From cfacf8f082aaf7c2cdd998e53ada305fcbcad6f0 Mon Sep 17 00:00:00 2001
From: William P <me@williamtpeebles.com>
Date: Tue, 4 Mar 2025 20:19:47 -0500
Subject: [PATCH] vaultwarden: deploy

---
 vaultwarden/cert-dubyatp-xyz.yaml | 10 ++++++++++
 vaultwarden/configmap.yaml        | 15 +++++++++++++++
 vaultwarden/deployment.yaml       | 29 +++++++++++++++++++++++++++++
 vaultwarden/ingress.yaml          | 22 ++++++++++++++++++++++
 vaultwarden/pvc.yaml              | 12 ++++++++++++
 vaultwarden/secret.yaml           | 25 +++++++++++++++++++++++++
 vaultwarden/svc.yaml              | 11 +++++++++++
 7 files changed, 124 insertions(+)
 create mode 100644 vaultwarden/cert-dubyatp-xyz.yaml
 create mode 100644 vaultwarden/configmap.yaml
 create mode 100644 vaultwarden/deployment.yaml
 create mode 100644 vaultwarden/ingress.yaml
 create mode 100644 vaultwarden/pvc.yaml
 create mode 100644 vaultwarden/secret.yaml
 create mode 100644 vaultwarden/svc.yaml

diff --git a/vaultwarden/cert-dubyatp-xyz.yaml b/vaultwarden/cert-dubyatp-xyz.yaml
new file mode 100644
index 0000000..dc95814
--- /dev/null
+++ b/vaultwarden/cert-dubyatp-xyz.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-dubyatp-xyz
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
+    replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
+  data:
+    tls.crt: ""
+    tls.key: ""
\ No newline at end of file
diff --git a/vaultwarden/configmap.yaml b/vaultwarden/configmap.yaml
new file mode 100644
index 0000000..48da546
--- /dev/null
+++ b/vaultwarden/configmap.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vaultwarden-config
+data:
+  DATA_FOLDER: config
+  DOMAIN: https://vaultwarden.dubyatp.xyz
+  SIGNUPS_ALLOWED: "false"
+  SMTP_FROM: bitwarden@em3532.williamtpeebles.com
+  SMTP_FROM_NAME: Vaultwarden
+  SMTP_HOST: smtp.sendgrid.net
+  SMTP_PORT: "587"
+  SMTP_SECURITY: starttls
+  SMTP_TIMEOUT: "15"
+  SMTP_USERNAME: apikey
diff --git a/vaultwarden/deployment.yaml b/vaultwarden/deployment.yaml
new file mode 100644
index 0000000..5eb1417
--- /dev/null
+++ b/vaultwarden/deployment.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+spec:
+  selector:
+    matchLabels:
+      app: vaultwarden
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      containers:
+      - name: vaultwarden
+        image: vaultwarden/server:1.33.2-alpine
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        envFrom:
+          - secretRef:
+              name: vaultwarden-secrets
+          - configMapRef:
+              name: vaultwarden-config
+      volumes:
+        - name: vaultwarden-pvc
+          persistentVolumeClaim:
+            claimName: vaultwarden-pvc
\ No newline at end of file
diff --git a/vaultwarden/ingress.yaml b/vaultwarden/ingress.yaml
new file mode 100644
index 0000000..f1a4a9f
--- /dev/null
+++ b/vaultwarden/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden
+  labels:
+    name: vaultwarden
+spec:
+  rules:
+  - host: vaultwarden.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: vaultwarden-svc
+            port: 
+              number: 80
+  tls:
+  - hosts:
+    - vaultwarden.dubyatp.xyz
+    secretName: cert-dubyatp-xyz
\ No newline at end of file
diff --git a/vaultwarden/pvc.yaml b/vaultwarden/pvc.yaml
new file mode 100644
index 0000000..deef715
--- /dev/null
+++ b/vaultwarden/pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden-pvc
+spec:
+  storageClassName: weyma-shared
+  resources:
+    requests:
+      storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
\ No newline at end of file
diff --git a/vaultwarden/secret.yaml b/vaultwarden/secret.yaml
new file mode 100644
index 0000000..ab22b50
--- /dev/null
+++ b/vaultwarden/secret.yaml
@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vaultwarden-secrets
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: vaultwarden-secrets
+    creationPolicy: Owner
+  data:
+    - secretKey: ADMIN_TOKEN
+      remoteRef:
+        key: vaultwarden
+        property: admin_token
+    - secretKey: HIBP_API_KEY
+      remoteRef:
+        key: vaultwarden
+        property: hibp_api_key
+    - secretKey: SMTP_PASSWORD
+      remoteRef:
+        key: vaultwarden
+        property: smtp_password
\ No newline at end of file
diff --git a/vaultwarden/svc.yaml b/vaultwarden/svc.yaml
new file mode 100644
index 0000000..6e84ed4
--- /dev/null
+++ b/vaultwarden/svc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden-svc
+spec:
+  type: ClusterIP
+  selector:
+    app: vaultwarden
+  ports:
+  - port: 80
+    targetPort: 80