCP
probes:
liveness:
path: "/login"
readiness:
path: "/login"
startup:
path: "/login"
env:
DB_USERNAME: firefly
DB_DATABASE: firefly
DB_CONNECTION: pgsql
DB_PORT: 5432
APP_KEY: AGcfkCUS233ZWmBXztYbdyCs2u7kkz55
envValueFrom:
DB_HOST:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql_host
DB_PASSWORD:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql-password
persistence:
data:
enabled: true
mountPath: "/var/www/html/storage/upload"
type: pvc
accessMode: ReadWriteOnce
size: "100Gi"
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: firefly
postgresqlDatabase: firefly
existingSecret: "{{ .Release.Name }}-dbcreds"

View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

View File

@ -1,9 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.2
- name: postgresql
repository: https://truecharts.org/
version: 1.5.7
digest: sha256:5fe2dff8cc01322db4829246b0d78df216641773fea323979c66719cbf02a172
generated: "2021-08-31T17:14:01.625021121Z"

View File

@ -1,30 +0,0 @@
apiVersion: v2
appVersion: auto
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.2
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 1.5.7
deprecated: false
description: A free and open source personal finance manager
home: https://github.com/firefly-iii/firefly-iii/
icon: https://www.firefly-iii.org/assets/logo/color.png
keywords:
- fireflyiii
- finacial
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: truecharts.org
- email: 20650065+warllo54@users.noreply.github.com
name: warllo54
url: truecharts.org
name: fireflyiii
sources:
- https://github.com/firefly-iii/firefly-iii/
type: application
version: 6.0.12

View File

@ -1,38 +0,0 @@
# Introduction
A free and open source personal finance manager
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/firefly-iii/firefly-iii/>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org/ | common | 6.12.1 |
| https://truecharts.org/ | postgresql | 1.5.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -1,4 +0,0 @@
A free and open source personal finance manager
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
A free and open source personal finance manager

View File

@ -1,50 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| env.APP_KEY | string | `"AGcfkCUS233ZWmBXztYbdyCs2u7kkz55"` | |
| env.DB_CONNECTION | string | `"pgsql"` | |
| env.DB_DATABASE | string | `"firefly"` | |
| env.DB_PORT | int | `5432` | |
| env.DB_USERNAME | string | `"firefly"` | |
| envValueFrom.DB_HOST.secretKeyRef.key | string | `"postgresql_host"` | |
| envValueFrom.DB_HOST.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| envValueFrom.DB_PASSWORD.secretKeyRef.key | string | `"postgresql-password"` | |
| envValueFrom.DB_PASSWORD.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"fireflyiii/core"` | |
| image.tag | string | `"version-5.5.12"` | |
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/var/www/html/storage/upload"` | |
| persistence.data.size | string | `"100Gi"` | |
| persistence.data.type | string | `"pvc"` | |
| podSecurityContext.fsGroup | int | `0` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsNonRoot | bool | `false` | |
| podSecurityContext.runAsUser | int | `0` | |
| postgresql.enabled | bool | `true` | |
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
| postgresql.postgresqlDatabase | string | `"firefly"` | |
| postgresql.postgresqlUsername | string | `"firefly"` | |
| probes.liveness.path | string | `"/login"` | |
| probes.readiness.path | string | `"/login"` | |
| probes.startup.path | string | `"/login"` | |
| service.main.ports.main.port | int | `8080` | |
| service.tcp.enabled | bool | `true` | |
| service.tcp.ports.tcp.enabled | bool | `true` | |
| service.tcp.ports.tcp.port | int | `51080` | |
| service.tcp.ports.tcp.protocol | string | `"TCP"` | |
| service.tcp.type | string | `"ClusterIP"` | |
| strategy.type | string | `"Recreate"` | |
All Rights Reserved - The TrueCharts Project

View File

@ -1,54 +0,0 @@
##
# This file contains Values.yaml content that gets added to the output of questions.yaml
# It's ONLY meant for content that the user is NOT expected to change.
# Example: Everything under "image" is not included in questions.yaml but is included here.
##
image:
repository: fireflyiii/core
pullPolicy: IfNotPresent
tag: version-5.5.12
probes:
liveness:
path: "/login"
readiness:
path: "/login"
startup:
path: "/login"
env:
DB_USERNAME: fireflyiii
DB_DATABASE: fireflyiii
DB_CONNECTION: pgsql
DB_PORT: 5432
envValueFrom:
DB_HOST:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql_host
DB_PASSWORD:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql-password
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: fireflyiii
postgresqlDatabase: fireflyiii
existingSecret: "{{ .Release.Name }}-dbcreds"
persistence:
db:
storageClass: "SCALE-ZFS"
dbbackups:
storageClass: "SCALE-ZFS"
##
# Most other defaults are set in questions.yaml
# For other options please refer to the wiki, default_values.yaml or the common library chart
##

File diff suppressed because it is too large Load Diff

View File

@ -1,33 +0,0 @@
{{/* Define the secrets */}}
{{- define "fireflyiii.secrets" -}}
---
apiVersion: v1
kind: Secret
metadata:
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
name: {{ $dbcredsname }}
data:
{{- $dbPass := "" }}
{{ $rootPass := "" }}
{{ $urlPass := "" }}
{{- if .Release.IsInstall }}
{{ $dbPass = ( randAlphaNum 50 | b64enc | quote ) }}
{{ $rootPass = ( randAlphaNum 50 | b64enc | quote ) }}
{{ $urlPass = $dbPass }}
{{ else }}
# `index` function is necessary because the property name contains a dash.
# Otherwise (...).data.db_password would have worked too.
{{ $dbPass = ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) }}
{{ $rootPass = ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) }}
{{ $urlPass = ( ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) | b64dec | quote ) }}
{{ end }}
postgresql-password: {{ $dbPass }}
postgresql-postgres-password: {{ $rootPass }}
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $urlPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
postgresql_host: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }}
type: Opaque
{{- end -}}

View File

@ -1,8 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.values.setup" . }}
{{/* Render the templates */}}
{{ include "common.all" . }}
{{/* Render secrets for fireflyiii */}}
{{- include "fireflyiii.secrets" . }}

View File

@ -1,72 +0,0 @@
# Default values for fireflyIII.
image:
repository: fireflyiii/core
pullPolicy: IfNotPresent
tag: version-5.5.12
strategy:
type: Recreate
podSecurityContext:
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
fsGroup: 0
service:
main:
ports:
main:
port: 8080
tcp:
enabled: true
type: ClusterIP
ports:
tcp:
enabled: true
port: 51080
protocol: TCP
probes:
liveness:
path: "/login"
readiness:
path: "/login"
startup:
path: "/login"
env:
DB_USERNAME: firefly
DB_DATABASE: firefly
DB_CONNECTION: pgsql
DB_PORT: 5432
APP_KEY: AGcfkCUS233ZWmBXztYbdyCs2u7kkz55
envValueFrom:
DB_HOST:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql_host
DB_PASSWORD:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql-password
persistence:
data:
enabled: true
mountPath: "/var/www/html/storage/upload"
type: pvc
accessMode: ReadWriteOnce
size: "100Gi"
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: firefly
postgresqlDatabase: firefly
existingSecret: "{{ .Release.Name }}-dbcreds"

