--wip-- [skipci]

kubernetes/lianalabs/apps/bitwarden/bitwarden/app/helmrelease.yaml

@@ -0,0 +1,58 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: bitwarden
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: self-host
+      version: 2024.11.0
+      sourceRef:
+        kind: HelmRepository
+        name: bitwarden
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  values:
+    admins: "${SECRET_ADMIN_EMAIL}"
+    disableUserRegistration: "false"
+    cloudRegion: US
+    enableCloudCommunication: true # Enable billing and license sync
+    sharedStorageClassName: local-nvme
+    volumeAccessMode: "ReadWriteOnce"
+    general:
+      domain: "bitwarden.${SECRET_EXTERNAL_DOMAIN}"
+      ingress:
+        enabled: true
+        className: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-production"
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/group: Home
+          gethomepage.dev/name: Bitwarden
+          gethomepage.dev/description: Password management
+          gethomepage.dev/icon: bitwarden
+        cert:
+          tls:
+            name: bitwarden-tls
+            clusterIssuer: letsencrypt-production
+      email:
+        smtpSsl: "false"
+        smtpPort: "465"
+        smtpHost: "${SECRET_SMTP_HOST}"
+        replyToEmail: "${SECRET_SMTP_FROM}"
+    secrets:
+      secretName: bitwarden-secret
+    database:
+      enabled: false
+    volume:
+      logs:
+        enabled: true

kubernetes/lianalabs/apps/bitwarden/bitwarden/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./secret.sops.yaml
+  - ./helmrelease.yaml

kubernetes/lianalabs/apps/bitwarden/bitwarden/app/secret.sops.yaml

@@ -0,0 +1,33 @@
+# yamllint disable
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+  name: bitwarden-secret
+stringData:
+  replyToEmail: ENC[AES256_GCM,data:9LdJSVlrF8Ac+hryQZB6EkPomFqbpJQ7YIrl0h1g,iv:4tnYxBohGkHP9M6Q8wWLvt77S69siViV+fwagAgQFGI=,tag:8gh2OtqPyptX0sqNN5sLgg==,type:str]
+  globalSettings__installation__id: ENC[AES256_GCM,data:qhIBpMrWf23TZVhmaTd8+CgQvvfy71v0xoWyFHYQ0nA79wOf,iv:tMzUHtutkaUpoyon+P3OozE/eWXvUPuPlNM1i2NVGx4=,tag:ydRr9KNpNf6RK2/FLl6/JQ==,type:str]
+  globalSettings__installation__key: ENC[AES256_GCM,data:P8/aPoc1BXFr/1WpMQeWWxuQS9k=,iv:hmCxCViuZjznkReJ9esYoC2oc1lMMjNisPs1rl4g3fw=,tag:rIQIkiod1cPa0fIykvejhw==,type:str]
+  globalSettings__mail__smtp__username: ENC[AES256_GCM,data:W6q+7nzyWWR5jm2eoOyKYoWxibff+qSPe6V8UZf3,iv:NgNj1h+RefSO28B9sjzGGBLvsi9tgKXbafE5XBYLPak=,tag:fM2m2g1lD9yn3s2pspNBxQ==,type:str]
+  globalSettings__mail__smtp__password: ENC[AES256_GCM,data:48VVjJvrvfzJKT+Ru8LDUIw7zDoMGWby2yKzZ6zGY2s2nUyqpNRuiNLv+wZPP8/EPts=,iv:Os7mUur9/0+IAHz3/rG0xG5WP3qFbT1NXUOds8WGBeI=,tag:4+YaY4W+SCGtVfxZCbq3eg==,type:str]
+  SA_PASSWORD: ENC[AES256_GCM,data:TZ3oxHnu+fOh/ftOnvhIMIyX2/YEj4sWXw/efWWao8eFPu4YMEWspHw6adRw8pvAS0EPsXax0QoYunaJjQXXfw==,iv:Gpyy2FcSpP+PR0uzyK+cUUD3Fr9E9B/aysKRX4BBHKA=,tag:bpIsbxqD/R9f1yRW8wfNBg==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOc1RiQ2NocExCai9VRk52
+        Y3BwZVl3aXhQUGF0SDcwd1A0TC94SHA5VWtBCk93SEEzeUozOGxMRlRhc1Y1SDl1
+        azlRbC8zL1RvZHZ5azNhanVXdXN4bVUKLS0tIGhNRjFNSlNhV08xWEIzaEIxNFMv
+        aDRWVXU4REFGVDdJNHhDYmZ0b0RxM0UKefaAHSLVAmLkgkHXAq2lDjX+F1i2m9PX
+        UArt+CSH1IoRLV8616q897WMFNUhMpxn5xjOLy7SlBe7PtQW1pmlzA==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-11-28T23:16:16Z"
+  mac: ENC[AES256_GCM,data:oCjRIPDfuVwTjKcA39IbjFyZe5/ttEpgzo+hfJXcJrlIUcMjhDEMr4XMOeQzcGACE0mdxAe1CskyRHPLOZUM5gQfJvbIabSf2JDArl/dCxtxM96HHJaPSfB0FE7HU+XFuhnMud73aUI4uY8za8NfvqkAzlaEEOst2NZ3nNI84Yc=,iv:ULt3KIEMFgGTjMLMzB7jQlX7i+jf3qfEeiulnWQv8rc=,tag:QrcQ/XPrBjpmmapWVaAEEw==,type:str]
+  pgp: []
+  encrypted_regex: ^(data|stringData)$
+  version: 3.9.1

kubernetes/lianalabs/apps/bitwarden/bitwarden/ks.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app bitwarden
+  namespace: flux-system
+spec:
+  targetNamespace: bitwarden
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/lianalabs/apps/bitwarden/bitwarden/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

kubernetes/lianalabs/apps/bitwarden/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  #- ./bitwarden/ks.yaml

kubernetes/lianalabs/apps/bitwarden/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bitwarden
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled