157 lines
6.0 KiB
YAML
157 lines
6.0 KiB
YAML
image:
|
|
repository: docker.io/vaultwarden/server
|
|
pullPolicy: IfNotPresent
|
|
tag: 1.30.5@sha256:edb8e2bab9cbca22e555638294db9b3657ffbb6e5d149a29d7ccdb243e3c71e0
|
|
|
|
betaImage:
|
|
repository: ghcr.io/timshel/vaultwarden
|
|
pullPolicy: IfNotPresent
|
|
tag: 1.30.5-9
|
|
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
port: 10102
|
|
targetPort: 8080
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
env:
|
|
DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
|
|
DATABASE_URL:
|
|
secretKeyRef:
|
|
name: cnpg-main-urls
|
|
key: std
|
|
envFrom:
|
|
- configMapRef:
|
|
name: vaultwardenconfig
|
|
- secretRef:
|
|
name: vaultwardensecret
|
|
database:
|
|
# -- Database type,
|
|
# must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
|
type: postgresql
|
|
# -- Enable DB Write-Ahead-Log for SQLite,
|
|
# disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
|
|
wal: true
|
|
## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
|
|
# url: ""
|
|
## Set the size of the database connection pool.
|
|
# maxConnections: 10
|
|
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
|
# retries: 15
|
|
# Set Bitwarden_rs application variables
|
|
vaultwarden:
|
|
# -- Allow any user to sign-up
|
|
# see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
|
|
allowSignups: true
|
|
## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
|
|
# signupDomains:
|
|
# - domain.tld
|
|
# -- Verify e-mail before login is enabled.
|
|
# SMTP must be enabled.
|
|
verifySignup: false
|
|
# When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
|
|
requireEmail: false
|
|
## Maximum attempts before an email token is reset and a new email will need to be sent.
|
|
# emailAttempts: 3
|
|
## Email token validity in seconds.
|
|
# emailTokenExpiration: 600
|
|
# Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
|
|
allowInvitation: true
|
|
# Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
|
|
## Default organization name in invitation e-mails that are not coming from a specific organization.
|
|
# defaultInviteName: ""
|
|
showPasswordHint: true
|
|
# Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
|
|
enableWebVault: true
|
|
# Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
|
|
orgCreationUsers: all
|
|
## Limit attachment disk usage per organization.
|
|
# attachmentLimitOrg:
|
|
## Limit attachment disk usage per user.
|
|
# attachmentLimitUser:
|
|
## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
|
|
# hibpApiKey:
|
|
|
|
admin:
|
|
# Enable admin portal.
|
|
enabled: false
|
|
# Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
|
|
disableAdminToken: false
|
|
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
|
|
# token:
|
|
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
|
|
smtp:
|
|
enabled: false
|
|
# SMTP hostname, required if SMTP is enabled.
|
|
host: ""
|
|
# SMTP sender e-mail address, required if SMTP is enabled.
|
|
from: ""
|
|
## SMTP sender name, defaults to 'Bitwarden_RS'.
|
|
# fromName: ""
|
|
## Enable SSL connection.
|
|
# security: starttls
|
|
## SMTP port. Defaults to 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL.
|
|
# port: 587
|
|
## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
|
|
# authMechanism: Plain
|
|
## Hostname to be sent for SMTP HELO. Defaults to pod name.
|
|
# heloName: ""
|
|
## SMTP timeout.
|
|
# timeout: 15
|
|
## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
|
# invalidHostname: false
|
|
## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
|
|
# invalidCertificate: false
|
|
## SMTP username.
|
|
# user: ""
|
|
## SMTP password. Required is user is specified, ignored if no user provided.
|
|
# password: ""
|
|
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
|
|
yubico:
|
|
enabled: false
|
|
## Yubico server. Defaults to YubiCloud.
|
|
# server:
|
|
## Yubico ID and Secret Key.
|
|
# clientId:
|
|
# secretKey:
|
|
## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host
|
|
push:
|
|
enabled: false
|
|
# installationId:
|
|
# installationKey:
|
|
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
|
|
log:
|
|
# Log to file.
|
|
file: ""
|
|
# Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
|
|
level: "trace"
|
|
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
|
|
# timeFormat: ""
|
|
icons:
|
|
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
|
|
disableDownload: false
|
|
## Cache time-to-live for icons fetched. 0 means no purging.
|
|
# cache: 2592000
|
|
## Cache time-to-live for icons that were not available. 0 means no purging.
|
|
# cacheFailed: 259200
|
|
persistence:
|
|
data:
|
|
enabled: true
|
|
mountPath: "/data"
|
|
cnpg:
|
|
main:
|
|
enabled: true
|
|
user: vaultwarden
|
|
database: vaultwarden
|
|
portal:
|
|
open:
|
|
enabled: true
|
|
ingress:
|
|
main:
|
|
required: true
|