icy does git — infra: f4617dd14ab94ae9c276f739aaf73254db4fdbe0

charts: add vaultwarden

Anirudh Oppiliappan x@icyphox.sh

Thu, 25 Jul 2024 13:39:26 +0300

commit

f4617dd14ab94ae9c276f739aaf73254db4fdbe0

parent

d41123ebb13e201e4af6b2fb4ad7631291462fc9

4 files changed, 61 insertions(+), 15 deletions(-)

jump to

apps/coredns/coredns.yaml

apps/legit/legit.yaml

cert-manager/pass.koti.lan

charts/vaultwarden.yaml

M apps/coredns/coredns.yaml → apps/coredns/coredns.yaml

@@ -9,6 +9,7 @@ rewrite name dav.koti.lan radicale.default.svc.koti.lan
         rewrite name feed.koti.lan miniflux.default.svc.koti.lan
         rewrite name g.koti.lan grafana.monitoring.svc.koti.lan
         rewrite name files.garage.koti.lan garage.default.svc.koti.lan
+        rewrite name pass.koti.lan koti-ingress-nginx-controller.ingress-nginx.svc.koti.lan
     }
 kind: ConfigMap
 metadata:

M apps/legit/legit.yaml → apps/legit/legit.yaml

@@ -19,8 +19,8 @@ spec:
       nodeSelector:
         kubernetes.io/hostname: denna
       securityContext:
-        runAsUser: 1001  # git
-        runAsGroup: 100  # users
+        runAsUser: 1001 # git
+        runAsGroup: 100 # users
       containers:
         - name: legit
           image: sini:5000/legit:latest
@@ -48,7 +48,7 @@ selector:
     app: legit
   ports:
     - name: legit-http
-      port: 5555 
+      port: 5555
       targetPort: 5555
 ---
 apiVersion: networking.k8s.io/v1
@@ -58,21 +58,24 @@ name: git.icyphox.sh
   namespace: default
   annotations:
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/configuration-snippet: |-
+      location /robots.txt {
+        return 200 "User-Agent: Amazonbot\nDisallow: /\n\nUser-Agent: AhrefsBot\nDisallow: /\n";
+      }
 spec:
   ingressClassName: nginx
   tls:
     - hosts:
-      - git.icyphox.sh
+        - git.icyphox.sh
       secretName: git-icyphox-sh-tls
   rules:
-  - host: git.icyphox.sh
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: legit
-            port:
-              number: 5555
-
+    - host: git.icyphox.sh
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: legit
+                port:
+                  number: 5555

A cert-manager/pass.koti.lan

@@ -0,0 +1,13 @@ 
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: pass-koti-lan
+  namespace: default
+spec:
+  secretName: pass-koti-lan
+  isCA: false
+  commonName: "pass.koti.lan"
+  dnsNames:
+  - "pass.koti.lan"
+  issuerRef:
+    name: koti-ca-issuer

A charts/vaultwarden.yaml

@@ -0,0 +1,29 @@ 
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: vaultwarden
+  namespace: default
+spec:
+  repo: https://guerzon.github.io/vaultwarden
+  chart: vaultwarden
+  targetNamespace: default
+  valuesContent: |-
+    image:
+      tag: testing-alpine
+    domain: "http://pass.koti.lan"
+    ingress:
+      enabled: true
+      hostname: pass.koti.lan
+      class: nginx
+      tls: true
+      tlsSecret: pass-koti-lan
+    database:
+      type: postgresql
+      existingSecret: vaultwarden-uri
+      existingSecretKey: uri
+    adminToken: {}
+    data:
+      name: vaultwarden-data
+      size: 2Gi
+      class: longhorn
+      keepPvc: true

all repos — infra @ f4617dd14ab94ae9c276f739aaf73254db4fdbe0

infrastructure manifests and setup notes