View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

View File

@ -1,9 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.1
- name: postgresql
repository: https://truecharts.org/
version: 1.5.2
digest: sha256:e2146847d376235604812695bcf26dba3fff5f2e310f5aaa8bb373bfa9465137
generated: "2021-08-31T14:00:15.416445452Z"

View File

@ -1,30 +0,0 @@
apiVersion: v2
appVersion: auto
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.1
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 1.5.2
deprecated: false
description: A free and open source personal finance manager
home: https://github.com/firefly-iii/firefly-iii/
icon: https://www.firefly-iii.org/assets/logo/color.png
keywords:
- fireflyiii
- finacial
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: truecharts.org
- email: 20650065+warllo54@users.noreply.github.com
name: warllo54
url: truecharts.org
name: fireflyiii
sources:
- https://github.com/firefly-iii/firefly-iii/
type: application
version: 6.0.9

View File

@ -1,38 +0,0 @@
# Introduction
A free and open source personal finance manager
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/firefly-iii/firefly-iii/>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org/ | common | 6.12.1 |
| https://truecharts.org/ | postgresql | 1.5.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -1,4 +0,0 @@
A free and open source personal finance manager
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
A free and open source personal finance manager

View File

@ -1,50 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| env.APP_KEY | string | `"AGcfkCUS233ZWmBXztYbdyCs2u7kkz55"` | |
| env.DB_CONNECTION | string | `"pgsql"` | |
| env.DB_DATABASE | string | `"firefly"` | |
| env.DB_PORT | int | `5432` | |
| env.DB_USERNAME | string | `"firefly"` | |
| envValueFrom.DB_HOST.secretKeyRef.key | string | `"postgresql_host"` | |
| envValueFrom.DB_HOST.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| envValueFrom.DB_PASSWORD.secretKeyRef.key | string | `"postgresql-password"` | |
| envValueFrom.DB_PASSWORD.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"fireflyiii/core"` | |
| image.tag | string | `"version-5.5.12"` | |
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/var/www/html/storage/upload"` | |
| persistence.data.size | string | `"100Gi"` | |
| persistence.data.type | string | `"pvc"` | |
| podSecurityContext.fsGroup | int | `0` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsNonRoot | bool | `false` | |
| podSecurityContext.runAsUser | int | `0` | |
| postgresql.enabled | bool | `true` | |
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
| postgresql.postgresqlDatabase | string | `"firefly"` | |
| postgresql.postgresqlUsername | string | `"firefly"` | |
| probes.liveness.path | string | `"/login"` | |
| probes.readiness.path | string | `"/login"` | |
| probes.startup.path | string | `"/login"` | |
| service.main.ports.main.port | int | `8080` | |
| service.tcp.enabled | bool | `true` | |
| service.tcp.ports.tcp.enabled | bool | `true` | |
| service.tcp.ports.tcp.port | int | `51080` | |
| service.tcp.ports.tcp.protocol | string | `"TCP"` | |
| service.tcp.type | string | `"ClusterIP"` | |
| strategy.type | string | `"Recreate"` | |
All Rights Reserved - The TrueCharts Project

View File

@ -1,54 +0,0 @@
##
# This file contains Values.yaml content that gets added to the output of questions.yaml
# It's ONLY meant for content that the user is NOT expected to change.
# Example: Everything under "image" is not included in questions.yaml but is included here.
##
image:
repository: fireflyiii/core
pullPolicy: IfNotPresent
tag: version-5.5.12
probes:
liveness:
path: "/login"
readiness:
path: "/login"
startup:
path: "/login"
env:
DB_USERNAME: fireflyiii
DB_DATABASE: fireflyiii
DB_CONNECTION: pgsql
DB_PORT: 5432
envValueFrom:
DB_HOST:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql_host
DB_PASSWORD:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql-password
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: fireflyiii
postgresqlDatabase: fireflyiii
existingSecret: "{{ .Release.Name }}-dbcreds"
persistence:
db:
storageClass: "SCALE-ZFS"
dbbackups:
storageClass: "SCALE-ZFS"
##
# Most other defaults are set in questions.yaml
# For other options please refer to the wiki, default_values.yaml or the common library chart
##

File diff suppressed because it is too large Load Diff

View File

@ -1,25 +0,0 @@
{{/* Define the secrets */}}
{{- define "fireflyiii.secrets" -}}
---
apiVersion: v1
kind: Secret
metadata:
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
name: {{ $dbcredsname }}
{{- $previous := lookup "v1" "Secret" .Release.Namespace $dbcredsname }}
{{- $dbPass := "" }}
data:
{{- if $previous }}
postgresql-password: {{ ( index $previous.data "postgresql-password" ) }}
postgresql-postgres-password: {{ ( index $previous.data "postgresql-postgres-password" ) }}
{{- else }}
{{- $dbPass = randAlphaNum 50 }}
postgresql-password: {{ $dbPass | b64enc | quote }}
postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }}
{{- end }}
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
postgresql_host: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }}
type: Opaque
{{- end -}}

View File

@ -1,8 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.values.setup" . }}
{{/* Render the templates */}}
{{ include "common.all" . }}
{{/* Render secrets for fireflyiii */}}
{{- include "fireflyiii.secrets" . }}

View File

@ -1,72 +0,0 @@
# Default values for fireflyIII.
image:
repository: fireflyiii/core
pullPolicy: IfNotPresent
tag: version-5.5.12
strategy:
type: Recreate
podSecurityContext:
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
fsGroup: 0
service:
main:
ports:
main:
port: 8080
tcp:
enabled: true
type: ClusterIP
ports:
tcp:
enabled: true
port: 51080
protocol: TCP
probes:
liveness:
path: "/login"
readiness:
path: "/login"
startup:
path: "/login"
env:
DB_USERNAME: firefly
DB_DATABASE: firefly
DB_CONNECTION: pgsql
DB_PORT: 5432
APP_KEY: AGcfkCUS233ZWmBXztYbdyCs2u7kkz55
envValueFrom:
DB_HOST:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql_host
DB_PASSWORD:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: postgresql-password
persistence:
data:
enabled: true
mountPath: "/var/www/html/storage/upload"
type: pvc
accessMode: ReadWriteOnce
size: "100Gi"
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: firefly
postgresqlDatabase: firefly
existingSecret: "{{ .Release.Name }}-dbcreds"

View File

@ -1,3 +0,0 @@
categories:
- finacial
icon_url: https://www.firefly-iii.org/assets/logo/color.png

