Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
2c9f535b49
commit
4e9f02f488
|
@ -0,0 +1,48 @@
|
||||||
|
**Important:**
|
||||||
|
*for the complete changelog, please refer to the website*
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [vaultwarden-20.0.5](https://github.com/truecharts/charts/compare/vaultwarden-20.0.4...vaultwarden-20.0.5) (2023-03-06)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
|
||||||
|
- don't base64 encode secret anymore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [vaultwarden-20.0.4](https://github.com/truecharts/charts/compare/vaultwarden-20.0.3...vaultwarden-20.0.4) (2023-03-06)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- bump common and dependencies ([#7751](https://github.com/truecharts/charts/issues/7751))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [vaultwarden-20.0.3](https://github.com/truecharts/charts/compare/vaultwarden-20.0.1...vaultwarden-20.0.3) (2023-03-06)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- bump common and dependencies ([#7749](https://github.com/truecharts/charts/issues/7749))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [vaultwarden-20.0.1](https://github.com/truecharts/charts/compare/vaultwarden-20.0.0...vaultwarden-20.0.1) (2023-03-05)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- bump common and enterprise train for stability ([#7747](https://github.com/truecharts/charts/issues/7747))
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
|
||||||
|
- bump common for release
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [vaultwarden-20.0.0](https://github.com/truecharts/charts/compare/vaultwarden-19.0.23...vaultwarden-20.0.0) (2023-03-04)
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: "1.27.0"
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
repository: https://library-charts.truecharts.org
|
||||||
|
version: 12.2.19
|
||||||
|
deprecated: false
|
||||||
|
description: Unofficial Bitwarden compatible server written in Rust
|
||||||
|
home: https://truecharts.org/charts/enterprise/vaultwarden
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/vaultwarden.png
|
||||||
|
keywords:
|
||||||
|
- bitwarden
|
||||||
|
- bitwardenrs
|
||||||
|
- bitwarden_rs
|
||||||
|
- vaultwarden
|
||||||
|
- password
|
||||||
|
- rust
|
||||||
|
kubeVersion: ">=1.16.0-0"
|
||||||
|
maintainers:
|
||||||
|
- email: info@truecharts.org
|
||||||
|
name: TrueCharts
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: vaultwarden
|
||||||
|
sources:
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden
|
||||||
|
- https://github.com/dani-garcia/vaultwarden
|
||||||
|
type: application
|
||||||
|
version: 20.0.5
|
||||||
|
annotations:
|
||||||
|
truecharts.org/catagories: |
|
||||||
|
- security
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/grade: U
|
|
@ -0,0 +1,106 @@
|
||||||
|
Business Source License 1.1
|
||||||
|
|
||||||
|
Parameters
|
||||||
|
|
||||||
|
Licensor: The TrueCharts Project, it's owner and it's contributors
|
||||||
|
Licensed Work: The TrueCharts "Cert-Manager" Helm Chart
|
||||||
|
Additional Use Grant: You may use the licensed work in production, as long
|
||||||
|
as it is directly sourced from a TrueCharts provided
|
||||||
|
official repository, catalog or source. You may also make private
|
||||||
|
modification to the directly sourced licenced work,
|
||||||
|
when used in production.
|
||||||
|
|
||||||
|
The following cases are, due to their nature, also
|
||||||
|
defined as 'production use' and explicitly prohibited:
|
||||||
|
- Bundling, including or displaying the licensed work
|
||||||
|
with(in) another work intended for production use,
|
||||||
|
with the apparent intend of facilitating and/or
|
||||||
|
promoting production use by third parties in
|
||||||
|
violation of this license.
|
||||||
|
|
||||||
|
Change Date: 2050-01-01
|
||||||
|
|
||||||
|
Change License: 3-clause BSD license
|
||||||
|
|
||||||
|
For information about alternative licensing arrangements for the Software,
|
||||||
|
please contact: legal@truecharts.org
|
||||||
|
|
||||||
|
Notice
|
||||||
|
|
||||||
|
The Business Source License (this document, or the “License”) is not an Open
|
||||||
|
Source license. However, the Licensed Work will eventually be made available
|
||||||
|
under an Open Source License, as stated in this License.
|
||||||
|
|
||||||
|
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
||||||
|
“Business Source License” is a trademark of MariaDB Corporation Ab.
|
||||||
|
|
||||||
|
-----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Business Source License 1.1
|
||||||
|
|
||||||
|
Terms
|
||||||
|
|
||||||
|
The Licensor hereby grants you the right to copy, modify, create derivative
|
||||||
|
works, redistribute, and make non-production use of the Licensed Work. The
|
||||||
|
Licensor may make an Additional Use Grant, above, permitting limited
|
||||||
|
production use.
