infrastructure/clusters/cl01tl/helm/vaultwarden/values.yaml

vaultwarden:
  controllers:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: vaultwarden/server
            tag: 1.35.3
            pullPolicy: IfNotPresent
          env:
            - name: DOMAIN
              value: https://passwords.alexlebens.dev
            - name: SIGNUPS_ALLOWED
              value: "false"
            - name: INVITATIONS_ALLOWED
              value: "false"
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-postgresql-18-cluster-app
                  key: uri
            - name: SSO_ENABLED
              value: true
            - name: SSO_SIGNUPS_MATCH_EMAIL
              value: true
            - name: SSO_AUTHORITY
              value: https://auth.alexlebens.dev/application/o/vaultwarden/
            - name: SSO_SCOPES
              value: "email profile offline_access"
            - name: SSO_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-oidc-secret
                  key: client
            - name: SSO_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-oidc-secret
                  key: secret
          resources:
            requests:
              cpu: 10m
              memory: 128Mi
  service:
    main:
      controller: main
      ports:
        http:
          port: 80
          targetPort: 80
          protocol: HTTP
  persistence:
    config:
      forceRename: vaultwarden-data
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
      retain: true
      advancedMounts:
        main:
          main:
            - path: /data
              readOnly: false
postgres-18-cluster:
  mode: recovery
  recovery:
    method: objectStore
    objectStore:
      index: 1
  backup:
    objectStore:
      - name: garage-local
        index: 1
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
      # - name: garage-remote
      #   index: 1
      #   destinationBucket: postgres-backups
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   retentionPolicy: "90d"
      #   data:
      #     compression: bzip2
      # - name: external
      #   index: 1
      #   endpointURL: https://nyc3.digitaloceanspaces.com
      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 0 * * *"
        backupName: garage-local
      # - name: weekly-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 4 * * SAT"
      #   backupName: garage-remote
      # - name: daily-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 0 * * *"
      #   backupName: external
volsync-target-data:
  pvcTarget: vaultwarden-data
  local:
    enabled: true
    schedule: 0 0 0 * * *
  remote:
    schedule: 0 0 0 * * *
  external:
    enabled: true
    schedule: 0 0 0 * * *