temporarily remove vaultwarden and fireflyiii
This commit is contained in:
parent
1d57893b56
commit
11a8f2e08d
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,9 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.2
|
||||
- name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.7
|
||||
digest: sha256:5fe2dff8cc01322db4829246b0d78df216641773fea323979c66719cbf02a172
|
||||
generated: "2021-08-31T16:44:30.632251331Z"
|
|
@ -1,30 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: auto
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.7
|
||||
deprecated: false
|
||||
description: A free and open source personal finance manager
|
||||
home: https://github.com/firefly-iii/firefly-iii/
|
||||
icon: https://www.firefly-iii.org/assets/logo/color.png
|
||||
keywords:
|
||||
- fireflyiii
|
||||
- finacial
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: truecharts.org
|
||||
- email: 20650065+warllo54@users.noreply.github.com
|
||||
name: warllo54
|
||||
url: truecharts.org
|
||||
name: fireflyiii
|
||||
sources:
|
||||
- https://github.com/firefly-iii/firefly-iii/
|
||||
type: application
|
||||
version: 6.0.11
|
|
@ -1,38 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
A free and open source personal finance manager
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/firefly-iii/firefly-iii/>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org/ | common | 6.12.1 |
|
||||
| https://truecharts.org/ | postgresql | 1.5.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,4 +0,0 @@
|
|||
A free and open source personal finance manager
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
||||
A free and open source personal finance manager
|
Binary file not shown.
Binary file not shown.
|
@ -1,50 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| env.APP_KEY | string | `"AGcfkCUS233ZWmBXztYbdyCs2u7kkz55"` | |
|
||||
| env.DB_CONNECTION | string | `"pgsql"` | |
|
||||
| env.DB_DATABASE | string | `"firefly"` | |
|
||||
| env.DB_PORT | int | `5432` | |
|
||||
| env.DB_USERNAME | string | `"firefly"` | |
|
||||
| envValueFrom.DB_HOST.secretKeyRef.key | string | `"postgresql_host"` | |
|
||||
| envValueFrom.DB_HOST.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| envValueFrom.DB_PASSWORD.secretKeyRef.key | string | `"postgresql-password"` | |
|
||||
| envValueFrom.DB_PASSWORD.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"fireflyiii/core"` | |
|
||||
| image.tag | string | `"version-5.5.12"` | |
|
||||
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
|
||||
| persistence.data.enabled | bool | `true` | |
|
||||
| persistence.data.mountPath | string | `"/var/www/html/storage/upload"` | |
|
||||
| persistence.data.size | string | `"100Gi"` | |
|
||||
| persistence.data.type | string | `"pvc"` | |
|
||||
| podSecurityContext.fsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsNonRoot | bool | `false` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| postgresql.enabled | bool | `true` | |
|
||||
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| postgresql.postgresqlDatabase | string | `"firefly"` | |
|
||||
| postgresql.postgresqlUsername | string | `"firefly"` | |
|
||||
| probes.liveness.path | string | `"/login"` | |
|
||||
| probes.readiness.path | string | `"/login"` | |
|
||||
| probes.startup.path | string | `"/login"` | |
|
||||
| service.main.ports.main.port | int | `8080` | |
|
||||
| service.tcp.enabled | bool | `true` | |
|
||||
| service.tcp.ports.tcp.enabled | bool | `true` | |
|
||||
| service.tcp.ports.tcp.port | int | `51080` | |
|
||||
| service.tcp.ports.tcp.protocol | string | `"TCP"` | |
|
||||
| service.tcp.type | string | `"ClusterIP"` | |
|
||||
| strategy.type | string | `"Recreate"` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,54 +0,0 @@
|
|||
##
|
||||
# This file contains Values.yaml content that gets added to the output of questions.yaml
|
||||
# It's ONLY meant for content that the user is NOT expected to change.
|
||||
# Example: Everything under "image" is not included in questions.yaml but is included here.
|
||||
##
|
||||
|
||||
image:
|
||||
repository: fireflyiii/core
|
||||
pullPolicy: IfNotPresent
|
||||
tag: version-5.5.12
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: "/login"
|
||||
|
||||
readiness:
|
||||
path: "/login"
|
||||
|
||||
startup:
|
||||
path: "/login"
|
||||
|
||||
env:
|
||||
DB_USERNAME: fireflyiii
|
||||
DB_DATABASE: fireflyiii
|
||||
DB_CONNECTION: pgsql
|
||||
DB_PORT: 5432
|
||||
|
||||
envValueFrom:
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql_host
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql-password
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: fireflyiii
|
||||
postgresqlDatabase: fireflyiii
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
||||
persistence:
|
||||
db:
|
||||
storageClass: "SCALE-ZFS"
|
||||
dbbackups:
|
||||
storageClass: "SCALE-ZFS"
|
||||
|
||||
|
||||
##
|
||||
# Most other defaults are set in questions.yaml
|
||||
# For other options please refer to the wiki, default_values.yaml or the common library chart
|
||||
##
|
File diff suppressed because it is too large
Load Diff
|
@ -1,24 +0,0 @@
|
|||
{{/* Define the secrets */}}
|
||||
{{- define "fireflyiii.secrets" -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
|
||||
name: {{ $dbcredsname }}
|
||||
data:
|
||||
{{- if .Release.IsInstall }}
|
||||
postgresql-password: {{ randAlphaNum 50 | b64enc | quote }}
|
||||
postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }}
|
||||
{{ else }}
|
||||
# `index` function is necessary because the property name contains a dash.
|
||||
# Otherwise (...).data.db_password would have worked too.
|
||||
postgresql-password: {{ index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-password" }}
|
||||
postgresql-postgres-password: {{ index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" }}
|
||||
{{ end }}
|
||||
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
|
||||
postgresql_host: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }}
|
||||
type: Opaque
|
||||
|
||||
{{- end -}}
|
|
@ -1,8 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.values.setup" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.all" . }}
|
||||
|
||||
{{/* Render secrets for fireflyiii */}}
|
||||
{{- include "fireflyiii.secrets" . }}
|
|
@ -1,72 +0,0 @@
|
|||
# Default values for fireflyIII.
|
||||
|
||||
image:
|
||||
repository: fireflyiii/core
|
||||
pullPolicy: IfNotPresent
|
||||
tag: version-5.5.12
|
||||
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
||||
podSecurityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 8080
|
||||
tcp:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
tcp:
|
||||
enabled: true
|
||||
port: 51080
|
||||
protocol: TCP
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: "/login"
|
||||
|
||||
readiness:
|
||||
path: "/login"
|
||||
|
||||
startup:
|
||||
path: "/login"
|
||||
|
||||
env:
|
||||
DB_USERNAME: firefly
|
||||
DB_DATABASE: firefly
|
||||
DB_CONNECTION: pgsql
|
||||
DB_PORT: 5432
|
||||
APP_KEY: AGcfkCUS233ZWmBXztYbdyCs2u7kkz55
|
||||
|
||||
envValueFrom:
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql_host
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql-password
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/var/www/html/storage/upload"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "100Gi"
|
||||
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: firefly
|
||||
postgresqlDatabase: firefly
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,9 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.2
|
||||
- name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.7
|
||||
digest: sha256:5fe2dff8cc01322db4829246b0d78df216641773fea323979c66719cbf02a172
|
||||
generated: "2021-08-31T17:14:01.625021121Z"
|
|
@ -1,30 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: auto
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.7
|
||||
deprecated: false
|
||||
description: A free and open source personal finance manager
|
||||
home: https://github.com/firefly-iii/firefly-iii/
|
||||
icon: https://www.firefly-iii.org/assets/logo/color.png
|
||||
keywords:
|
||||
- fireflyiii
|
||||
- finacial
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: truecharts.org
|
||||
- email: 20650065+warllo54@users.noreply.github.com
|
||||
name: warllo54
|
||||
url: truecharts.org
|
||||
name: fireflyiii
|
||||
sources:
|
||||
- https://github.com/firefly-iii/firefly-iii/
|
||||
type: application
|
||||
version: 6.0.12
|
|
@ -1,38 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
A free and open source personal finance manager
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/firefly-iii/firefly-iii/>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org/ | common | 6.12.1 |
|
||||
| https://truecharts.org/ | postgresql | 1.5.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,4 +0,0 @@
|
|||
A free and open source personal finance manager
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
||||
A free and open source personal finance manager
|
Binary file not shown.
