infrastructure/clusters/cl01tl/applications/vaultwarden/values.yaml

vaultwarden:
  controllers:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: vaultwarden/server
            tag: 1.31.0
            pullPolicy: IfNotPresent
          env:
            - name: DOMAIN
              value: https://passwords.alexlebens.dev
            - name: SIGNUPS_ALLOWED
              value: "false"
            - name: INVITATIONS_ALLOWED
              value: "false"
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-postgresql-16-cluster-app
                  key: uri
          resources:
            requests:
              cpu: 100m
              memory: 256Mi
  serviceAccount:
    create: true
  service:
    main:
      controller: main
      ports:
        http:
          port: 80
          targetPort: 80
          protocol: HTTP
  persistence:
    data:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
      retain: true
      advancedMounts:
        main:
          main:
            - path: /data
              readOnly: false
cloudflared:
  existingSecretName: vaultwarden-cloudflared-secret
postgres-16-cluster:
  mode: standalone
  cluster:
    walStorage:
      storageClass: local-path
    storage:
      storageClass: local-path
    monitoring:
      enabled: true
      prometheusRule:
        enabled: false
  backup:
    enabled: true
    endpointURL: https://s3.us-east-2.amazonaws.com
    destinationPath: s3://cl01tl-postgresql-backups/vaultwarden
    endpointCredentials: vaultwarden-postgresql-16-cluster-backup-secret
    backupIndex: 1
    retentionPolicy: 14d