View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

View File

@ -1,9 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.2
- name: postgresql
repository: https://truecharts.org/
version: 1.5.7
digest: sha256:5fe2dff8cc01322db4829246b0d78df216641773fea323979c66719cbf02a172
generated: "2021-08-31T16:48:53.817353144Z"

View File

@ -1,34 +0,0 @@
apiVersion: v2
appVersion: auto
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.2
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 1.5.7
deprecated: false
description: Unofficial Bitwarden compatible server written in Rust
home: https://github.com/truecharts/apps/tree/master/charts/stable/vaultwarden
icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png
keywords:
- bitwarden
- bitwardenrs
- bitwarden_rs
- vaultwarden
- password
- rust
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: truecharts.org
- email: kjeld@schouten-lebbing.nl
name: Ornias1993
url: truecharts.org
name: vaultwarden
sources:
- https://github.com/dani-garcia/vaultwarden
type: application
version: 5.0.11

View File

@ -1,38 +0,0 @@
# Introduction
Unofficial Bitwarden compatible server written in Rust
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/dani-garcia/vaultwarden>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org/ | common | 6.12.1 |
| https://truecharts.org/ | postgresql | 1.5.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -1,4 +0,0 @@
Unofficial Bitwarden compatible server written in Rust
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
Unofficial Bitwarden compatible server written in Rust

View File

@ -1,56 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| database.type | string | `"postgresql"` | |
| database.wal | bool | `true` | |
| env | object | `{}` | |
| envFrom[0].configMapRef.name | string | `"{{ .Release.Name }}-vaultwardenconfig"` | |
| envFrom[1].secretRef.name | string | `"{{ .Release.Name }}-vaultwardensecret"` | |
| envTpl.DOMAIN | string | `"https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"` | |
| envValueFrom.DATABASE_URL.secretKeyRef.key | string | `"url"` | |
| envValueFrom.DATABASE_URL.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"vaultwarden/server"` | |
| image.tag | string | `"1.22.2"` | |
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/data"` | |
| persistence.data.size | string | `"100Gi"` | |
| persistence.data.type | string | `"pvc"` | |
| postgresql.enabled | bool | `true` | |
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
| postgresql.postgresqlDatabase | string | `"vaultwarden"` | |
| postgresql.postgresqlUsername | string | `"vaultwarden"` | |
| service.main.ports.main.port | int | `8080` | |
| service.ws.ports.ws.enabled | bool | `true` | |
| service.ws.ports.ws.port | int | `3012` | |
| strategy.type | string | `"Recreate"` | |
| vaultwarden.admin.disableAdminToken | bool | `false` | |
| vaultwarden.admin.enabled | bool | `false` | |
| vaultwarden.allowInvitation | bool | `true` | |
| vaultwarden.allowSignups | bool | `true` | |
| vaultwarden.enableWebVault | bool | `true` | |
| vaultwarden.enableWebsockets | bool | `true` | |
| vaultwarden.icons.disableDownload | bool | `false` | |
| vaultwarden.log.file | string | `""` | |
| vaultwarden.log.level | string | `"trace"` | |
| vaultwarden.orgCreationUsers | string | `"all"` | |
| vaultwarden.requireEmail | bool | `false` | |
| vaultwarden.showPasswordHint | bool | `true` | |
| vaultwarden.smtp.enabled | bool | `false` | |
| vaultwarden.smtp.from | string | `""` | |
| vaultwarden.smtp.host | string | `""` | |
| vaultwarden.verifySignup | bool | `false` | |
| vaultwarden.yubico.enabled | bool | `false` | |
All Rights Reserved - The TrueCharts Project

View File

@ -1,55 +0,0 @@
##
# This file contains Values.yaml content that gets added to the output of questions.yaml
# It's ONLY meant for content that the user is NOT expected to change.
# Example: Everything under "image" is not included in questions.yaml but is included here.
##
image:
repository: vaultwarden/server
pullPolicy: IfNotPresent
tag: 1.22.2
envTpl:
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
envFrom:
- configMapRef:
name: "{{ .Release.Name }}-vaultwardenconfig"
- secretRef:
name: "{{ .Release.Name }}-vaultwardensecret"
envValueFrom:
DATABASE_URL:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: url
database:
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
type: postgresql
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
wal: false
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
# url: ""
## Set the size of the database connection pool.
# maxConnections: 10
## Connection retries during startup, 0 for infinite. 1 second between retries.
retries: 30
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: vaultwarden
postgresqlDatabase: vaultwarden
existingSecret: "{{ .Release.Name }}-dbcreds"
persistence:
db:
storageClass: "SCALE-ZFS"
dbbackups:
storageClass: "SCALE-ZFS"
##
# Most other defaults are set in questions.yaml
# For other options please refer to the wiki, default_values.yaml or the common library chart
##

File diff suppressed because it is too large Load Diff

View File

@ -1,116 +0,0 @@
{{/* Define the configmap */}}
{{- define "vaultwarden.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-vaultwardenconfig
data:
ROCKET_PORT: "8080"
SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }}
{{- if .Values.vaultwarden.signupDomains }}
SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }}
{{- end }}
{{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }}
{{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}}
REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }}
{{- if .Values.vaultwarden.emailAttempts }}
EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }}
{{- end }}
{{- if .Values.vaultwarden.emailTokenExpiration }}
EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }}
{{- end }}
INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }}
{{- if .Values.vaultwarden.defaultInviteName }}
INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }}
{{- end }}
SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }}
WEBSOCKET_ENABLED: {{ .Values.vaultwarden.enableWebsockets | quote }}
WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }}
ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }}
{{- if .Values.vaultwarden.attachmentLimitOrg }}
ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }}
{{- end }}
{{- if .Values.vaultwarden.attachmentLimitUser }}
USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }}
{{- end }}
{{- if .Values.vaultwarden.hibpApiKey }}
HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }}
{{- end }}
{{- include "vaultwarden.dbTypeValid" . }}
{{- if .Values.database.retries }}
DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }}
{{- end }}
{{- if .Values.database.maxConnections }}
DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
{{- end }}
{{- if eq .Values.vaultwarden.smtp.enabled true }}
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }}
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }}
{{- if .Values.vaultwarden.smtp.fromName }}
SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.ssl }}
SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.port }}
SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.authMechanism }}
SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.heloName }}
HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.timeout }}
SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.invalidHostname }}
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.invalidCertificate }}
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }}
{{- end }}
{{- end }}
{{- if .Values.vaultwarden.log.file }}
LOG_FILE: {{ .Values.vaultwarden.log.file | quote }}
{{- end }}
{{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }}
EXTENDED_LOGGING: "true"
{{- end }}
{{- if .Values.vaultwarden.log.level }}
{{- include "vaultwarden.logLevelValid" . }}
LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }}
{{- end }}
{{- if .Values.vaultwarden.log.timeFormat }}
LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }}
{{- end }}
{{- if .Values.vaultwarden.icons.disableDownload }}
DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }}
{{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }}
ICON_CACHE_TTL: "0"
{{- end }}
{{- end }}
{{- if .Values.vaultwarden.icons.cache }}
ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }}
{{- end }}
{{- if .Values.vaultwarden.icons.cacheFailed }}
ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }}
{{- end }}
{{- if eq .Values.vaultwarden.admin.enabled true }}
{{- if eq .Values.vaultwarden.admin.disableAdminToken true }}
DISABLE_ADMIN_TOKEN: "true"
{{- end }}
{{- end }}
{{- if eq .Values.vaultwarden.yubico.enabled true }}
{{- if .Values.vaultwarden.yubico.server }}
YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }}
{{- end }}
{{- end }}
{{- if eq .Values.database.type "sqlite" }}
ENABLE_DB_WAL: {{ .Values.database.wal | quote }}
{{- else }}
ENABLE_DB_WAL: "false"
{{- end }}
{{- end -}}

View File

@ -1,58 +0,0 @@
{{/* Define the secrets */}}
{{- define "vaultwarden.secrets" -}}
{{- $adminToken := "" }}
{{- if eq .Values.vaultwarden.admin.enabled true }}
{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | b64enc | quote }}
{{- end -}}
{{- $smtpUser := "" }}
{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }}
{{- $smtpUser = .Values.vaultwarden.smtp.user | b64enc | quote }}
{{- end -}}
{{- $yubicoClientId := "" }}
{{- if eq .Values.vaultwarden.yubico.enabled true }}
{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | b64enc | quote }}
{{- end -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-vaultwardensecret
data:
{{- if ne $adminToken "" }}
ADMIN_TOKEN: {{ $adminToken }}
{{- end }}
{{- if ne $smtpUser "" }}
SMTP_USERNAME: {{ $smtpUser }}
SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | b64enc | quote }}
{{- end }}
{{- if ne $yubicoClientId "" }}
YUBICO_CLIENT_ID: {{ $yubicoClientId }}
YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | b64enc | quote }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
labels:
{{- include "common.labels" . | nindent 4 }}
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
name: {{ $dbcredsname }}
data:
{{- if .Release.IsInstall }}
postgresql-password: {{ randAlphaNum 50 | b64enc | quote }}
postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }}
{{ else }}
# `index` function is necessary because the property name contains a dash.
# Otherwise (...).data.db_password would have worked too.
postgresql-password: {{ index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-password" }}
postgresql-postgres-password: {{ index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" }}
{{ end }}
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
type: Opaque
{{- end -}}

View File

@ -1,17 +0,0 @@
{{/*
Ensure valid DB type is select, defaults to SQLite
*/}}
{{- define "vaultwarden.dbTypeValid" -}}
{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }}
{{- required "Invalid database type" nil }}
{{- end -}}
{{- end -}}
{{/*
Ensure log type is valid
*/}}
{{- define "vaultwarden.logLevelValid" -}}
{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }}
{{- required "Invalid log level" nil }}
{{- end }}
{{- end }}

View File

@ -1,11 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.values.setup" . }}
{{/* Render the templates */}}
{{ include "common.all" . }}
{{/* Render configmap for vaultwarden */}}
{{- include "vaultwarden.configmap" . }}
{{/* Render secrets for vaultwarden */}}
{{- include "vaultwarden.secrets" . }}

View File

@ -1,161 +0,0 @@
# Default values for Bitwarden.
image:
repository: vaultwarden/server
pullPolicy: IfNotPresent
tag: 1.22.2
strategy:
type: Recreate
service:
main:
ports:
main:
port: 8080
ws:
ports:
ws:
enabled: true
port: 3012
env: {}
envTpl:
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
envFrom:
- configMapRef:
name: "{{ .Release.Name }}-vaultwardenconfig"
- secretRef:
name: "{{ .Release.Name }}-vaultwardensecret"
envValueFrom:
DATABASE_URL:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: url
database:
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
type: postgresql
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
wal: true
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
# url: ""
## Set the size of the database connection pool.
# maxConnections: 10
## Connection retries during startup, 0 for infinite. 1 second between retries.
# retries: 15
# Set Bitwarden_rs application variables
vaultwarden:
# Allow any user to sign-up: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
allowSignups: true
## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
# signupDomains:
# - domain.tld
# Verify e-mail before login is enabled. SMTP must be enabled.
verifySignup: false
# When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
requireEmail: false
## Maximum attempts before an email token is reset and a new email will need to be sent.
# emailAttempts: 3
## Email token validity in seconds.
# emailTokenExpiration: 600
# Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
allowInvitation: true
# Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
## Default organization name in invitation e-mails that are not coming from a specific organization.
# defaultInviteName: ""
showPasswordHint: true
# Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications
# Redirect HTTP path "/notifications/hub" to port 3012. Ingress/IngressRoute controllers are automatically configured.
enableWebsockets: true
# Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
enableWebVault: true
# Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
orgCreationUsers: all
## Limit attachment disk usage per organization.
# attachmentLimitOrg:
## Limit attachment disk usage per user.
# attachmentLimitUser:
## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
# hibpApiKey:
admin:
# Enable admin portal.
enabled: false
# Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
disableAdminToken: false
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
# token:
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
smtp:
enabled: false
# SMTP hostname, required if SMTP is enabled.
host: ""
# SMTP sender e-mail address, required if SMTP is enabled.
from: ""
## SMTP sender name, defaults to 'Bitwarden_RS'.
# fromName: ""
## Enable SSL connection.
# ssl: true
## SMTP port. Defaults to 25 without SSL, 587 with SSL.
# port: 587
## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
# authMechanism: Plain
## Hostname to be sent for SMTP HELO. Defaults to pod name.
# heloName: ""
## SMTP timeout.
# timeout: 15
## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
# invalidHostname: false
## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
# invalidCertificate: false
## SMTP username.
# user: ""
## SMTP password. Required is user is specified, ignored if no user provided.
# password: ""
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
yubico:
enabled: false
## Yubico server. Defaults to YubiCloud.
# server:
## Yubico ID and Secret Key.
# clientId:
# secretKey:
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
log:
# Log to file.
file: ""
# Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
level: "trace"
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
# timeFormat: ""
icons:
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
disableDownload: false
## Cache time-to-live for icons fetched. 0 means no purging.
# cache: 2592000
## Cache time-to-live for icons that were not available. 0 means no purging.
# cacheFailed: 259200
persistence:
data:
enabled: true
mountPath: "/data"
type: pvc
accessMode: ReadWriteOnce
size: "100Gi"
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: vaultwarden
postgresqlDatabase: vaultwarden
existingSecret: "{{ .Release.Name }}-dbcreds"

View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

View File

@ -1,9 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.2
- name: postgresql
repository: https://truecharts.org/
version: 1.5.7
digest: sha256:5fe2dff8cc01322db4829246b0d78df216641773fea323979c66719cbf02a172
generated: "2021-08-31T17:19:51.677525929Z"