Binary file not shown.
|
@ -1,50 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| env.APP_KEY | string | `"AGcfkCUS233ZWmBXztYbdyCs2u7kkz55"` | |
|
||||
| env.DB_CONNECTION | string | `"pgsql"` | |
|
||||
| env.DB_DATABASE | string | `"firefly"` | |
|
||||
| env.DB_PORT | int | `5432` | |
|
||||
| env.DB_USERNAME | string | `"firefly"` | |
|
||||
| envValueFrom.DB_HOST.secretKeyRef.key | string | `"postgresql_host"` | |
|
||||
| envValueFrom.DB_HOST.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| envValueFrom.DB_PASSWORD.secretKeyRef.key | string | `"postgresql-password"` | |
|
||||
| envValueFrom.DB_PASSWORD.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"fireflyiii/core"` | |
|
||||
| image.tag | string | `"version-5.5.12"` | |
|
||||
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
|
||||
| persistence.data.enabled | bool | `true` | |
|
||||
| persistence.data.mountPath | string | `"/var/www/html/storage/upload"` | |
|
||||
| persistence.data.size | string | `"100Gi"` | |
|
||||
| persistence.data.type | string | `"pvc"` | |
|
||||
| podSecurityContext.fsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsNonRoot | bool | `false` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| postgresql.enabled | bool | `true` | |
|
||||
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| postgresql.postgresqlDatabase | string | `"firefly"` | |
|
||||
| postgresql.postgresqlUsername | string | `"firefly"` | |
|
||||
| probes.liveness.path | string | `"/login"` | |
|
||||
| probes.readiness.path | string | `"/login"` | |
|
||||
| probes.startup.path | string | `"/login"` | |
|
||||
| service.main.ports.main.port | int | `8080` | |
|
||||
| service.tcp.enabled | bool | `true` | |
|
||||
| service.tcp.ports.tcp.enabled | bool | `true` | |
|
||||
| service.tcp.ports.tcp.port | int | `51080` | |
|
||||
| service.tcp.ports.tcp.protocol | string | `"TCP"` | |
|
||||
| service.tcp.type | string | `"ClusterIP"` | |
|
||||
| strategy.type | string | `"Recreate"` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,54 +0,0 @@
|
|||
##
|
||||
# This file contains Values.yaml content that gets added to the output of questions.yaml
|
||||
# It's ONLY meant for content that the user is NOT expected to change.
|
||||
# Example: Everything under "image" is not included in questions.yaml but is included here.
|
||||
##
|
||||
|
||||
image:
|
||||
repository: fireflyiii/core
|
||||
pullPolicy: IfNotPresent
|
||||
tag: version-5.5.12
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: "/login"
|
||||
|
||||
readiness:
|
||||
path: "/login"
|
||||
|
||||
startup:
|
||||
path: "/login"
|
||||
|
||||
env:
|
||||
DB_USERNAME: fireflyiii
|
||||
DB_DATABASE: fireflyiii
|
||||
DB_CONNECTION: pgsql
|
||||
DB_PORT: 5432
|
||||
|
||||
envValueFrom:
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql_host
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql-password
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: fireflyiii
|
||||
postgresqlDatabase: fireflyiii
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
||||
persistence:
|
||||
db:
|
||||
storageClass: "SCALE-ZFS"
|
||||
dbbackups:
|
||||
storageClass: "SCALE-ZFS"
|
||||
|
||||
|
||||
##
|
||||
# Most other defaults are set in questions.yaml
|
||||
# For other options please refer to the wiki, default_values.yaml or the common library chart
|
||||
##
|
File diff suppressed because it is too large
Load Diff
|
@ -1,33 +0,0 @@
|
|||
{{/* Define the secrets */}}
|
||||
{{- define "fireflyiii.secrets" -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
|
||||
name: {{ $dbcredsname }}
|
||||
data:
|
||||
{{- $dbPass := "" }}
|
||||
{{ $rootPass := "" }}
|
||||
{{ $urlPass := "" }}
|
||||
|
||||
{{- if .Release.IsInstall }}
|
||||
{{ $dbPass = ( randAlphaNum 50 | b64enc | quote ) }}
|
||||
{{ $rootPass = ( randAlphaNum 50 | b64enc | quote ) }}
|
||||
{{ $urlPass = $dbPass }}
|
||||
{{ else }}
|
||||
# `index` function is necessary because the property name contains a dash.
|
||||
# Otherwise (...).data.db_password would have worked too.
|
||||
{{ $dbPass = ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) }}
|
||||
{{ $rootPass = ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) }}
|
||||
{{ $urlPass = ( ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) | b64dec | quote ) }}
|
||||
{{ end }}
|
||||
|
||||
postgresql-password: {{ $dbPass }}
|
||||
postgresql-postgres-password: {{ $rootPass }}
|
||||
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $urlPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
|
||||
postgresql_host: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }}
|
||||
type: Opaque
|
||||
|
||||
{{- end -}}
|
|
@ -1,8 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.values.setup" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.all" . }}
|
||||
|
||||
{{/* Render secrets for fireflyiii */}}
|
||||
{{- include "fireflyiii.secrets" . }}
|
|
@ -1,72 +0,0 @@
|
|||
# Default values for fireflyIII.
|
||||
|
||||
image:
|
||||
repository: fireflyiii/core
|
||||
pullPolicy: IfNotPresent
|
||||
tag: version-5.5.12
|
||||
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
||||
podSecurityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 8080
|
||||
tcp:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
tcp:
|
||||
enabled: true
|
||||
port: 51080
|
||||
protocol: TCP
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: "/login"
|
||||
|
||||
readiness:
|
||||
path: "/login"
|
||||
|
||||
startup:
|
||||
path: "/login"
|
||||
|
||||
env:
|
||||
DB_USERNAME: firefly
|
||||
DB_DATABASE: firefly
|
||||
DB_CONNECTION: pgsql
|
||||
DB_PORT: 5432
|
||||
APP_KEY: AGcfkCUS233ZWmBXztYbdyCs2u7kkz55
|
||||
|
||||
envValueFrom:
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql_host
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql-password
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/var/www/html/storage/upload"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "100Gi"
|
||||
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: firefly
|
||||
postgresqlDatabase: firefly
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,9 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.1
|
||||
- name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.2
|
||||
digest: sha256:e2146847d376235604812695bcf26dba3fff5f2e310f5aaa8bb373bfa9465137
|
||||
generated: "2021-08-31T14:00:15.416445452Z"
|
|
@ -1,30 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: auto
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.1
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.2
|
||||
deprecated: false
|
||||
description: A free and open source personal finance manager
|
||||
home: https://github.com/firefly-iii/firefly-iii/
|
||||
icon: https://www.firefly-iii.org/assets/logo/color.png
|
||||
keywords:
|
||||
- fireflyiii
|
||||
- finacial
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: truecharts.org
|
||||
- email: 20650065+warllo54@users.noreply.github.com
|
||||
name: warllo54
|
||||
url: truecharts.org
|
||||
name: fireflyiii
|
||||
sources:
|
||||
- https://github.com/firefly-iii/firefly-iii/
|
||||
type: application
|
||||
version: 6.0.9
|
|
@ -1,38 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
A free and open source personal finance manager
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/firefly-iii/firefly-iii/>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org/ | common | 6.12.1 |
|
||||
| https://truecharts.org/ | postgresql | 1.5.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,4 +0,0 @@
|
|||
A free and open source personal finance manager
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
||||
A free and open source personal finance manager
|
Binary file not shown.
Binary file not shown.
|
@ -1,50 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| env.APP_KEY | string | `"AGcfkCUS233ZWmBXztYbdyCs2u7kkz55"` | |
|
||||
| env.DB_CONNECTION | string | `"pgsql"` | |
|
||||
| env.DB_DATABASE | string | `"firefly"` | |
|
||||
| env.DB_PORT | int | `5432` | |
|
||||
| env.DB_USERNAME | string | `"firefly"` | |
|
||||
| envValueFrom.DB_HOST.secretKeyRef.key | string | `"postgresql_host"` | |
|
||||
| envValueFrom.DB_HOST.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| envValueFrom.DB_PASSWORD.secretKeyRef.key | string | `"postgresql-password"` | |
|
||||
| envValueFrom.DB_PASSWORD.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"fireflyiii/core"` | |
|
||||
| image.tag | string | `"version-5.5.12"` | |
|
||||
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
|
||||
| persistence.data.enabled | bool | `true` | |
|
||||
| persistence.data.mountPath | string | `"/var/www/html/storage/upload"` | |
|
||||
| persistence.data.size | string | `"100Gi"` | |
|
||||
| persistence.data.type | string | `"pvc"` | |
|
||||
| podSecurityContext.fsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsNonRoot | bool | `false` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| postgresql.enabled | bool | `true` | |
|
||||
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| postgresql.postgresqlDatabase | string | `"firefly"` | |
|
||||
| postgresql.postgresqlUsername | string | `"firefly"` | |
|
||||
| probes.liveness.path | string | `"/login"` | |
|
||||
| probes.readiness.path | string | `"/login"` | |
|
||||
| probes.startup.path | string | `"/login"` | |
|
||||
| service.main.ports.main.port | int | `8080` | |
|
||||
| service.tcp.enabled | bool | `true` | |
|
||||
| service.tcp.ports.tcp.enabled | bool | `true` | |
|
||||
| service.tcp.ports.tcp.port | int | `51080` | |
|
||||
| service.tcp.ports.tcp.protocol | string | `"TCP"` | |
|
||||
| service.tcp.type | string | `"ClusterIP"` | |
|
||||
| strategy.type | string | `"Recreate"` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,54 +0,0 @@
