infrastructure/clusters/cl01tl/helm/vaultwarden/values.yaml

vaultwarden:
  controllers:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: vaultwarden/server
            tag: 1.34.3
            pullPolicy: IfNotPresent
          env:
            - name: DOMAIN
              value: https://passwords.alexlebens.dev
            - name: SIGNUPS_ALLOWED
              value: "false"
            - name: INVITATIONS_ALLOWED
              value: "false"
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-postgresql-18-cluster-app
                  key: uri
          resources:
            requests:
              cpu: 10m
              memory: 128Mi
  service:
    main:
      controller: main
      ports:
        http:
          port: 80
          targetPort: 80
          protocol: HTTP
  persistence:
    config:
      forceRename: vaultwarden-data
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
      retain: true
      advancedMounts:
        main:
          main:
            - path: /data
              readOnly: false
postgres-18-cluster:
  mode: recovery
  cluster:
    storage:
      storageClass: local-path
    walStorage:
      storageClass: local-path
  recovery:
    method: objectStore
    objectStore:
      destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-18-cluster
      endpointURL: http://garage-main.garage:3900
      index: 1
      endpointCredentials: vaultwarden-postgresql-18-cluster-backup-secret-garage
  backup:
    objectStore:
      - name: garage-local
        destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-18-cluster
        index: 1
        endpointURL: http://garage-main.garage:3900
        endpointCredentials: vaultwarden-postgresql-18-cluster-backup-secret-garage
        endpointCredentialsIncludeRegion: true
        retentionPolicy: "3d"
        isWALArchiver: true
      # - name: external
      #   destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-18-cluster
      #   index: 1
      #   retentionPolicy: "30d"
      #   isWALArchiver: false
      # - name: garage-remote
      #   destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-18-cluster
      #   index: 1
      #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
      #   endpointCredentials: vaultwarden-postgresql-18-cluster-backup-secret-garage
      #   retentionPolicy: "30d"
      #   data:
      #     compression: bzip2
      #     jobs: 2
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 0 * * *"
        backupName: garage-local
      # - name: daily-backup
      #   suspend: false
      #   immediate: true
      #   schedule: "0 0 0 * * *"
      #   backupName: external
      # - name: weekly-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 4 * * SAT"
      #   backupName: garage-remote
volsync-target-data:
  pvcTarget: vaultwarden-data
  local:
    schedule: 0 0 0 * * *
  remote:
    schedule: 0 0 0 * * *
  external:
    schedule: 0 0 0 * * *