View File

@ -1,34 +0,0 @@
apiVersion: v2
appVersion: auto
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.2
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 1.5.7
deprecated: false
description: Unofficial Bitwarden compatible server written in Rust
home: https://github.com/truecharts/apps/tree/master/charts/stable/vaultwarden
icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png
keywords:
- bitwarden
- bitwardenrs
- bitwarden_rs
- vaultwarden
- password
- rust
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: truecharts.org
- email: kjeld@schouten-lebbing.nl
name: Ornias1993
url: truecharts.org
name: vaultwarden
sources:
- https://github.com/dani-garcia/vaultwarden
type: application
version: 5.0.12

View File

@ -1,38 +0,0 @@
# Introduction
Unofficial Bitwarden compatible server written in Rust
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/dani-garcia/vaultwarden>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org/ | common | 6.12.1 |
| https://truecharts.org/ | postgresql | 1.5.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -1,4 +0,0 @@
Unofficial Bitwarden compatible server written in Rust
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
Unofficial Bitwarden compatible server written in Rust

View File

@ -1,56 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| database.type | string | `"postgresql"` | |
| database.wal | bool | `true` | |
| env | object | `{}` | |
| envFrom[0].configMapRef.name | string | `"{{ .Release.Name }}-vaultwardenconfig"` | |
| envFrom[1].secretRef.name | string | `"{{ .Release.Name }}-vaultwardensecret"` | |
| envTpl.DOMAIN | string | `"https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"` | |
| envValueFrom.DATABASE_URL.secretKeyRef.key | string | `"url"` | |
| envValueFrom.DATABASE_URL.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"vaultwarden/server"` | |
| image.tag | string | `"1.22.2"` | |
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/data"` | |
| persistence.data.size | string | `"100Gi"` | |
| persistence.data.type | string | `"pvc"` | |
| postgresql.enabled | bool | `true` | |
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
| postgresql.postgresqlDatabase | string | `"vaultwarden"` | |
| postgresql.postgresqlUsername | string | `"vaultwarden"` | |
| service.main.ports.main.port | int | `8080` | |
| service.ws.ports.ws.enabled | bool | `true` | |
| service.ws.ports.ws.port | int | `3012` | |
| strategy.type | string | `"Recreate"` | |
| vaultwarden.admin.disableAdminToken | bool | `false` | |
| vaultwarden.admin.enabled | bool | `false` | |
| vaultwarden.allowInvitation | bool | `true` | |
| vaultwarden.allowSignups | bool | `true` | |
| vaultwarden.enableWebVault | bool | `true` | |
| vaultwarden.enableWebsockets | bool | `true` | |
| vaultwarden.icons.disableDownload | bool | `false` | |
| vaultwarden.log.file | string | `""` | |
| vaultwarden.log.level | string | `"trace"` | |
| vaultwarden.orgCreationUsers | string | `"all"` | |
| vaultwarden.requireEmail | bool | `false` | |
| vaultwarden.showPasswordHint | bool | `true` | |
| vaultwarden.smtp.enabled | bool | `false` | |
| vaultwarden.smtp.from | string | `""` | |
| vaultwarden.smtp.host | string | `""` | |
| vaultwarden.verifySignup | bool | `false` | |
| vaultwarden.yubico.enabled | bool | `false` | |
All Rights Reserved - The TrueCharts Project

View File

@ -1,55 +0,0 @@
##
# This file contains Values.yaml content that gets added to the output of questions.yaml
# It's ONLY meant for content that the user is NOT expected to change.
# Example: Everything under "image" is not included in questions.yaml but is included here.
##
image:
repository: vaultwarden/server
pullPolicy: IfNotPresent
tag: 1.22.2
envTpl:
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
envFrom:
- configMapRef:
name: "{{ .Release.Name }}-vaultwardenconfig"
- secretRef:
name: "{{ .Release.Name }}-vaultwardensecret"
envValueFrom:
DATABASE_URL:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: url
database:
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
type: postgresql
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
wal: false
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
# url: ""
## Set the size of the database connection pool.
# maxConnections: 10
## Connection retries during startup, 0 for infinite. 1 second between retries.
retries: 30
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: vaultwarden
postgresqlDatabase: vaultwarden
existingSecret: "{{ .Release.Name }}-dbcreds"
persistence:
db:
storageClass: "SCALE-ZFS"
dbbackups:
storageClass: "SCALE-ZFS"
##
# Most other defaults are set in questions.yaml
# For other options please refer to the wiki, default_values.yaml or the common library chart
##

File diff suppressed because it is too large Load Diff

View File

@ -1,116 +0,0 @@
{{/* Define the configmap */}}
{{- define "vaultwarden.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-vaultwardenconfig
data:
ROCKET_PORT: "8080"
SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }}
{{- if .Values.vaultwarden.signupDomains }}
SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }}
{{- end }}
{{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }}
{{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}}
REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }}
{{- if .Values.vaultwarden.emailAttempts }}
EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }}
{{- end }}
{{- if .Values.vaultwarden.emailTokenExpiration }}
EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }}
{{- end }}
INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }}
{{- if .Values.vaultwarden.defaultInviteName }}
INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }}
{{- end }}
SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }}
WEBSOCKET_ENABLED: {{ .Values.vaultwarden.enableWebsockets | quote }}
WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }}
ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }}
{{- if .Values.vaultwarden.attachmentLimitOrg }}
ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }}
{{- end }}
{{- if .Values.vaultwarden.attachmentLimitUser }}
USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }}
{{- end }}
{{- if .Values.vaultwarden.hibpApiKey }}
HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }}
{{- end }}
{{- include "vaultwarden.dbTypeValid" . }}
{{- if .Values.database.retries }}
DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }}
{{- end }}
{{- if .Values.database.maxConnections }}
DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
{{- end }}
{{- if eq .Values.vaultwarden.smtp.enabled true }}
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }}
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }}
{{- if .Values.vaultwarden.smtp.fromName }}
SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.ssl }}
SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.port }}
SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.authMechanism }}
SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.heloName }}
HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.timeout }}
SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.invalidHostname }}
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.invalidCertificate }}
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }}
{{- end }}
{{- end }}
{{- if .Values.vaultwarden.log.file }}
LOG_FILE: {{ .Values.vaultwarden.log.file | quote }}
{{- end }}
{{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }}
EXTENDED_LOGGING: "true"
{{- end }}
{{- if .Values.vaultwarden.log.level }}
{{- include "vaultwarden.logLevelValid" . }}
LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }}
{{- end }}
{{- if .Values.vaultwarden.log.timeFormat }}
LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }}
{{- end }}
{{- if .Values.vaultwarden.icons.disableDownload }}
DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }}
{{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }}
ICON_CACHE_TTL: "0"
{{- end }}
{{- end }}
{{- if .Values.vaultwarden.icons.cache }}
ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }}
{{- end }}
{{- if .Values.vaultwarden.icons.cacheFailed }}
ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }}
{{- end }}
{{- if eq .Values.vaultwarden.admin.enabled true }}
{{- if eq .Values.vaultwarden.admin.disableAdminToken true }}
DISABLE_ADMIN_TOKEN: "true"
{{- end }}
{{- end }}
{{- if eq .Values.vaultwarden.yubico.enabled true }}
{{- if .Values.vaultwarden.yubico.server }}
YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }}
{{- end }}
{{- end }}
{{- if eq .Values.database.type "sqlite" }}
ENABLE_DB_WAL: {{ .Values.database.wal | quote }}
{{- else }}
ENABLE_DB_WAL: "false"
{{- end }}
{{- end -}}