|
|||
##
|
||||
# This file contains Values.yaml content that gets added to the output of questions.yaml
|
||||
# It's ONLY meant for content that the user is NOT expected to change.
|
||||
# Example: Everything under "image" is not included in questions.yaml but is included here.
|
||||
##
|
||||
|
||||
image:
|
||||
repository: fireflyiii/core
|
||||
pullPolicy: IfNotPresent
|
||||
tag: version-5.5.12
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: "/login"
|
||||
|
||||
readiness:
|
||||
path: "/login"
|
||||
|
||||
startup:
|
||||
path: "/login"
|
||||
|
||||
env:
|
||||
DB_USERNAME: fireflyiii
|
||||
DB_DATABASE: fireflyiii
|
||||
DB_CONNECTION: pgsql
|
||||
DB_PORT: 5432
|
||||
|
||||
envValueFrom:
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql_host
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql-password
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: fireflyiii
|
||||
postgresqlDatabase: fireflyiii
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
||||
persistence:
|
||||
db:
|
||||
storageClass: "SCALE-ZFS"
|
||||
dbbackups:
|
||||
storageClass: "SCALE-ZFS"
|
||||
|
||||
|
||||
##
|
||||
# Most other defaults are set in questions.yaml
|
||||
# For other options please refer to the wiki, default_values.yaml or the common library chart
|
||||
##
|
File diff suppressed because it is too large
Load Diff
|
@ -1,25 +0,0 @@
|
|||
{{/* Define the secrets */}}
|
||||
{{- define "fireflyiii.secrets" -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
|
||||
name: {{ $dbcredsname }}
|
||||
{{- $previous := lookup "v1" "Secret" .Release.Namespace $dbcredsname }}
|
||||
{{- $dbPass := "" }}
|
||||
data:
|
||||
{{- if $previous }}
|
||||
postgresql-password: {{ ( index $previous.data "postgresql-password" ) }}
|
||||
postgresql-postgres-password: {{ ( index $previous.data "postgresql-postgres-password" ) }}
|
||||
{{- else }}
|
||||
{{- $dbPass = randAlphaNum 50 }}
|
||||
postgresql-password: {{ $dbPass | b64enc | quote }}
|
||||
postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }}
|
||||
{{- end }}
|
||||
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
|
||||
postgresql_host: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }}
|
||||
type: Opaque
|
||||
|
||||
{{- end -}}
|
|
@ -1,8 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.values.setup" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.all" . }}
|
||||
|
||||
{{/* Render secrets for fireflyiii */}}
|
||||
{{- include "fireflyiii.secrets" . }}
|
|
@ -1,72 +0,0 @@
|
|||
# Default values for fireflyIII.
|
||||
|
||||
image:
|
||||
repository: fireflyiii/core
|
||||
pullPolicy: IfNotPresent
|
||||
tag: version-5.5.12
|
||||
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
||||
podSecurityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 8080
|
||||
tcp:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
tcp:
|
||||
enabled: true
|
||||
port: 51080
|
||||
protocol: TCP
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: "/login"
|
||||
|
||||
readiness:
|
||||
path: "/login"
|
||||
|
||||
startup:
|
||||
path: "/login"
|
||||
|
||||
env:
|
||||
DB_USERNAME: firefly
|
||||
DB_DATABASE: firefly
|
||||
DB_CONNECTION: pgsql
|
||||
DB_PORT: 5432
|
||||
APP_KEY: AGcfkCUS233ZWmBXztYbdyCs2u7kkz55
|
||||
|
||||
envValueFrom:
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql_host
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: postgresql-password
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/var/www/html/storage/upload"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "100Gi"
|
||||
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: firefly
|
||||
postgresqlDatabase: firefly
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
|
@ -1,3 +0,0 @@
|
|||
categories:
|
||||
- finacial
|
||||
icon_url: https://www.firefly-iii.org/assets/logo/color.png
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,9 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.2
|
||||
- name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.7
|
||||
digest: sha256:5fe2dff8cc01322db4829246b0d78df216641773fea323979c66719cbf02a172
|
||||
generated: "2021-08-31T16:48:53.817353144Z"
|
|
@ -1,34 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: auto
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.7
|
||||
deprecated: false
|
||||
description: Unofficial Bitwarden compatible server written in Rust
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/vaultwarden
|
||||
icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png
|
||||
keywords:
|
||||
- bitwarden
|
||||
- bitwardenrs
|
||||
- bitwarden_rs
|
||||
- vaultwarden
|
||||
- password
|
||||
- rust
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: truecharts.org
|
||||
- email: kjeld@schouten-lebbing.nl
|
||||
name: Ornias1993
|
||||
url: truecharts.org
|
||||
name: vaultwarden
|
||||
sources:
|
||||
- https://github.com/dani-garcia/vaultwarden
|
||||
type: application
|
||||
version: 5.0.11
|
|
@ -1,38 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
Unofficial Bitwarden compatible server written in Rust
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/dani-garcia/vaultwarden>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org/ | common | 6.12.1 |
|
||||
| https://truecharts.org/ | postgresql | 1.5.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,4 +0,0 @@
|
|||
Unofficial Bitwarden compatible server written in Rust
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
||||
Unofficial Bitwarden compatible server written in Rust
|
Binary file not shown.
Binary file not shown.
|
@ -1,56 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| database.type | string | `"postgresql"` | |
|
||||
| database.wal | bool | `true` | |
|
||||
| env | object | `{}` | |
|
||||
| envFrom[0].configMapRef.name | string | `"{{ .Release.Name }}-vaultwardenconfig"` | |
|
||||
| envFrom[1].secretRef.name | string | `"{{ .Release.Name }}-vaultwardensecret"` | |
|
||||
| envTpl.DOMAIN | string | `"https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"` | |
|
||||
| envValueFrom.DATABASE_URL.secretKeyRef.key | string | `"url"` | |
|
||||
| envValueFrom.DATABASE_URL.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"vaultwarden/server"` | |
|
||||
| image.tag | string | `"1.22.2"` | |
|
||||
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
|
||||
| persistence.data.enabled | bool | `true` | |
|
||||
| persistence.data.mountPath | string | `"/data"` | |
|
||||
| persistence.data.size | string | `"100Gi"` | |
|
||||
| persistence.data.type | string | `"pvc"` | |
|
||||
| postgresql.enabled | bool | `true` | |
|
||||
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| postgresql.postgresqlDatabase | string | `"vaultwarden"` | |
|
||||
| postgresql.postgresqlUsername | string | `"vaultwarden"` | |
|
||||
| service.main.ports.main.port | int | `8080` | |
|
||||
| service.ws.ports.ws.enabled | bool | `true` | |
|
||||
| service.ws.ports.ws.port | int | `3012` | |
|
||||
| strategy.type | string | `"Recreate"` | |
|
||||
| vaultwarden.admin.disableAdminToken | bool | `false` | |
|
||||
| vaultwarden.admin.enabled | bool | `false` | |
|
||||
| vaultwarden.allowInvitation | bool | `true` | |
|
||||
| vaultwarden.allowSignups | bool | `true` | |
|
||||
| vaultwarden.enableWebVault | bool | `true` | |
|
||||
| vaultwarden.enableWebsockets | bool | `true` | |
|
||||
| vaultwarden.icons.disableDownload | bool | `false` | |
|
||||
| vaultwarden.log.file | string | `""` | |
|
||||
| vaultwarden.log.level | string | `"trace"` | |
|
||||
| vaultwarden.orgCreationUsers | string | `"all"` | |
|
||||
| vaultwarden.requireEmail | bool | `false` | |
|
||||
| vaultwarden.showPasswordHint | bool | `true` | |
|
||||
| vaultwarden.smtp.enabled | bool | `false` | |
|
||||
| vaultwarden.smtp.from | string | `""` | |
|
||||
| vaultwarden.smtp.host | string | `""` | |
|
||||
| vaultwarden.verifySignup | bool | `false` | |
|
||||
| vaultwarden.yubico.enabled | bool | `false` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,55 +0,0 @@
