chore(bootstrap): Added vaultwarden to argocd

clusters/artemis/apps/kustomization.yaml

@@ -11,3 +11,4 @@ resources:
   - external-secrets
   - uptime-kuma
   - pocket-id
+  - vaultwarden

clusters/artemis/apps/vaultwarden/app-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: vaultwarden
+spec:
+  description: Password manager
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: 'vaultwarden'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artemis/apps/vaultwarden/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+  labels:
+    platform.dgse.cloud/cluster: artemis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: vaultwarden
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artemis/vaultwarden
+    targetRevision: HEAD
+  destination:
+    namespace: vaultwarden
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artemis/apps/vaultwarden/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

manifests/artemis/vaultwarden/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+helmCharts:
+  - name: vaultwarden
+    repo: https://guerzon.github.io/vaultwarden/
+    version: 0.31.8
+    releaseName: vaultwarden
+    namespace: vaultwarden
+    valuesFile: values.yaml

manifests/artemis/vaultwarden/values.yaml

@@ -0,0 +1,190 @@
+adminRateLimitMaxBurst: "3"
+adminRateLimitSeconds: "300"
+adminToken:
+  existingSecret: ""
+  existingSecretKey: ""
+  value: $argon2id$v=19$m=19456,t=2,p=1$Vkx1VkE4RmhDMUhwNm9YVlhPQkVOZk1Yc1duSDdGRVYzd0Y5ZkgwaVg0Yz0$PK+h1ANCbzzmEKaiQfCjWw+hWFaMKvLhG2PjRanH5Kk
+affinity: {}
+commonAnnotations: {}
+commonLabels: {}
+configMapAnnotations: {}
+database:
+  connectionRetries: 15
+  dbName: ""
+  existingSecret: ""
+  existingSecretKey: ""
+  host: ""
+  maxConnections: 10
+  password: ""
+  port: ""
+  type: default
+  uriOverride: ""
+  username: ""
+dnsConfig: {}
+domain: https://vault.dgse.cloud
+duo:
+  existingSecret: ""
+  hostname: ""
+  iKey: ""
+  sKey:
+    existingSecretKey: ""
+    value: ""
+emailChangeAllowed: "true"
+emergencyAccessAllowed: "true"
+emergencyNotifReminderSched: 0 3 * * * *
+emergencyRqstTimeoutSched: 0 7 * * * *
+enableServiceLinks: true
+eventCleanupSched: 0 10 0 * * *
+eventsDayRetain: ""
+experimentalClientFeatureFlags: null
+extendedLogging: "true"
+fullnameOverride: ""
+hibpApiKey: ""
+iconBlacklistNonGlobalIps: "true"
+iconRedirectCode: "302"
+iconService: internal
+image:
+  extraSecrets: []
+  extraVars: []
+  pullPolicy: IfNotPresent
+  pullSecrets: []
+  registry: docker.io
+  repository: vaultwarden/server
+  tag: 1.33.2-alpine
+ingress:
+  additionalAnnotations: {}
+  additionalHostnames: []
+  class: traefik
+  customHeadersConfigMap: {}
+  enabled: true
+  hostname: vault.dgse.cloud
+  labels: {}
+  nginxAllowList: ""
+  nginxIngressAnnotations: false
+  path: /
+  pathType: Prefix
+  tls: true
+  tlsSecret: vaultwarden-cert-secret
+initContainers: []
+invitationExpirationHours: "120"
+invitationOrgName: Vaultwarden
+invitationsAllowed: true
+ipHeader: X-Real-IP
+livenessProbe:
+  enabled: true
+  failureThreshold: 10
+  initialDelaySeconds: 5
+  path: /alive
+  periodSeconds: 10
+  successThreshold: 1
+  timeoutSeconds: 1
+logTimestampFormat: '%Y-%m-%d %H:%M:%S.%3f'
+logging:
+  logFile: ""
+  logLevel: ""
+nodeSelector:
+  node-role.kubernetes.io/worker: worker
+orgAttachmentLimit: ""
+orgCreationUsers: ""
+orgEventsEnabled: "false"
+orgGroupsEnabled: "false"
+podAnnotations: {}
+podDisruptionBudget:
+  enabled: false
+  maxUnavailable: null
+  minAvailable: 1
+podLabels: {}
+podSecurityContext: {}
+pushNotifications:
+  enabled: false
+  existingSecret: ""
+  identityUri: https://identity.bitwarden.com
+  installationId:
+    existingSecretKey: ""
+    value: ""
+  installationKey:
+    existingSecretKey: ""
+    value: ""
+  relayUri: https://push.bitwarden.com
+readinessProbe:
+  enabled: true
+  failureThreshold: 3
+  initialDelaySeconds: 5
+  path: /alive
+  periodSeconds: 10
+  successThreshold: 1
+  timeoutSeconds: 1
+replicas: 1
+requireDeviceEmail: "true"
+resourceType: ""
+resources: {}
+rocket:
+  address: 0.0.0.0
+  port: "8080"
+  workers: "10"
+securityContext: {}
+sendsAllowed: "true"
+service:
+  annotations: {}
+  ipFamilyPolicy: SingleStack
+  labels: {}
+  sessionAffinity: ""
+  sessionAffinityConfig: {}
+  type: ClusterIP
+serviceAccount:
+  create: true
+  name: vaultwarden-svc
+showPassHint: "false"
+sidecars: []
+signupDomains: ""
+signupsAllowed: false
+signupsVerify: "true"
+smtp:
+  acceptInvalidCerts: "false"
+  acceptInvalidHostnames: "false"
+  authMechanism: Plain
+  debug: false
+  existingSecret: smtp-creds
+  from: vault@dgse.cloud
+  fromName: '[DGSE] Vault'
+  host: mail.dgse.cloud
+  password:
+    existingSecretKey: password
+    value: ""
+  port: 465
+  security: force_tls
+  username:
+    existingSecretKey: username
+    value: ""
+startupProbe:
+  enabled: false
+  failureThreshold: 10
+  initialDelaySeconds: 5
+  path: /alive
+  periodSeconds: 10
+  successThreshold: 1
+  timeoutSeconds: 1
+storage:
+  attachments: {}
+  data:
+    accessMode: ReadWriteOnce
+    class: ""
+    keepPvc: false
+    name: vaultwarden-data
+    path: /data
+    size: 15Gi
+  existingVolumeClaim: {}
+strategy: {}
+timeZone: ""
+tolerations: []
+trashAutoDeleteDays: ""
+userAttachmentLimit: ""
+userSendLimit: ""
+webVaultEnabled: "true"
+yubico:
+  clientId: ""
+  existingSecret: ""
+  secretKey:
+    existingSecretKey: ""
+    value: ""
+  server: ""