View File

@ -1,68 +0,0 @@
{{/* Define the secrets */}}
{{- define "vaultwarden.secrets" -}}
{{- $adminToken := "" }}
{{- if eq .Values.vaultwarden.admin.enabled true }}
{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | b64enc | quote }}
{{- end -}}
{{- $smtpUser := "" }}
{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }}
{{- $smtpUser = .Values.vaultwarden.smtp.user | b64enc | quote }}
{{- end -}}
{{- $yubicoClientId := "" }}
{{- if eq .Values.vaultwarden.yubico.enabled true }}
{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | b64enc | quote }}
{{- end -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-vaultwardensecret
data:
{{- if ne $adminToken "" }}
ADMIN_TOKEN: {{ $adminToken }}
{{- end }}
{{- if ne $smtpUser "" }}
SMTP_USERNAME: {{ $smtpUser }}
SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | b64enc | quote }}
{{- end }}
{{- if ne $yubicoClientId "" }}
YUBICO_CLIENT_ID: {{ $yubicoClientId }}
YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | b64enc | quote }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
labels:
{{- include "common.labels" . | nindent 4 }}
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
name: {{ $dbcredsname }}
data:
{{- $dbPass := "" }}
{{ $rootPass := "" }}
{{ $urlPass := "" }}
{{- if .Release.IsInstall }}
{{ $dbPass = ( randAlphaNum 50 | b64enc | quote ) }}
{{ $rootPass = ( randAlphaNum 50 | b64enc | quote ) }}
{{ $urlPass = $dbPass }}
{{ else }}
# `index` function is necessary because the property name contains a dash.
# Otherwise (...).data.db_password would have worked too.
{{ $dbPass = ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) }}
{{ $rootPass = ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) }}
{{ $urlPass = ( ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) | b64dec | quote ) }}
{{ end }}
postgresql-password: {{ $dbPass }}
postgresql-postgres-password: {{ $rootPass }}
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $urlPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
postgresql_host: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }}
type: Opaque
{{- end -}}

View File

@ -1,17 +0,0 @@
{{/*
Ensure valid DB type is select, defaults to SQLite
*/}}
{{- define "vaultwarden.dbTypeValid" -}}
{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }}
{{- required "Invalid database type" nil }}
{{- end -}}
{{- end -}}
{{/*
Ensure log type is valid
*/}}
{{- define "vaultwarden.logLevelValid" -}}
{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }}
{{- required "Invalid log level" nil }}
{{- end }}
{{- end }}

View File

@ -1,11 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.values.setup" . }}
{{/* Render the templates */}}
{{ include "common.all" . }}
{{/* Render configmap for vaultwarden */}}
{{- include "vaultwarden.configmap" . }}
{{/* Render secrets for vaultwarden */}}
{{- include "vaultwarden.secrets" . }}

View File

@ -1,161 +0,0 @@
# Default values for Bitwarden.
image:
repository: vaultwarden/server
pullPolicy: IfNotPresent
tag: 1.22.2
strategy:
type: Recreate
service:
main:
ports:
main:
port: 8080
ws:
ports:
ws:
enabled: true
port: 3012
env: {}
envTpl:
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
envFrom:
- configMapRef:
name: "{{ .Release.Name }}-vaultwardenconfig"
- secretRef:
name: "{{ .Release.Name }}-vaultwardensecret"
envValueFrom:
DATABASE_URL:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: url
database:
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
type: postgresql
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
wal: true
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
# url: ""
## Set the size of the database connection pool.
# maxConnections: 10
## Connection retries during startup, 0 for infinite. 1 second between retries.
# retries: 15
# Set Bitwarden_rs application variables
vaultwarden:
# Allow any user to sign-up: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
allowSignups: true
## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
# signupDomains:
# - domain.tld
# Verify e-mail before login is enabled. SMTP must be enabled.
verifySignup: false
# When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
requireEmail: false
## Maximum attempts before an email token is reset and a new email will need to be sent.
# emailAttempts: 3
## Email token validity in seconds.
# emailTokenExpiration: 600
# Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
allowInvitation: true
# Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
## Default organization name in invitation e-mails that are not coming from a specific organization.
# defaultInviteName: ""
showPasswordHint: true
# Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications
# Redirect HTTP path "/notifications/hub" to port 3012. Ingress/IngressRoute controllers are automatically configured.
enableWebsockets: true
# Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
enableWebVault: true
# Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
orgCreationUsers: all
## Limit attachment disk usage per organization.
# attachmentLimitOrg:
## Limit attachment disk usage per user.
# attachmentLimitUser:
## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
# hibpApiKey:
admin:
# Enable admin portal.
enabled: false
# Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
disableAdminToken: false
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
# token:
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
smtp:
enabled: false
# SMTP hostname, required if SMTP is enabled.
host: ""
# SMTP sender e-mail address, required if SMTP is enabled.
from: ""
## SMTP sender name, defaults to 'Bitwarden_RS'.
# fromName: ""
## Enable SSL connection.
# ssl: true
## SMTP port. Defaults to 25 without SSL, 587 with SSL.
# port: 587
## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
# authMechanism: Plain
## Hostname to be sent for SMTP HELO. Defaults to pod name.
# heloName: ""
## SMTP timeout.
# timeout: 15
## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
# invalidHostname: false
## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
# invalidCertificate: false
## SMTP username.
# user: ""
## SMTP password. Required is user is specified, ignored if no user provided.
# password: ""
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
yubico:
enabled: false
## Yubico server. Defaults to YubiCloud.
# server:
## Yubico ID and Secret Key.
# clientId:
# secretKey:
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
log:
# Log to file.
file: ""
# Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
level: "trace"
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
# timeFormat: ""
icons:
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
disableDownload: false
## Cache time-to-live for icons fetched. 0 means no purging.
# cache: 2592000
## Cache time-to-live for icons that were not available. 0 means no purging.
# cacheFailed: 259200
persistence:
data:
enabled: true
mountPath: "/data"
type: pvc
accessMode: ReadWriteOnce
size: "100Gi"
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: vaultwarden
postgresqlDatabase: vaultwarden
existingSecret: "{{ .Release.Name }}-dbcreds"

View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

View File

@ -1,9 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.1
- name: postgresql
repository: https://truecharts.org/
version: 1.5.2
digest: sha256:e2146847d376235604812695bcf26dba3fff5f2e310f5aaa8bb373bfa9465137
generated: "2021-08-31T14:05:47.554605113Z"

