update bitwarden role - use k8s-at-home/bitwardenrs patched helm

2021-01-18 19:37:29 +03:00
parent 814a48e3a7
commit 9a0074dea1
2 changed files with 75 additions and 21 deletions
--- a/roles/bitwarden/defaults/main.yaml
+++ b/roles/bitwarden/defaults/main.yaml
@@ -2,21 +2,80 @@ bitwarden_enabled: true
 bitwarden_publish: false
 bitwarden_use_external_db: true
 bitwarden_default_values:
+  fullnameOverride: "bitwarden"
+  bitwarden:
+    domain: "https://bitwarden.{{ domain }}"
+    signupsAllowed: true
+    invitationsAllowed: true
+    gui:
+      # If you set a different port here, you must also provide it under env
+      port: 80
+    websockets:
+      enabled: true
+      port: 3012
+    admin:
+      enabled: false
+      disableAdminToken: true
+      existingSecret:
+        enabled: false
+        name: ""
+        tokenKey: ""
+    # External database configuration.
+    # Requires bitwardenrs/server >= 1.17.0 or bitwardenrs/server-{mysql,postgres} images
+    # ref: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-MySQL-Backend
+    #      https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-PostgreSQL-Backend
+    externalDatabase:
+      enabled: true
+      # Supported values: 'mysql', 'postgresql'.
+      type: "postgresql"
+      # Database host. Required if external database is enabled.
+      host: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
+      # Database port. Optional, default value is specific to the database backend.
+      port: "5432"
+      # Database name.
+      database: "{{ bitwarden_db_name | default ('bitwarden') }}"
+      # Database user.
+      user: "{{ bitwarden_db_username }}"
+      # Database password. Special characters must be escaped with percent encoding.
+      password: "{{ bitwarden_db_password }}"
+      # Use existing secret for database credentials.
+      existingSecret:
+        enabled: false
+        name: ""
+        userKey: ""
+        # Special characters in the password value must be escaped with percent encoding.
+        passwordKey: ""
+    # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
+    smtp:
+      enabled: true
+      # SMTP hostname, required if SMTP is enabled
+      host: "mail.{{ domain }}"
+      # SMTP sender e-mail address, required if SMTP is enabled
+      from: "bitwarden@{{ domain }}"
+      # SMTP sender name, defaults to 'Bitwarden_RS'
+      fromName: "bitwarden"
+      # Enable SSL connection
+      ssl: true
+      # Enable EXPLICIT_TLS
+      explicitTLS: true
+      # SMTP port
+      port: 465
+      # SMTP username
+      user: "bitwarden@{{ domain }}"
+      # SMTP password. Required is user is specified, ignored if no user provided
+      password: "{{ bitwarden_ldap_pass | default(bitwarden_ldap_password) }}"
+      timeout: 120
  env:
-    SIGNUPS_ALLOWED: true
-    INVITATIONS_ALLOWED: true
-    DATABASE_URL: "postgresql://{{ bitwarden_db_username }}:{{ bitwarden_db_password }}@{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432/bitwarden?sslmode=require"
-    DOMAIN: "https://bitwarden.{{ domain }}"
-    SMTP_FROM: "bitwarden@{{ domain }}"
-    SMTP_HOST: "mail.{{ domain }}"
-    SMTP_PASSWORD: "{{ bitwarden_ldap_pass | default(bitwarden_ldap_password) }}"
-    SMTP_SSL: "true"
-    SMTP_EXPLICIT_TLS: "true"
-    SMTP_PORT: "465"
-    SMTP_USERNAME: "bitwarden@{{ domain }}"
-    SMTP_TIMEOUT: "120"
    LOG_LEVEL: "debug"
-    EXTENDED_LOGGING: "true"
+  # If you plan to run the WebUI on a port other than port 80, specify that here:
+  # For example, if running the container as a non-root user.
+  #  ROCKET_PORT: "80"
+  persistence:
+    enabled: true
+    accessMode: "{{ bitwarden_storage_mode | default('ReadWriteMany') }}"
+    size: "{{ bitwarden_size | default('8Gi') }}"
+    storageClass: "{{ bitwarden_storage | default('nfs-ssd') }}"
+    type: deployment
  ingress:
    enabled: true
    annotations:
@@ -25,16 +84,10 @@ bitwarden_default_values:
      cert-manager.io/acme-dns01-provider: "rfc2136"
      cert-manager.io/acme-challenge-type: "dns01"
      kubernetes.io/tls-acme: "true"
-    path: /
    hosts:
-      - "bitwarden.{{ domain }}"
+      - host: "bitwarden.{{ domain }}"
+        paths: ["/"]
    tls:
      - secretName: "bitwarden.{{ domain }}-tls"
        hosts:
          - "bitwarden.{{ domain }}"
-  persistence:
-    enabled: true
-    accessMode: "{{ bitwarden_storage_mode | default('ReadWriteMany') }}"
-    size: "{{ bitwarden_size | default('8Gi') }}"
-    storageClass: "{{ bitwarden_storage | default('nfs-ssd') }}"
-
--- a/roles/helm-repos/defaults/main.yaml
+++ b/roles/helm-repos/defaults/main.yaml
@@ -6,3 +6,4 @@ helm_repos:
  - { name: 'ingress-nginx', url: 'https://kubernetes.github.io/ingress-nginx' }
  - { name: 'stable', url: 'https://charts.helm.sh/stable' }
  - { name: 'nextcloud', url: 'https://nextcloud.github.io/helm' }
+  - { name: 'k8s-at-home', url: 'https://k8s-at-home.com/charts' }