|
|||
##
|
||||
# This file contains Values.yaml content that gets added to the output of questions.yaml
|
||||
# It's ONLY meant for content that the user is NOT expected to change.
|
||||
# Example: Everything under "image" is not included in questions.yaml but is included here.
|
||||
##
|
||||
|
||||
image:
|
||||
repository: vaultwarden/server
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.22.2
|
||||
|
||||
envTpl:
|
||||
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "{{ .Release.Name }}-vaultwardenconfig"
|
||||
- secretRef:
|
||||
name: "{{ .Release.Name }}-vaultwardensecret"
|
||||
|
||||
|
||||
envValueFrom:
|
||||
DATABASE_URL:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: url
|
||||
|
||||
database:
|
||||
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
||||
type: postgresql
|
||||
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
|
||||
wal: false
|
||||
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
|
||||
# url: ""
|
||||
## Set the size of the database connection pool.
|
||||
# maxConnections: 10
|
||||
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
||||
retries: 30
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: vaultwarden
|
||||
postgresqlDatabase: vaultwarden
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
||||
persistence:
|
||||
db:
|
||||
storageClass: "SCALE-ZFS"
|
||||
dbbackups:
|
||||
storageClass: "SCALE-ZFS"
|
||||
|
||||
##
|
||||
# Most other defaults are set in questions.yaml
|
||||
# For other options please refer to the wiki, default_values.yaml or the common library chart
|
||||
##
|
File diff suppressed because it is too large
Load Diff
|
@ -1,116 +0,0 @@
|
|||
{{/* Define the configmap */}}
|
||||
{{- define "vaultwarden.configmap" -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-vaultwardenconfig
|
||||
data:
|
||||
ROCKET_PORT: "8080"
|
||||
SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }}
|
||||
{{- if .Values.vaultwarden.signupDomains }}
|
||||
SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
|
||||
SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }}
|
||||
{{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}}
|
||||
REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }}
|
||||
{{- if .Values.vaultwarden.emailAttempts }}
|
||||
EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.emailTokenExpiration }}
|
||||
EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }}
|
||||
{{- end }}
|
||||
INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }}
|
||||
{{- if .Values.vaultwarden.defaultInviteName }}
|
||||
INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }}
|
||||
{{- end }}
|
||||
SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }}
|
||||
WEBSOCKET_ENABLED: {{ .Values.vaultwarden.enableWebsockets | quote }}
|
||||
WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }}
|
||||
ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }}
|
||||
{{- if .Values.vaultwarden.attachmentLimitOrg }}
|
||||
ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.attachmentLimitUser }}
|
||||
USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.hibpApiKey }}
|
||||
HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }}
|
||||
{{- end }}
|
||||
{{- include "vaultwarden.dbTypeValid" . }}
|
||||
{{- if .Values.database.retries }}
|
||||
DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.database.maxConnections }}
|
||||
DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.smtp.enabled true }}
|
||||
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }}
|
||||
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }}
|
||||
{{- if .Values.vaultwarden.smtp.fromName }}
|
||||
SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.ssl }}
|
||||
SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.port }}
|
||||
SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.authMechanism }}
|
||||
SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.heloName }}
|
||||
HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.timeout }}
|
||||
SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.invalidHostname }}
|
||||
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.invalidCertificate }}
|
||||
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.file }}
|
||||
LOG_FILE: {{ .Values.vaultwarden.log.file | quote }}
|
||||
{{- end }}
|
||||
{{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }}
|
||||
EXTENDED_LOGGING: "true"
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.level }}
|
||||
{{- include "vaultwarden.logLevelValid" . }}
|
||||
LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.timeFormat }}
|
||||
LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.disableDownload }}
|
||||
DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }}
|
||||
{{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }}
|
||||
ICON_CACHE_TTL: "0"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.cache }}
|
||||
ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.cacheFailed }}
|
||||
ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.admin.enabled true }}
|
||||
{{- if eq .Values.vaultwarden.admin.disableAdminToken true }}
|
||||
DISABLE_ADMIN_TOKEN: "true"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.yubico.enabled true }}
|
||||
{{- if .Values.vaultwarden.yubico.server }}
|
||||
YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.database.type "sqlite" }}
|
||||
ENABLE_DB_WAL: {{ .Values.database.wal | quote }}
|
||||
{{- else }}
|
||||
ENABLE_DB_WAL: "false"
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,58 +0,0 @@
|
|||
{{/* Define the secrets */}}
|
||||
{{- define "vaultwarden.secrets" -}}
|
||||
|
||||
{{- $adminToken := "" }}
|
||||
{{- if eq .Values.vaultwarden.admin.enabled true }}
|
||||
{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | b64enc | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $smtpUser := "" }}
|
||||
{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }}
|
||||
{{- $smtpUser = .Values.vaultwarden.smtp.user | b64enc | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $yubicoClientId := "" }}
|
||||
{{- if eq .Values.vaultwarden.yubico.enabled true }}
|
||||
{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | b64enc | quote }}
|
||||
{{- end -}}
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-vaultwardensecret
|
||||
data:
|
||||
{{- if ne $adminToken "" }}
|
||||
ADMIN_TOKEN: {{ $adminToken }}
|
||||
{{- end }}
|
||||
{{- if ne $smtpUser "" }}
|
||||
SMTP_USERNAME: {{ $smtpUser }}
|
||||
SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if ne $yubicoClientId "" }}
|
||||
YUBICO_CLIENT_ID: {{ $yubicoClientId }}
|
||||
YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | b64enc | quote }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
|
||||
name: {{ $dbcredsname }}
|
||||
data:
|
||||
{{- if .Release.IsInstall }}
|
||||
postgresql-password: {{ randAlphaNum 50 | b64enc | quote }}
|
||||
postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }}
|
||||
{{ else }}
|
||||
# `index` function is necessary because the property name contains a dash.
|
||||
# Otherwise (...).data.db_password would have worked too.
|
||||
postgresql-password: {{ index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-password" }}
|
||||
postgresql-postgres-password: {{ index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" }}
|
||||
{{ end }}
|
||||
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
|
||||
type: Opaque
|
||||
{{- end -}}
|
|
@ -1,17 +0,0 @@
|
|||
{{/*
|
||||
Ensure valid DB type is select, defaults to SQLite
|
||||
*/}}
|
||||
{{- define "vaultwarden.dbTypeValid" -}}
|
||||
{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }}
|
||||
{{- required "Invalid database type" nil }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Ensure log type is valid
|
||||
*/}}
|
||||
{{- define "vaultwarden.logLevelValid" -}}
|
||||
{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }}
|
||||
{{- required "Invalid log level" nil }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,11 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.values.setup" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.all" . }}
|
||||
|
||||
{{/* Render configmap for vaultwarden */}}
|
||||
{{- include "vaultwarden.configmap" . }}
|
||||
|
||||
{{/* Render secrets for vaultwarden */}}
|
||||
{{- include "vaultwarden.secrets" . }}
|
|
@ -1,161 +0,0 @@
|
|||
# Default values for Bitwarden.
|
||||
|
||||
image:
|
||||
repository: vaultwarden/server
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.22.2
|
||||
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 8080
|
||||
ws:
|
||||
ports:
|
||||
ws:
|
||||
enabled: true
|
||||
port: 3012
|
||||
|
||||
env: {}
|
||||
|
||||
envTpl:
|
||||
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "{{ .Release.Name }}-vaultwardenconfig"
|
||||
- secretRef:
|
||||
name: "{{ .Release.Name }}-vaultwardensecret"
|
||||
|
||||
envValueFrom:
|
||||
DATABASE_URL:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: url
|
||||
|
||||
database:
|
||||
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
||||
type: postgresql
|
||||
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
|
||||
wal: true
|
||||
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
|
||||
# url: ""
|
||||
## Set the size of the database connection pool.
|
||||
# maxConnections: 10
|
||||
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
||||
# retries: 15
|
||||
|
||||
# Set Bitwarden_rs application variables
|
||||
vaultwarden:
|
||||
# Allow any user to sign-up: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
|
||||
allowSignups: true
|
||||
## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
|
||||
# signupDomains:
|
||||
# - domain.tld
|
||||
# Verify e-mail before login is enabled. SMTP must be enabled.
|
||||
verifySignup: false
|
||||
# When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
|
||||
requireEmail: false
|
||||
## Maximum attempts before an email token is reset and a new email will need to be sent.
|
||||
# emailAttempts: 3
|
||||
## Email token validity in seconds.
|
||||
# emailTokenExpiration: 600
|
||||
# Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
|
||||
allowInvitation: true
|
||||
# Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
|
||||
## Default organization name in invitation e-mails that are not coming from a specific organization.
|
||||
# defaultInviteName: ""
|
||||
showPasswordHint: true
|
||||
# Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications
|
||||
# Redirect HTTP path "/notifications/hub" to port 3012. Ingress/IngressRoute controllers are automatically configured.
|
||||
enableWebsockets: true
|
||||
# Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
|
||||
enableWebVault: true
|
||||
# Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
|
||||
orgCreationUsers: all
|
||||
## Limit attachment disk usage per organization.
|
||||
# attachmentLimitOrg:
|
||||
## Limit attachment disk usage per user.
|
||||
# attachmentLimitUser:
|
||||
## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
|
||||
# hibpApiKey:
|
||||
|
||||
admin:
|
||||
# Enable admin portal.
|
||||
enabled: false
|
||||
# Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
|
||||
disableAdminToken: false
|
||||
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
|
||||
# token:
|
||||
|
||||
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
|
||||
smtp:
|
||||
enabled: false
|
||||
# SMTP hostname, required if SMTP is enabled.
|
||||
host: ""
|
||||
# SMTP sender e-mail address, required if SMTP is enabled.
|
||||
from: ""
|
||||
## SMTP sender name, defaults to 'Bitwarden_RS'.
|
||||
# fromName: ""
|
||||
## Enable SSL connection.
|
||||
# ssl: true
|
||||
## SMTP port. Defaults to 25 without SSL, 587 with SSL.
|
||||
# port: 587
|
||||
## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
|
||||
# authMechanism: Plain
|
||||
## Hostname to be sent for SMTP HELO. Defaults to pod name.
|
||||
# heloName: ""
|
||||
## SMTP timeout.
|
||||
# timeout: 15
|
||||
## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
||||
# invalidHostname: false
|
||||
## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
||||
# invalidCertificate: false
|
||||
## SMTP username.
|
||||
# user: ""
|
||||
## SMTP password. Required is user is specified, ignored if no user provided.
|
||||
# password: ""
|
||||
|
||||
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
|
||||
yubico:
|
||||
enabled: false
|
||||
## Yubico server. Defaults to YubiCloud.
|
||||
# server:
|
||||
## Yubico ID and Secret Key.
|
||||
# clientId:
|
||||
# secretKey:
|
||||
|
||||
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
|
||||
log:
|
||||
# Log to file.
|
||||
file: ""
|
||||
# Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
|
||||
level: "trace"
|
||||
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
|
||||
# timeFormat: ""
|
||||
|
||||
icons:
|
||||
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
|
||||
disableDownload: false
|
||||
## Cache time-to-live for icons fetched. 0 means no purging.
|
||||
# cache: 2592000
|
||||
## Cache time-to-live for icons that were not available. 0 means no purging.
|
||||
# cacheFailed: 259200
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/data"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "100Gi"
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: vaultwarden
|
||||
postgresqlDatabase: vaultwarden
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,9 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.2
|
||||
- name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.7
|
||||
digest: sha256:5fe2dff8cc01322db4829246b0d78df216641773fea323979c66719cbf02a172
|
||||
generated: "2021-08-31T17:19:51.677525929Z"
|
|
@ -1,34 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: auto
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.7
|
||||
deprecated: false
|
||||
description: Unofficial Bitwarden compatible server written in Rust
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/vaultwarden
|
||||
icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png
|
||||
keywords:
|
||||
- bitwarden
|
||||
- bitwardenrs
|
||||
- bitwarden_rs
|
||||
- vaultwarden
|
||||
- password
|
||||
- rust
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: truecharts.org
|
||||
- email: kjeld@schouten-lebbing.nl
|
||||
name: Ornias1993
|
||||
url: truecharts.org
|
||||
name: vaultwarden
|
||||
sources:
|
||||
- https://github.com/dani-garcia/vaultwarden
|
||||
type: application
|
||||
version: 5.0.12
|
|
@ -1,38 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
Unofficial Bitwarden compatible server written in Rust
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/dani-garcia/vaultwarden>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org/ | common | 6.12.1 |
|
||||
| https://truecharts.org/ | postgresql | 1.5.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,4 +0,0 @@
|
|||
Unofficial Bitwarden compatible server written in Rust
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
||||
Unofficial Bitwarden compatible server written in Rust
|
Binary file not shown.
Binary file not shown.
|
@ -1,56 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| database.type | string | `"postgresql"` | |
|
||||
| database.wal | bool | `true` | |
|
||||
| env | object | `{}` | |
|
||||
| envFrom[0].configMapRef.name | string | `"{{ .Release.Name }}-vaultwardenconfig"` | |
|
||||
| envFrom[1].secretRef.name | string | `"{{ .Release.Name }}-vaultwardensecret"` | |
|
||||
| envTpl.DOMAIN | string | `"https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"` | |
|
||||
| envValueFrom.DATABASE_URL.secretKeyRef.key | string | `"url"` | |
|
||||
| envValueFrom.DATABASE_URL.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"vaultwarden/server"` | |
|
||||
| image.tag | string | `"1.22.2"` | |
|
||||
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
|
||||
| persistence.data.enabled | bool | `true` | |
|
||||
| persistence.data.mountPath | string | `"/data"` | |
|
||||
| persistence.data.size | string | `"100Gi"` | |
|
||||
| persistence.data.type | string | `"pvc"` | |
|
||||
| postgresql.enabled | bool | `true` | |
|
||||
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| postgresql.postgresqlDatabase | string | `"vaultwarden"` | |
|
||||
| postgresql.postgresqlUsername | string | `"vaultwarden"` | |
|
||||
| service.main.ports.main.port | int | `8080` | |
|
||||
| service.ws.ports.ws.enabled | bool | `true` | |
|
||||
| service.ws.ports.ws.port | int | `3012` | |
|
||||
| strategy.type | string | `"Recreate"` | |
|
||||
| vaultwarden.admin.disableAdminToken | bool | `false` | |
|
||||
| vaultwarden.admin.enabled | bool | `false` | |
|
||||
| vaultwarden.allowInvitation | bool | `true` | |
|
||||
| vaultwarden.allowSignups | bool | `true` | |
|
||||
| vaultwarden.enableWebVault | bool | `true` | |
|
||||
| vaultwarden.enableWebsockets | bool | `true` | |
|
||||
| vaultwarden.icons.disableDownload | bool | `false` | |
|
||||
| vaultwarden.log.file | string | `""` | |
|
||||
| vaultwarden.log.level | string | `"trace"` | |
|
||||
| vaultwarden.orgCreationUsers | string | `"all"` | |
|
||||
| vaultwarden.requireEmail | bool | `false` | |
|
||||
| vaultwarden.showPasswordHint | bool | `true` | |
|
||||
| vaultwarden.smtp.enabled | bool | `false` | |
|
||||
| vaultwarden.smtp.from | string | `""` | |
|
||||
| vaultwarden.smtp.host | string | `""` | |
|
||||
| vaultwarden.verifySignup | bool | `false` | |
|
||||
| vaultwarden.yubico.enabled | bool | `false` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,55 +0,0 @@
|
|||
##
|
||||
# This file contains Values.yaml content that gets added to the output of questions.yaml
|
||||
# It's ONLY meant for content that the user is NOT expected to change.
|
||||
# Example: Everything under "image" is not included in questions.yaml but is included here.
|
||||
##
|
||||
|
||||
image:
|
||||
repository: vaultwarden/server
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.22.2
|
||||
|
||||
envTpl:
|
||||
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "{{ .Release.Name }}-vaultwardenconfig"
|
||||
- secretRef:
|
||||
name: "{{ .Release.Name }}-vaultwardensecret"
|
||||
|
||||
|
||||
envValueFrom:
|
||||
DATABASE_URL:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: url
|
||||
|
||||
database:
|
||||
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
||||
type: postgresql
|
||||
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
|
||||
wal: false
|
||||
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
|
||||
# url: ""
|
||||
## Set the size of the database connection pool.
|
||||
# maxConnections: 10
|
||||
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
||||
retries: 30
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: vaultwarden
|
||||
postgresqlDatabase: vaultwarden
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
||||
persistence:
|
||||
db:
|
||||
storageClass: "SCALE-ZFS"
|
||||
dbbackups:
|
||||
storageClass: "SCALE-ZFS"
|
||||
|
||||
##
|
||||
# Most other defaults are set in questions.yaml
|
||||
# For other options please refer to the wiki, default_values.yaml or the common library chart
|
||||
##
|
File diff suppressed because it is too large
Load Diff
|
@ -1,116 +0,0 @@
|
|||
{{/* Define the configmap */}}
|
||||
{{- define "vaultwarden.configmap" -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-vaultwardenconfig
|
||||
data:
|
||||
ROCKET_PORT: "8080"
|
||||
SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }}
|
||||
{{- if .Values.vaultwarden.signupDomains }}
|
||||
SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
|
||||
SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }}
|
||||
{{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}}
|
||||
REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }}
|
||||
{{- if .Values.vaultwarden.emailAttempts }}
|
||||
EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.emailTokenExpiration }}
|
||||
EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }}
|
||||
{{- end }}
|
||||
INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }}
|
||||
{{- if .Values.vaultwarden.defaultInviteName }}
|
||||
INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }}
|
||||
{{- end }}
|
||||
SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }}
|
||||
WEBSOCKET_ENABLED: {{ .Values.vaultwarden.enableWebsockets | quote }}
|
||||
WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }}
|
||||
ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }}
|
||||
{{- if .Values.vaultwarden.attachmentLimitOrg }}
|
||||
ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.attachmentLimitUser }}
|
||||
USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.hibpApiKey }}
|
||||
HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }}
|
||||
{{- end }}
|
||||
{{- include "vaultwarden.dbTypeValid" . }}
|
||||
{{- if .Values.database.retries }}
|
||||
DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.database.maxConnections }}
|
||||
DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.smtp.enabled true }}
|
||||
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }}
|
||||
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }}
|
||||
{{- if .Values.vaultwarden.smtp.fromName }}
|
||||
SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.ssl }}
|
||||
SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.port }}
|
||||
SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.authMechanism }}
|
||||
SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.heloName }}
|
||||
HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.timeout }}
|
||||
SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.invalidHostname }}
|
||||
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.invalidCertificate }}
|
||||
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.file }}
|
||||
LOG_FILE: {{ .Values.vaultwarden.log.file | quote }}
|
||||
{{- end }}
|
||||
{{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }}
|
||||
EXTENDED_LOGGING: "true"
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.level }}
|
||||
{{- include "vaultwarden.logLevelValid" . }}
|
||||
LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.timeFormat }}
|
||||
LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.disableDownload }}
|
||||
DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }}
|
||||
{{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }}
|
||||
ICON_CACHE_TTL: "0"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.cache }}
|
||||
ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.cacheFailed }}
|
||||
ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.admin.enabled true }}
|
||||
{{- if eq .Values.vaultwarden.admin.disableAdminToken true }}
|
||||
DISABLE_ADMIN_TOKEN: "true"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.yubico.enabled true }}
|
||||
{{- if .Values.vaultwarden.yubico.server }}
|
||||
YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.database.type "sqlite" }}
|
||||
ENABLE_DB_WAL: {{ .Values.database.wal | quote }}
|
||||
{{- else }}
|
||||
ENABLE_DB_WAL: "false"
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,68 +0,0 @@
|
|||
{{/* Define the secrets */}}
|
||||
{{- define "vaultwarden.secrets" -}}
|
||||
|
||||
{{- $adminToken := "" }}
|
||||
{{- if eq .Values.vaultwarden.admin.enabled true }}
|
||||
{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | b64enc | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $smtpUser := "" }}
|
||||
{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }}
|
||||
{{- $smtpUser = .Values.vaultwarden.smtp.user | b64enc | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $yubicoClientId := "" }}
|
||||
{{- if eq .Values.vaultwarden.yubico.enabled true }}
|
||||
{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | b64enc | quote }}
|
||||
{{- end -}}
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-vaultwardensecret
|
||||
data:
|
||||
{{- if ne $adminToken "" }}
|
||||
ADMIN_TOKEN: {{ $adminToken }}
|
||||
{{- end }}
|
||||
{{- if ne $smtpUser "" }}
|
||||
SMTP_USERNAME: {{ $smtpUser }}
|
||||
SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if ne $yubicoClientId "" }}
|
||||
YUBICO_CLIENT_ID: {{ $yubicoClientId }}
|
||||
YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | b64enc | quote }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
|
||||
name: {{ $dbcredsname }}
|
||||
data:
|
||||
{{- $dbPass := "" }}
|
||||
{{ $rootPass := "" }}
|
||||
{{ $urlPass := "" }}
|
||||
|
||||
{{- if .Release.IsInstall }}
|
||||
{{ $dbPass = ( randAlphaNum 50 | b64enc | quote ) }}
|
||||
{{ $rootPass = ( randAlphaNum 50 | b64enc | quote ) }}
|
||||
{{ $urlPass = $dbPass }}
|
||||
{{ else }}
|
||||
# `index` function is necessary because the property name contains a dash.
|
||||
# Otherwise (...).data.db_password would have worked too.
|
||||
{{ $dbPass = ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) }}
|
||||
{{ $rootPass = ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) }}
|
||||
{{ $urlPass = ( ( index (lookup "v1" "Secret" .Release.Namespace ( $dbcredsname | quote ) ).data "postgresql-postgres-password" ) | b64dec | quote ) }}
|
||||
{{ end }}
|
||||
|
||||
postgresql-password: {{ $dbPass }}
|
||||
postgresql-postgres-password: {{ $rootPass }}
|
||||
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $urlPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
|
||||
postgresql_host: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }}
|
||||
type: Opaque
|
||||
{{- end -}}
|
|
@ -1,17 +0,0 @@
|
|||
{{/*
|
||||
Ensure valid DB type is select, defaults to SQLite
|
||||
*/}}
|
||||
{{- define "vaultwarden.dbTypeValid" -}}
|
||||
{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }}
|
||||
{{- required "Invalid database type" nil }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Ensure log type is valid
|
||||
*/}}
|
||||
{{- define "vaultwarden.logLevelValid" -}}
|
||||
{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }}
|
||||
{{- required "Invalid log level" nil }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,11 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.values.setup" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.all" . }}
|
||||
|
||||
{{/* Render configmap for vaultwarden */}}
|
||||
{{- include "vaultwarden.configmap" . }}
|
||||
|
||||
{{/* Render secrets for vaultwarden */}}
|
||||
{{- include "vaultwarden.secrets" . }}
|
|
@ -1,161 +0,0 @@
|
|||
# Default values for Bitwarden.
|
||||
|
||||
image:
|
||||
repository: vaultwarden/server
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.22.2
|
||||
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 8080
|
||||
ws:
|
||||
ports:
|
||||
ws:
|
||||
enabled: true
|
||||
port: 3012
|
||||
|
||||
env: {}
|
||||
|
||||
envTpl:
|
||||
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "{{ .Release.Name }}-vaultwardenconfig"
|
||||
- secretRef:
|
||||
name: "{{ .Release.Name }}-vaultwardensecret"
|
||||
|
||||
envValueFrom:
|
||||
DATABASE_URL:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: url
|
||||
|
||||
database:
|
||||
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
||||
type: postgresql
|
||||
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
|
||||
wal: true
|
||||
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
|
||||
# url: ""
|
||||
## Set the size of the database connection pool.
|
||||
# maxConnections: 10
|
||||
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
||||
# retries: 15
|
||||
|
||||
# Set Bitwarden_rs application variables
|
||||
vaultwarden:
|
||||
# Allow any user to sign-up: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
|
||||
allowSignups: true
|
||||
## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
|
||||
# signupDomains:
|
||||
# - domain.tld
|
||||
# Verify e-mail before login is enabled. SMTP must be enabled.
|
||||
verifySignup: false
|
||||
# When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
|
||||
requireEmail: false
|
||||
## Maximum attempts before an email token is reset and a new email will need to be sent.
|
||||
# emailAttempts: 3
|
||||
## Email token validity in seconds.
|
||||
# emailTokenExpiration: 600
|
||||
# Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
|
||||
allowInvitation: true
|
||||
# Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
|
||||
## Default organization name in invitation e-mails that are not coming from a specific organization.
|
||||
# defaultInviteName: ""
|
||||
showPasswordHint: true
|
||||
# Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications
|
||||
# Redirect HTTP path "/notifications/hub" to port 3012. Ingress/IngressRoute controllers are automatically configured.
|
||||
enableWebsockets: true
|
||||
# Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
|
||||
enableWebVault: true
|
||||
# Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
|
||||
orgCreationUsers: all
|
||||
## Limit attachment disk usage per organization.
|
||||
# attachmentLimitOrg:
|
||||
## Limit attachment disk usage per user.
|
||||
# attachmentLimitUser:
|
||||
## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
|
||||
# hibpApiKey:
|
||||
|
||||
admin:
|
||||
# Enable admin portal.
|
||||
enabled: false
|
||||
# Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
|
||||
disableAdminToken: false
|
||||
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
|
||||
# token:
|
||||
|
||||
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
|
||||
smtp:
|
||||
enabled: false
|
||||
# SMTP hostname, required if SMTP is enabled.
|
||||
host: ""
|
||||
# SMTP sender e-mail address, required if SMTP is enabled.
|
||||
from: ""