View File

@ -1,34 +0,0 @@
apiVersion: v2
appVersion: auto
dependencies:
- name: common
repository: https://truecharts.org/
version: 6.12.1
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 1.5.2
deprecated: false
description: Unofficial Bitwarden compatible server written in Rust
home: https://github.com/truecharts/apps/tree/master/charts/stable/vaultwarden
icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png
keywords:
- bitwarden
- bitwardenrs
- bitwarden_rs
- vaultwarden
- password
- rust
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: truecharts.org
- email: kjeld@schouten-lebbing.nl
name: Ornias1993
url: truecharts.org
name: vaultwarden
sources:
- https://github.com/dani-garcia/vaultwarden
type: application
version: 5.0.9

View File

@ -1,38 +0,0 @@
# Introduction
Unofficial Bitwarden compatible server written in Rust
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/dani-garcia/vaultwarden>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org/ | common | 6.12.1 |
| https://truecharts.org/ | postgresql | 1.5.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -1,4 +0,0 @@
Unofficial Bitwarden compatible server written in Rust
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
Unofficial Bitwarden compatible server written in Rust

View File

@ -1,56 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| database.type | string | `"postgresql"` | |
| database.wal | bool | `true` | |
| env | object | `{}` | |
| envFrom[0].configMapRef.name | string | `"{{ .Release.Name }}-vaultwardenconfig"` | |
| envFrom[1].secretRef.name | string | `"{{ .Release.Name }}-vaultwardensecret"` | |
| envTpl.DOMAIN | string | `"https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"` | |
| envValueFrom.DATABASE_URL.secretKeyRef.key | string | `"url"` | |
| envValueFrom.DATABASE_URL.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"vaultwarden/server"` | |
| image.tag | string | `"1.22.2"` | |
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/data"` | |
| persistence.data.size | string | `"100Gi"` | |
| persistence.data.type | string | `"pvc"` | |
| postgresql.enabled | bool | `true` | |
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
| postgresql.postgresqlDatabase | string | `"vaultwarden"` | |
| postgresql.postgresqlUsername | string | `"vaultwarden"` | |
| service.main.ports.main.port | int | `8080` | |
| service.ws.ports.ws.enabled | bool | `true` | |
| service.ws.ports.ws.port | int | `3012` | |
| strategy.type | string | `"Recreate"` | |
| vaultwarden.admin.disableAdminToken | bool | `false` | |
| vaultwarden.admin.enabled | bool | `false` | |
| vaultwarden.allowInvitation | bool | `true` | |
| vaultwarden.allowSignups | bool | `true` | |
| vaultwarden.enableWebVault | bool | `true` | |
| vaultwarden.enableWebsockets | bool | `true` | |
| vaultwarden.icons.disableDownload | bool | `false` | |
| vaultwarden.log.file | string | `""` | |
| vaultwarden.log.level | string | `"trace"` | |
| vaultwarden.orgCreationUsers | string | `"all"` | |
| vaultwarden.requireEmail | bool | `false` | |
| vaultwarden.showPasswordHint | bool | `true` | |
| vaultwarden.smtp.enabled | bool | `false` | |
| vaultwarden.smtp.from | string | `""` | |
| vaultwarden.smtp.host | string | `""` | |
| vaultwarden.verifySignup | bool | `false` | |
| vaultwarden.yubico.enabled | bool | `false` | |
All Rights Reserved - The TrueCharts Project

View File

@ -1,55 +0,0 @@
##
# This file contains Values.yaml content that gets added to the output of questions.yaml
# It's ONLY meant for content that the user is NOT expected to change.
# Example: Everything under "image" is not included in questions.yaml but is included here.
##
image:
repository: vaultwarden/server
pullPolicy: IfNotPresent
tag: 1.22.2
envTpl:
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
envFrom:
- configMapRef:
name: "{{ .Release.Name }}-vaultwardenconfig"
- secretRef:
name: "{{ .Release.Name }}-vaultwardensecret"
envValueFrom:
DATABASE_URL:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: url
database:
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
type: postgresql
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
wal: false
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
# url: ""
## Set the size of the database connection pool.
# maxConnections: 10
## Connection retries during startup, 0 for infinite. 1 second between retries.
retries: 30
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: vaultwarden
postgresqlDatabase: vaultwarden
existingSecret: "{{ .Release.Name }}-dbcreds"
persistence:
db:
storageClass: "SCALE-ZFS"
dbbackups:
storageClass: "SCALE-ZFS"
##
# Most other defaults are set in questions.yaml
# For other options please refer to the wiki, default_values.yaml or the common library chart
##

File diff suppressed because it is too large Load Diff

View File

@ -1,116 +0,0 @@
{{/* Define the configmap */}}
{{- define "vaultwarden.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-vaultwardenconfig
data:
ROCKET_PORT: "8080"
SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }}
{{- if .Values.vaultwarden.signupDomains }}
SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }}
{{- end }}
{{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }}
{{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}}
REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }}
{{- if .Values.vaultwarden.emailAttempts }}
EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }}
{{- end }}
{{- if .Values.vaultwarden.emailTokenExpiration }}
EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }}
{{- end }}
INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }}
{{- if .Values.vaultwarden.defaultInviteName }}
INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }}
{{- end }}
SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }}
WEBSOCKET_ENABLED: {{ .Values.vaultwarden.enableWebsockets | quote }}
WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }}
ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }}
{{- if .Values.vaultwarden.attachmentLimitOrg }}
ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }}
{{- end }}
{{- if .Values.vaultwarden.attachmentLimitUser }}
USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }}
{{- end }}
{{- if .Values.vaultwarden.hibpApiKey }}
HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }}
{{- end }}
{{- include "vaultwarden.dbTypeValid" . }}
{{- if .Values.database.retries }}
DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }}
{{- end }}
{{- if .Values.database.maxConnections }}
DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
{{- end }}
{{- if eq .Values.vaultwarden.smtp.enabled true }}
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }}
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }}
{{- if .Values.vaultwarden.smtp.fromName }}
SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.ssl }}
SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.port }}
SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.authMechanism }}
SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.heloName }}
HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.timeout }}
SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.invalidHostname }}
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }}
{{- end }}
{{- if .Values.vaultwarden.smtp.invalidCertificate }}
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }}
{{- end }}
{{- end }}
{{- if .Values.vaultwarden.log.file }}
LOG_FILE: {{ .Values.vaultwarden.log.file | quote }}
{{- end }}
{{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }}
EXTENDED_LOGGING: "true"
{{- end }}
{{- if .Values.vaultwarden.log.level }}
{{- include "vaultwarden.logLevelValid" . }}
LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }}
{{- end }}
{{- if .Values.vaultwarden.log.timeFormat }}
LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }}
{{- end }}
{{- if .Values.vaultwarden.icons.disableDownload }}
DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }}
{{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }}
ICON_CACHE_TTL: "0"
{{- end }}
{{- end }}
{{- if .Values.vaultwarden.icons.cache }}
ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }}
{{- end }}
{{- if .Values.vaultwarden.icons.cacheFailed }}
ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }}
{{- end }}
{{- if eq .Values.vaultwarden.admin.enabled true }}
{{- if eq .Values.vaultwarden.admin.disableAdminToken true }}
DISABLE_ADMIN_TOKEN: "true"
{{- end }}
{{- end }}
{{- if eq .Values.vaultwarden.yubico.enabled true }}
{{- if .Values.vaultwarden.yubico.server }}
YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }}
{{- end }}
{{- end }}
{{- if eq .Values.database.type "sqlite" }}
ENABLE_DB_WAL: {{ .Values.database.wal | quote }}
{{- else }}
ENABLE_DB_WAL: "false"
{{- end }}
{{- end -}}