|
||||||
|
|
||||||
|
Effective on the Change Date, or the fourth anniversary of the first publicly
|
||||||
|
available distribution of a specific version of the Licensed Work under this
|
||||||
|
License, whichever comes first, the Licensor hereby grants you rights under
|
||||||
|
the terms of the Change License, and the rights granted in the paragraph
|
||||||
|
above terminate.
|
||||||
|
|
||||||
|
If your use of the Licensed Work does not comply with the requirements
|
||||||
|
currently in effect as described in this License, you must purchase a
|
||||||
|
commercial license from the Licensor, its affiliated entities, or authorized
|
||||||
|
resellers, or you must refrain from using the Licensed Work.
|
||||||
|
|
||||||
|
All copies of the original and modified Licensed Work, and derivative works
|
||||||
|
of the Licensed Work, are subject to this License. This License applies
|
||||||
|
separately for each version of the Licensed Work and the Change Date may vary
|
||||||
|
for each version of the Licensed Work released by Licensor.
|
||||||
|
|
||||||
|
You must conspicuously display this License on each original or modified copy
|
||||||
|
of the Licensed Work. If you receive the Licensed Work in original or
|
||||||
|
modified form from a third party, the terms and conditions set forth in this
|
||||||
|
License apply to your use of that work.
|
||||||
|
|
||||||
|
Any use of the Licensed Work in violation of this License will automatically
|
||||||
|
terminate your rights under this License for the current and all other
|
||||||
|
versions of the Licensed Work.
|
||||||
|
|
||||||
|
This License does not grant you any right in any trademark or logo of
|
||||||
|
Licensor or its affiliates (provided that you may use a trademark or logo of
|
||||||
|
Licensor as expressly required by this License).
|
||||||
|
|
||||||
|
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
|
||||||
|
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
|
||||||
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
|
||||||
|
TITLE.
|
||||||
|
|
||||||
|
MariaDB hereby grants you permission to use this License’s text to license
|
||||||
|
your works, and to refer to it using the trademark “Business Source License”,
|
||||||
|
as long as you comply with the Covenants of Licensor below.
|
||||||
|
|
||||||
|
Covenants of Licensor
|
||||||
|
|
||||||
|
In consideration of the right to use this License’s text and the “Business
|
||||||
|
Source License” name and trademark, Licensor covenants to MariaDB, and to all
|
||||||
|
other recipients of the licensed work to be provided by Licensor:
|
||||||
|
|
||||||
|
1. To specify as the Change License the GPL Version 2.0 or any later version,
|
||||||
|
or a license that is compatible with GPL Version 2.0 or a later version,
|
||||||
|
where “compatible” means that software provided under the Change License can
|
||||||
|
be included in a program with software provided under GPL Version 2.0 or a
|
||||||
|
later version. Licensor may specify additional Change Licenses without
|
||||||
|
limitation.
|
||||||
|
|
||||||
|
2. To either: (a) specify an additional grant of rights to use that does not
|
||||||
|
impose any additional restriction on the right granted in this License, as
|
||||||
|
the Additional Use Grant; or (b) insert the text “None”.
|
||||||
|
|
||||||
|
3. To specify a Change Date.
|
||||||
|
|
||||||
|
4. Not to modify this License in any other way.
|
|
@ -0,0 +1,27 @@
|
||||||
|
# README
|
||||||
|
|
||||||
|
## General Info
|
||||||
|
|
||||||
|
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
|
||||||
|
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||||
|
|
||||||
|
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
|
||||||
|
|
||||||
|
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||||
|
|
||||||
|
|
||||||
|
## Support
|
||||||
|
|
||||||
|
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
|
||||||
|
- See the [Website](https://truecharts.org)
|
||||||
|
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||||
|
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Sponsor TrueCharts
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||||
|
|
||||||
|
*All Rights Reserved - The TrueCharts Project*
|
|
@ -0,0 +1,9 @@
|
||||||
|
|
||||||
|
|
||||||
|
## [vaultwarden-20.0.5](https://github.com/truecharts/charts/compare/vaultwarden-20.0.4...vaultwarden-20.0.5) (2023-03-06)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
|
||||||
|
- don't base64 encode secret anymore
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
Unofficial Bitwarden compatible server written in Rust
|
||||||
|
|
||||||
|
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/vaultwarden](https://truecharts.org/charts/enterprise/vaultwarden)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,164 @@
|
||||||
|
image:
|
||||||
|
repository: tccr.io/truecharts/vaultwarden
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
tag: 1.27.0@sha256:e80b8a6a8b05928d9703eda1c7ebd2c8f1c0b9deed1734ce31c2ec6d70aed323
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
main:
|
||||||
|
port: 10102
|
||||||
|
targetPort: 8080
|
||||||
|
ws:
|
||||||
|
enabled: true
|
||||||
|
ports:
|
||||||
|
ws:
|
||||||
|
enabled: true
|
||||||
|
port: 3012
|
||||||
|
targetPort: 3012
|
||||||
|
|
||||||
|
workload:
|
||||||
|
main:
|
||||||
|
podSpec:
|
||||||
|
containers:
|
||||||
|
main:
|
||||||
|
env:
|
||||||
|
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
|
||||||
|
DATABASE_URL:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cnpg-main-urls
|
||||||
|
key: std
|
||||||
|
|
||||||
|
envFrom:
|
||||||
|
- configMapRef:
|
||||||
|
name: vaultwardenconfig
|
||||||
|
- secretRef:
|
||||||
|
name: vaultwardensecret
|
||||||
|
|
||||||
|
database:
|
||||||
|
# -- Database type,
|
||||||
|
# must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
||||||
|
type: postgresql
|
||||||
|
# -- Enable DB Write-Ahead-Log for SQLite,
|
||||||
|
# disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
|
||||||
|
wal: true
|
||||||
|
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
|
||||||
|
# url: ""
|
||||||
|
## Set the size of the database connection pool.
|
||||||
|
# maxConnections: 10
|
||||||
|
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
||||||
|
# retries: 15
|
||||||
|
|
||||||
|
# Set Bitwarden_rs application variables
|
||||||
|
vaultwarden:
|
||||||
|
# -- Allow any user to sign-up
|
||||||
|
# see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
|
||||||
|
allowSignups: true
|
||||||
|
## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
|
||||||
|
# signupDomains:
|
||||||
|
# - domain.tld
|
||||||
|
# -- Verify e-mail before login is enabled.
|
||||||
|
# SMTP must be enabled.
|
||||||
|
verifySignup: false
|
||||||
|
# When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
|
||||||
|
requireEmail: false
|
||||||
|
## Maximum attempts before an email token is reset and a new email will need to be sent.
|
||||||
|
# emailAttempts: 3
|
||||||
|
## Email token validity in seconds.
|
||||||
|
# emailTokenExpiration: 600
|
||||||
|
# Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
|
||||||
|
allowInvitation: true
|
||||||
|
# Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
|
||||||
|
## Default organization name in invitation e-mails that are not coming from a specific organization.
|
||||||
|
# defaultInviteName: ""
|
||||||
|
showPasswordHint: true
|
||||||
|
# Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications
|
||||||
|
# Redirect HTTP path "/notifications/hub" to port 3012. Ingress/IngressRoute controllers are automatically configured.
|
||||||
|
enableWebsockets: true
|
||||||
|
# Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
|
||||||
|
enableWebVault: true
|
||||||
|
# Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
|
||||||
|
orgCreationUsers: all
|
||||||
|
## Limit attachment disk usage per organization.
|
||||||
|
# attachmentLimitOrg:
|
||||||
|
## Limit attachment disk usage per user.
|
||||||
|
# attachmentLimitUser:
|
||||||
|
## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
|
||||||
|
# hibpApiKey:
|
||||||
|
|
||||||
|
admin:
|
||||||
|
# Enable admin portal.
|
||||||
|
enabled: false
|
||||||
|
# Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
|
||||||
|
disableAdminToken: false
|
||||||
|
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
|
||||||
|
# token:
|
||||||
|
|
||||||
|
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
|
||||||
|
smtp:
|
||||||
|
enabled: false
|
||||||
|
# SMTP hostname, required if SMTP is enabled.
|
||||||
|
host: ""
|
||||||
|
# SMTP sender e-mail address, required if SMTP is enabled.
|
||||||
|
from: ""