|
||||
## SMTP sender name, defaults to 'Bitwarden_RS'.
|
||||
# fromName: ""
|
||||
## Enable SSL connection.
|
||||
# ssl: true
|
||||
## SMTP port. Defaults to 25 without SSL, 587 with SSL.
|
||||
# port: 587
|
||||
## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
|
||||
# authMechanism: Plain
|
||||
## Hostname to be sent for SMTP HELO. Defaults to pod name.
|
||||
# heloName: ""
|
||||
## SMTP timeout.
|
||||
# timeout: 15
|
||||
## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
||||
# invalidHostname: false
|
||||
## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
||||
# invalidCertificate: false
|
||||
## SMTP username.
|
||||
# user: ""
|
||||
## SMTP password. Required is user is specified, ignored if no user provided.
|
||||
# password: ""
|
||||
|
||||
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
|
||||
yubico:
|
||||
enabled: false
|
||||
## Yubico server. Defaults to YubiCloud.
|
||||
# server:
|
||||
## Yubico ID and Secret Key.
|
||||
# clientId:
|
||||
# secretKey:
|
||||
|
||||
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
|
||||
log:
|
||||
# Log to file.
|
||||
file: ""
|
||||
# Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
|
||||
level: "trace"
|
||||
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
|
||||
# timeFormat: ""
|
||||
|
||||
icons:
|
||||
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
|
||||
disableDownload: false
|
||||
## Cache time-to-live for icons fetched. 0 means no purging.
|
||||
# cache: 2592000
|
||||
## Cache time-to-live for icons that were not available. 0 means no purging.
|
||||
# cacheFailed: 259200
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/data"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "100Gi"
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: vaultwarden
|
||||
postgresqlDatabase: vaultwarden
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,9 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.1
|
||||
- name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.2
|
||||
digest: sha256:e2146847d376235604812695bcf26dba3fff5f2e310f5aaa8bb373bfa9465137
|
||||
generated: "2021-08-31T14:05:47.554605113Z"
|
|
@ -1,34 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: auto
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 6.12.1
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 1.5.2
|
||||
deprecated: false
|
||||
description: Unofficial Bitwarden compatible server written in Rust
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/vaultwarden
|
||||
icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png
|
||||
keywords:
|
||||
- bitwarden
|
||||
- bitwardenrs
|
||||
- bitwarden_rs
|
||||
- vaultwarden
|
||||
- password
|
||||
- rust
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: truecharts.org
|
||||
- email: kjeld@schouten-lebbing.nl
|
||||
name: Ornias1993
|
||||
url: truecharts.org
|
||||
name: vaultwarden
|
||||
sources:
|
||||
- https://github.com/dani-garcia/vaultwarden
|
||||
type: application
|
||||
version: 5.0.9
|
|
@ -1,38 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
Unofficial Bitwarden compatible server written in Rust
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/dani-garcia/vaultwarden>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org/ | common | 6.12.1 |
|
||||
| https://truecharts.org/ | postgresql | 1.5.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,4 +0,0 @@
|
|||
Unofficial Bitwarden compatible server written in Rust
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
||||
Unofficial Bitwarden compatible server written in Rust
|
Binary file not shown.
Binary file not shown.
|
@ -1,56 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| database.type | string | `"postgresql"` | |
|
||||
| database.wal | bool | `true` | |
|
||||
| env | object | `{}` | |
|
||||
| envFrom[0].configMapRef.name | string | `"{{ .Release.Name }}-vaultwardenconfig"` | |
|
||||
| envFrom[1].secretRef.name | string | `"{{ .Release.Name }}-vaultwardensecret"` | |
|
||||
| envTpl.DOMAIN | string | `"https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"` | |
|
||||
| envValueFrom.DATABASE_URL.secretKeyRef.key | string | `"url"` | |
|
||||
| envValueFrom.DATABASE_URL.secretKeyRef.name | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"vaultwarden/server"` | |
|
||||
| image.tag | string | `"1.22.2"` | |
|
||||
| persistence.data.accessMode | string | `"ReadWriteOnce"` | |
|
||||
| persistence.data.enabled | bool | `true` | |
|
||||
| persistence.data.mountPath | string | `"/data"` | |
|
||||
| persistence.data.size | string | `"100Gi"` | |
|
||||
| persistence.data.type | string | `"pvc"` | |
|
||||
| postgresql.enabled | bool | `true` | |
|
||||
| postgresql.existingSecret | string | `"{{ .Release.Name }}-dbcreds"` | |
|
||||
| postgresql.postgresqlDatabase | string | `"vaultwarden"` | |
|
||||
| postgresql.postgresqlUsername | string | `"vaultwarden"` | |
|
||||
| service.main.ports.main.port | int | `8080` | |
|
||||
| service.ws.ports.ws.enabled | bool | `true` | |
|
||||
| service.ws.ports.ws.port | int | `3012` | |
|
||||
| strategy.type | string | `"Recreate"` | |
|
||||
| vaultwarden.admin.disableAdminToken | bool | `false` | |
|
||||
| vaultwarden.admin.enabled | bool | `false` | |
|
||||
| vaultwarden.allowInvitation | bool | `true` | |
|
||||
| vaultwarden.allowSignups | bool | `true` | |
|
||||
| vaultwarden.enableWebVault | bool | `true` | |
|
||||
| vaultwarden.enableWebsockets | bool | `true` | |
|
||||
| vaultwarden.icons.disableDownload | bool | `false` | |
|
||||
| vaultwarden.log.file | string | `""` | |
|
||||
| vaultwarden.log.level | string | `"trace"` | |
|
||||
| vaultwarden.orgCreationUsers | string | `"all"` | |
|
||||
| vaultwarden.requireEmail | bool | `false` | |
|
||||
| vaultwarden.showPasswordHint | bool | `true` | |
|
||||
| vaultwarden.smtp.enabled | bool | `false` | |
|
||||
| vaultwarden.smtp.from | string | `""` | |
|
||||
| vaultwarden.smtp.host | string | `""` | |
|
||||
| vaultwarden.verifySignup | bool | `false` | |
|
||||
| vaultwarden.yubico.enabled | bool | `false` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,55 +0,0 @@
|
|||
##
|
||||
# This file contains Values.yaml content that gets added to the output of questions.yaml
|
||||
# It's ONLY meant for content that the user is NOT expected to change.
|
||||
# Example: Everything under "image" is not included in questions.yaml but is included here.
|
||||
##
|
||||
|
||||
image:
|
||||
repository: vaultwarden/server
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.22.2
|
||||
|
||||
envTpl:
|
||||
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "{{ .Release.Name }}-vaultwardenconfig"
|
||||
- secretRef:
|
||||
name: "{{ .Release.Name }}-vaultwardensecret"
|
||||
|
||||
|
||||
envValueFrom:
|
||||
DATABASE_URL:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: url
|
||||
|
||||
database:
|
||||
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
||||
type: postgresql
|
||||
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
|
||||
wal: false
|
||||
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
|
||||
# url: ""
|
||||
## Set the size of the database connection pool.
|
||||
# maxConnections: 10
|
||||
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
||||
retries: 30
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: vaultwarden
|
||||
postgresqlDatabase: vaultwarden
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
||||
persistence:
|
||||
db:
|
||||
storageClass: "SCALE-ZFS"
|
||||
dbbackups:
|
||||
storageClass: "SCALE-ZFS"
|
||||
|
||||
##
|
||||
# Most other defaults are set in questions.yaml
|
||||
# For other options please refer to the wiki, default_values.yaml or the common library chart
|
||||
##
|
File diff suppressed because it is too large
Load Diff
|
@ -1,116 +0,0 @@
|
|||
{{/* Define the configmap */}}
|
||||
{{- define "vaultwarden.configmap" -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-vaultwardenconfig
|
||||
data:
|
||||
ROCKET_PORT: "8080"
|
||||
SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }}
|
||||
{{- if .Values.vaultwarden.signupDomains }}
|
||||
SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
|
||||
SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }}
|
||||
{{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}}
|
||||
REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }}
|
||||
{{- if .Values.vaultwarden.emailAttempts }}
|
||||
EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.emailTokenExpiration }}
|
||||
EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }}
|
||||
{{- end }}
|
||||
INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }}
|
||||
{{- if .Values.vaultwarden.defaultInviteName }}
|
||||
INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }}
|
||||
{{- end }}
|
||||
SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }}
|
||||
WEBSOCKET_ENABLED: {{ .Values.vaultwarden.enableWebsockets | quote }}
|
||||
WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }}
|
||||
ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }}
|
||||
{{- if .Values.vaultwarden.attachmentLimitOrg }}
|
||||
ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.attachmentLimitUser }}
|
||||
USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.hibpApiKey }}
|
||||
HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }}
|
||||
{{- end }}
|
||||
{{- include "vaultwarden.dbTypeValid" . }}
|
||||
{{- if .Values.database.retries }}
|
||||
DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.database.maxConnections }}
|
||||
DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.smtp.enabled true }}
|
||||
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }}
|
||||
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }}
|
||||
{{- if .Values.vaultwarden.smtp.fromName }}
|
||||
SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.ssl }}
|
||||
SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.port }}
|
||||
SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.authMechanism }}
|
||||
SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.heloName }}
|
||||
HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.timeout }}
|
||||
SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.invalidHostname }}
|
||||
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.smtp.invalidCertificate }}
|
||||
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.file }}
|
||||
LOG_FILE: {{ .Values.vaultwarden.log.file | quote }}
|
||||
{{- end }}
|
||||
{{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }}
|
||||
EXTENDED_LOGGING: "true"
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.level }}
|
||||
{{- include "vaultwarden.logLevelValid" . }}
|
||||
LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.log.timeFormat }}
|
||||
LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.disableDownload }}
|
||||
DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }}
|
||||
{{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }}
|
||||
ICON_CACHE_TTL: "0"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.cache }}
|
||||
ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.vaultwarden.icons.cacheFailed }}
|
||||
ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.admin.enabled true }}
|
||||
{{- if eq .Values.vaultwarden.admin.disableAdminToken true }}
|
||||
DISABLE_ADMIN_TOKEN: "true"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.vaultwarden.yubico.enabled true }}
|
||||
{{- if .Values.vaultwarden.yubico.server }}
|
||||
YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.database.type "sqlite" }}
|
||||
ENABLE_DB_WAL: {{ .Values.database.wal | quote }}
|
||||
{{- else }}
|
||||
ENABLE_DB_WAL: "false"
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,59 +0,0 @@
|
|||
{{/* Define the secrets */}}
|
||||
{{- define "vaultwarden.secrets" -}}
|
||||
|
||||
{{- $adminToken := "" }}
|
||||
{{- if eq .Values.vaultwarden.admin.enabled true }}
|
||||
{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | b64enc | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $smtpUser := "" }}
|
||||
{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }}
|
||||
{{- $smtpUser = .Values.vaultwarden.smtp.user | b64enc | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $yubicoClientId := "" }}
|
||||
{{- if eq .Values.vaultwarden.yubico.enabled true }}
|
||||
{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | b64enc | quote }}
|
||||
{{- end -}}
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-vaultwardensecret
|
||||
data:
|
||||
{{- if ne $adminToken "" }}
|
||||
ADMIN_TOKEN: {{ $adminToken }}
|
||||
{{- end }}
|
||||
{{- if ne $smtpUser "" }}
|
||||
SMTP_USERNAME: {{ $smtpUser }}
|
||||
SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if ne $yubicoClientId "" }}
|
||||
YUBICO_CLIENT_ID: {{ $yubicoClientId }}
|
||||
YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | b64enc | quote }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
{{- $dbcredsname := ( printf "%v-%v" .Release.Name "dbcreds" ) }}
|
||||
name: {{ $dbcredsname }}
|
||||
{{- $previous := lookup "v1" "Secret" .Release.Namespace $dbcredsname }}
|
||||
{{- $dbPass := "" }}
|
||||
data:
|
||||
{{- if $previous }}
|
||||
postgresql-password: {{ ( index $previous.data "postgresql-password" ) }}
|
||||
postgresql-postgres-password: {{ ( index $previous.data "postgresql-postgres-password" ) }}
|
||||
{{- else }}
|
||||
{{- $dbPass = randAlphaNum 50 }}
|
||||
postgresql-password: {{ $dbPass | b64enc | quote }}
|
||||
postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }}
|
||||
{{- end }}
|
||||
url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }}
|
||||
type: Opaque
|
||||
{{- end -}}
|
|
@ -1,17 +0,0 @@
|
|||
{{/*
|
||||
Ensure valid DB type is select, defaults to SQLite
|
||||
*/}}
|
||||
{{- define "vaultwarden.dbTypeValid" -}}
|
||||
{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }}
|
||||
{{- required "Invalid database type" nil }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Ensure log type is valid
|
||||
*/}}
|
||||
{{- define "vaultwarden.logLevelValid" -}}
|
||||
{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }}
|
||||
{{- required "Invalid log level" nil }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,11 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.values.setup" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.all" . }}
|
||||
|
||||
{{/* Render configmap for vaultwarden */}}
|
||||
{{- include "vaultwarden.configmap" . }}
|
||||
|
||||
{{/* Render secrets for vaultwarden */}}
|
||||
{{- include "vaultwarden.secrets" . }}
|
|
@ -1,161 +0,0 @@
|
|||
# Default values for Bitwarden.
|
||||
|
||||
image:
|
||||
repository: vaultwarden/server
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.22.2
|
||||
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 8080
|
||||
ws:
|
||||
ports:
|
||||
ws:
|
||||
enabled: true
|
||||
port: 3012
|
||||
|
||||
env: {}
|
||||
|
||||
envTpl:
|
||||
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "{{ .Release.Name }}-vaultwardenconfig"
|
||||
- secretRef:
|
||||
name: "{{ .Release.Name }}-vaultwardensecret"
|
||||
|
||||
envValueFrom:
|
||||
DATABASE_URL:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-dbcreds"
|
||||
key: url
|
||||
|
||||
database:
|
||||
# Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
||||
type: postgresql
|
||||
# Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
|
||||
wal: true
|
||||
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
|
||||
# url: ""
|
||||
## Set the size of the database connection pool.
|
||||
# maxConnections: 10
|
||||
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
||||
# retries: 15
|
||||
|
||||
# Set Bitwarden_rs application variables
|
||||
vaultwarden:
|
||||
# Allow any user to sign-up: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
|
||||
allowSignups: true
|
||||
## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
|
||||
# signupDomains:
|
||||
# - domain.tld
|
||||
# Verify e-mail before login is enabled. SMTP must be enabled.
|
||||
verifySignup: false
|
||||
# When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
|
||||
requireEmail: false
|
||||
## Maximum attempts before an email token is reset and a new email will need to be sent.
|
||||
# emailAttempts: 3
|
||||
## Email token validity in seconds.
|
||||
# emailTokenExpiration: 600
|
||||
# Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
|
||||
allowInvitation: true
|
||||
# Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
|
||||
## Default organization name in invitation e-mails that are not coming from a specific organization.
|
||||
# defaultInviteName: ""
|
||||
showPasswordHint: true
|
||||
# Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications
|
||||
# Redirect HTTP path "/notifications/hub" to port 3012. Ingress/IngressRoute controllers are automatically configured.
|
||||
enableWebsockets: true
|
||||
# Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
|
||||
enableWebVault: true
|
||||
# Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
|
||||
orgCreationUsers: all
|
||||
## Limit attachment disk usage per organization.
|
||||
# attachmentLimitOrg:
|
||||
## Limit attachment disk usage per user.
|
||||
# attachmentLimitUser:
|
||||
## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
|
||||
# hibpApiKey:
|
||||
|
||||
admin:
|
||||
# Enable admin portal.
|
||||
enabled: false
|
||||
# Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
|
||||
disableAdminToken: false
|
||||
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
|
||||
# token:
|
||||
|
||||
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
|
||||
smtp:
|
||||
enabled: false
|
||||
# SMTP hostname, required if SMTP is enabled.
|
||||
host: ""
|
||||
# SMTP sender e-mail address, required if SMTP is enabled.
|
||||
from: ""
|
||||
## SMTP sender name, defaults to 'Bitwarden_RS'.
|
||||
# fromName: ""
|
||||
## Enable SSL connection.
|
||||
# ssl: true
|
||||
## SMTP port. Defaults to 25 without SSL, 587 with SSL.
|
||||
# port: 587
|
||||
## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
|
||||
# authMechanism: Plain
|
||||
## Hostname to be sent for SMTP HELO. Defaults to pod name.
|
||||
# heloName: ""
|
||||
## SMTP timeout.
|
||||
# timeout: 15
|
||||
## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
||||
# invalidHostname: false
|
||||
## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
||||
# invalidCertificate: false
|
||||
## SMTP username.
|
||||
# user: ""
|
||||
## SMTP password. Required is user is specified, ignored if no user provided.
|
||||
# password: ""
|
||||
|
||||
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
|
||||
yubico:
|
||||
enabled: false
|
||||
## Yubico server. Defaults to YubiCloud.
|
||||
# server:
|
||||
## Yubico ID and Secret Key.
|
||||
# clientId:
|
||||
# secretKey:
|
||||
|
||||
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
|
||||
log:
|
||||
# Log to file.
|
||||
file: ""
|
||||
# Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
|
||||
level: "trace"
|
||||
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
|
||||
# timeFormat: ""
|
||||
|
||||
icons:
|
||||
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
|
||||
disableDownload: false
|
||||
## Cache time-to-live for icons fetched. 0 means no purging.
|
||||
# cache: 2592000
|
||||
## Cache time-to-live for icons that were not available. 0 means no purging.
|
||||
# cacheFailed: 259200
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/data"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "100Gi"
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
postgresqlUsername: vaultwarden
|
||||
postgresqlDatabase: vaultwarden
|
||||
existingSecret: "{{ .Release.Name }}-dbcreds"
|
|
@ -1,3 +0,0 @@
|
|||
categories:
|
||||
- security
|
||||
icon_url: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png
|
Loading…
Reference in New Issue