View File

@ -1,59 +0,0 @@
{{/* Define the secrets */}}
{{- define "vaultwarden.secrets" -}}
{{- $adminToken := "" }}
{{- if eq .Values.vaultwarden.admin.enabled true }}
{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | b64enc | quote }}
{{- end -}}
{{- $smtpUser := "" }}
{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }}
{{- $smtpUser = .Values.vaultwarden.smtp.user | b64enc | quote }}
{{- end -}}
{{- $yubicoClientId := "" }}
{{- if eq .Values.vaultwarden.yubico.enabled true }}
{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | b64enc | quote }}
{{- end -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-vaultwardensecret
data:
{{- if ne $adminToken "" }}
ADMIN_TOKEN: {{ $adminToken }}
{{- end }}
{{- if ne $smtpUser "" }}
SMTP_USERNAME: {{ $smtpUser }}
SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | b64enc | quote }}
{{- end }}
{{- if ne $yubicoClientId "" }}
YUBICO_CLIENT_ID: {{ $yubicoClientId }}
YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | b64enc | quote }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
labels:
{{- include "common.labels" . | nindent 4 }}
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
name: {{ $dbcredsname }}
{{- $previous := lookup "v1" "Secret" .Release.Namespace $dbcredsname }}
{{- $dbPass := "" }}
data:
{{- if $previous }}
postgresql-password: {{ ( index $previous.data "postgresql-password" ) }}
postgresql-postgres-password: {{ ( index $previous.data "postgresql-postgres-password" ) }}
{{- else }}
{{- $dbPass = randAlphaNum 50 }}
postgresql-password: {{ $dbPass | b64enc | quote }}
postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }}
{{- end }}
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
type: Opaque
{{- end -}}

View File

@ -1,17 +0,0 @@
{{/*
Ensure valid DB type is select, defaults to SQLite
*/}}
{{- define "vaultwarden.dbTypeValid" -}}
{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }}
{{- required "Invalid database type" nil }}
{{- end -}}
{{- end -}}
{{/*
Ensure log type is valid
*/}}
{{- define "vaultwarden.logLevelValid" -}}
{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }}
{{- required "Invalid log level" nil }}
{{- end }}
{{- end }}

View File

@ -1,11 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.values.setup" . }}
{{/* Render the templates */}}
{{ include "common.all" . }}
{{/* Render configmap for vaultwarden */}}
{{- include "vaultwarden.configmap" . }}
{{/* Render secrets for vaultwarden */}}
{{- include "vaultwarden.secrets" . }}

View File

@ -1,161 +0,0 @@
# Default values for Bitwarden.
image:
repository: vaultwarden/server
pullPolicy: IfNotPresent
tag: 1.22.2
strategy:
type: Recreate
service:
main:
ports:
main:
port: 8080
ws:
ports:
ws:
enabled: true
port: 3012
env: {}
envTpl:
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
envFrom:
- configMapRef:
name: "{{ .Release.Name }}-vaultwardenconfig"
- secretRef:
name: "{{ .Release.Name }}-vaultwardensecret"
envValueFrom:
DATABASE_URL:
secretKeyRef:
name: "{{ .Release.Name }}-dbcreds"
key: url
database:
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
type: postgresql
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
wal: true
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
# url: ""
## Set the size of the database connection pool.
# maxConnections: 10
## Connection retries during startup, 0 for infinite. 1 second between retries.
# retries: 15
# Set Bitwarden_rs application variables
vaultwarden:
# Allow any user to sign-up: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
allowSignups: true
## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
# signupDomains:
# - domain.tld
# Verify e-mail before login is enabled. SMTP must be enabled.
verifySignup: false
# When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
requireEmail: false
## Maximum attempts before an email token is reset and a new email will need to be sent.
# emailAttempts: 3
## Email token validity in seconds.
# emailTokenExpiration: 600
# Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
allowInvitation: true
# Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
## Default organization name in invitation e-mails that are not coming from a specific organization.
# defaultInviteName: ""
showPasswordHint: true
# Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications
# Redirect HTTP path "/notifications/hub" to port 3012. Ingress/IngressRoute controllers are automatically configured.
enableWebsockets: true
# Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
enableWebVault: true
# Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
orgCreationUsers: all
## Limit attachment disk usage per organization.
# attachmentLimitOrg:
## Limit attachment disk usage per user.
# attachmentLimitUser:
## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
# hibpApiKey:
admin:
# Enable admin portal.
enabled: false
# Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
disableAdminToken: false
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
# token:
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
smtp:
enabled: false
# SMTP hostname, required if SMTP is enabled.
host: ""
# SMTP sender e-mail address, required if SMTP is enabled.
from: ""
## SMTP sender name, defaults to 'Bitwarden_RS'.
# fromName: ""
## Enable SSL connection.
# ssl: true
## SMTP port. Defaults to 25 without SSL, 587 with SSL.
# port: 587
## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
# authMechanism: Plain
## Hostname to be sent for SMTP HELO. Defaults to pod name.
# heloName: ""
## SMTP timeout.
# timeout: 15
## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
# invalidHostname: false
## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
# invalidCertificate: false
## SMTP username.
# user: ""
## SMTP password. Required is user is specified, ignored if no user provided.
# password: ""
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
yubico:
enabled: false
## Yubico server. Defaults to YubiCloud.
# server:
## Yubico ID and Secret Key.
# clientId:
# secretKey:
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
log:
# Log to file.
file: ""
# Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
level: "trace"
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
# timeFormat: ""
icons:
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
disableDownload: false
## Cache time-to-live for icons fetched. 0 means no purging.
# cache: 2592000
## Cache time-to-live for icons that were not available. 0 means no purging.
# cacheFailed: 259200
persistence:
data:
enabled: true
mountPath: "/data"
type: pvc
accessMode: ReadWriteOnce
size: "100Gi"
# Enabled postgres
postgresql:
enabled: true
postgresqlUsername: vaultwarden
postgresqlDatabase: vaultwarden
existingSecret: "{{ .Release.Name }}-dbcreds"

View File

@ -1,3 +0,0 @@
categories:
- security
icon_url: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png