|
||||||
|
## SMTP sender name, defaults to 'Bitwarden_RS'.
|
||||||
|
# fromName: ""
|
||||||
|
## Enable SSL connection.
|
||||||
|
# ssl: true
|
||||||
|
## SMTP port. Defaults to 25 without SSL, 587 with SSL.
|
||||||
|
# port: 587
|
||||||
|
## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
|
||||||
|
# authMechanism: Plain
|
||||||
|
## Hostname to be sent for SMTP HELO. Defaults to pod name.
|
||||||
|
# heloName: ""
|
||||||
|
## SMTP timeout.
|
||||||
|
# timeout: 15
|
||||||
|
## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
||||||
|
# invalidHostname: false
|
||||||
|
## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
||||||
|
# invalidCertificate: false
|
||||||
|
## SMTP username.
|
||||||
|
# user: ""
|
||||||
|
## SMTP password. Required is user is specified, ignored if no user provided.
|
||||||
|
# password: ""
|
||||||
|
|
||||||
|
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
|
||||||
|
yubico:
|
||||||
|
enabled: false
|
||||||
|
## Yubico server. Defaults to YubiCloud.
|
||||||
|
# server:
|
||||||
|
## Yubico ID and Secret Key.
|
||||||
|
# clientId:
|
||||||
|
# secretKey:
|
||||||
|
|
||||||
|
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
|
||||||
|
log:
|
||||||
|
# Log to file.
|
||||||
|
file: ""
|
||||||
|
# Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
|
||||||
|
level: "trace"
|
||||||
|
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
|
||||||
|
# timeFormat: ""
|
||||||
|
|
||||||
|
icons:
|
||||||
|
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
|
||||||
|
disableDownload: false
|
||||||
|
## Cache time-to-live for icons fetched. 0 means no purging.
|
||||||
|
# cache: 2592000
|
||||||
|
## Cache time-to-live for icons that were not available. 0 means no purging.
|
||||||
|
# cacheFailed: 259200
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
data:
|
||||||
|
enabled: true
|
||||||
|
mountPath: "/data"
|
||||||
|
|
||||||
|
cnpg:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
user: vaultwarden
|
||||||
|
database: vaultwarden
|
||||||
|
|
||||||
|
portal:
|
||||||
|
open:
|
||||||
|
enabled: true
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1 @@
|
||||||
|
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
|
@ -0,0 +1,112 @@
|
||||||
|
{{/* Define the configmap */}}
|
||||||
|
{{- define "vaultwarden.configmap" -}}
|
||||||
|
enabled: true
|
||||||
|
data:
|
||||||
|
ROCKET_PORT: "8080"
|
||||||
|
SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }}
|
||||||
|
{{- if .Values.vaultwarden.signupDomains }}
|
||||||
|
SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
|
||||||
|
SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }}
|
||||||
|
{{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}}
|
||||||
|
REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }}
|
||||||
|
{{- if .Values.vaultwarden.emailAttempts }}
|
||||||
|
EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.emailTokenExpiration }}
|
||||||
|
EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }}
|
||||||
|
{{- end }}
|
||||||
|
INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }}
|
||||||
|
{{- if .Values.vaultwarden.defaultInviteName }}
|
||||||
|
INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }}
|
||||||
|
{{- end }}
|
||||||
|
SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }}
|
||||||
|
WEBSOCKET_ENABLED: {{ .Values.vaultwarden.enableWebsockets | quote }}
|
||||||
|
WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }}
|
||||||
|
ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }}
|
||||||
|
{{- if .Values.vaultwarden.attachmentLimitOrg }}
|
||||||
|
ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.attachmentLimitUser }}
|
||||||
|
USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.hibpApiKey }}
|
||||||
|
HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- include "vaultwarden.dbTypeValid" . }}
|
||||||
|
{{- if .Values.database.retries }}
|
||||||
|
DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.database.maxConnections }}
|
||||||
|
DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq .Values.vaultwarden.smtp.enabled true }}
|
||||||
|
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }}
|
||||||
|
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }}
|
||||||
|
{{- if .Values.vaultwarden.smtp.fromName }}
|
||||||
|
SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.smtp.ssl }}
|
||||||
|
SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.smtp.port }}
|
||||||
|
SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.smtp.authMechanism }}
|
||||||
|
SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.smtp.heloName }}
|
||||||
|
HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.smtp.timeout }}
|
||||||
|
SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.smtp.invalidHostname }}
|
||||||
|
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.smtp.invalidCertificate }}
|
||||||
|
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.log.file }}
|
||||||
|
LOG_FILE: {{ .Values.vaultwarden.log.file | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }}
|
||||||
|
EXTENDED_LOGGING: "true"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.log.level }}
|
||||||
|
{{- include "vaultwarden.logLevelValid" . }}
|
||||||
|
LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.log.timeFormat }}
|
||||||
|
LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.icons.disableDownload }}
|
||||||
|
DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }}
|
||||||
|
{{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }}
|
||||||
|
ICON_CACHE_TTL: "0"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.icons.cache }}
|
||||||
|
ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.vaultwarden.icons.cacheFailed }}
|
||||||
|
ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq .Values.vaultwarden.admin.enabled true }}
|
||||||
|
{{- if eq .Values.vaultwarden.admin.disableAdminToken true }}
|
||||||
|
DISABLE_ADMIN_TOKEN: "true"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq .Values.vaultwarden.yubico.enabled true }}
|
||||||
|
{{- if .Values.vaultwarden.yubico.server }}
|
||||||
|
YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq .Values.database.type "sqlite" }}
|
||||||
|
ENABLE_DB_WAL: {{ .Values.database.wal | quote }}
|
||||||
|
{{- else }}
|
||||||
|
ENABLE_DB_WAL: "false"
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,32 @@
|
||||||
|
{{/* Define the secrets */}}
|
||||||
|
{{- define "vaultwarden.secrets" -}}
|
||||||
|
|
||||||
|
{{- $adminToken := "" }}
|
||||||
|
{{- if eq .Values.vaultwarden.admin.enabled true }}
|
||||||
|
{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | quote }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- $smtpUser := "" }}
|
||||||
|
{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }}
|
||||||
|
{{- $smtpUser = .Values.vaultwarden.smtp.user | quote }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- $yubicoClientId := "" }}
|
||||||
|
{{- if eq .Values.vaultwarden.yubico.enabled true }}
|
||||||
|
{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | quote }}
|
||||||
|
{{- end -}}
|
||||||
|
enabled: true
|
||||||
|
data:
|
||||||
|
placeholder: placeholdervalue
|
||||||
|
{{- if ne $adminToken "" }}
|
||||||
|
ADMIN_TOKEN: {{ $adminToken }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if ne $smtpUser "" }}
|
||||||
|
SMTP_USERNAME: {{ $smtpUser }}
|
||||||
|
SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if ne $yubicoClientId "" }}
|
||||||
|
YUBICO_CLIENT_ID: {{ $yubicoClientId }}
|
||||||
|
YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{/*
|
||||||
|
Ensure valid DB type is select, defaults to SQLite
|
||||||
|
*/}}
|
||||||
|
{{- define "vaultwarden.dbTypeValid" -}}
|
||||||
|
{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }}
|
||||||
|
{{- required "Invalid database type" nil }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Ensure log type is valid
|
||||||
|
*/}}
|
||||||
|
{{- define "vaultwarden.logLevelValid" -}}
|
||||||
|
{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }}
|
||||||
|
{{- required "Invalid log level" nil }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,45 @@
|
||||||
|
{{/* Make sure all variables are set properly */}}
|
||||||
|
{{- include "tc.v1.common.loader.init" . }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* Render configmap for vaultwarden */}}
|
||||||
|
{{- $configmapFile := include "vaultwarden.configmap" . | fromYaml -}}
|
||||||
|
{{- if $configmapFile -}}
|
||||||
|
{{- $_ := set .Values.configmap "vaultwardenconfig" $configmapFile -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* Render secrets for vaultwarden */}}
|
||||||
|
{{- $secret := include "vaultwarden.secrets" . | fromYaml -}}
|
||||||
|
{{- if $secret -}}
|
||||||
|
{{- $_ := set .Values.secret "vaultwardensecret" $secret -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* Define path for websocket */}}
|
||||||
|
{{- define "vaultwarden.websocket" -}}
|
||||||
|
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||||
|
path: "/notifications/hub"
|
||||||
|
# -- Ignored if not kubeVersion >= 1.14-0
|
||||||
|
pathType: Prefix
|
||||||
|
service:
|
||||||
|
# -- Overrides the service name reference for this path
|
||||||
|
name: {{ printf "%s-ws" $fullname }}
|
||||||
|
port: {{ .Values.service.ws.ports.ws.port }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* inject websocket path to all main ingress hosts*/}}
|
||||||
|
{{- define "vaultwarden.websocketinjector" -}}
|
||||||
|
{{- $path := list (include "vaultwarden.websocket" . | fromYaml) -}}
|
||||||
|
{{- if .Values.ingress.main.enabled }}
|
||||||
|
{{- range .Values.ingress.main.hosts }}
|
||||||
|
{{- $newpaths := list }}
|
||||||
|
{{- $newpaths := concat .paths $path }}
|
||||||
|
{{- $_ := set . "paths" ( deepCopy $newpaths ) -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* inject websocket paths in ingress */}}
|
||||||
|
{{- include "vaultwarden.websocketinjector" . }}
|
||||||
|
|
||||||
|
{{/* Render the templates */}}
|
||||||
|
{{ include "tc.v1.common.loader.apply" . }}
|
Loading…
Reference in New Issue