admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fixed geoip tag

Browse Source
This commit is contained in:
authentik Default Admin
2026-01-20 18:01:32 +01:00
parent 7595cbe4ad
commit 99548a235e
33 changed files with 2864 additions and 2863 deletions
Download Patch File Download Diff File Expand all files Collapse all files
vaultwarden-system/vaultwarden.yaml
+134 -134
View File
@@ -27,112 +27,112 @@ spec:
app.kubernetes.io/name: vaultwarden
spec:
containers:
- name: vaultwarden
image: vaultwarden/server:1.35.2
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Europe/Budapest
- name: DOMAIN
value: https://vaultwarden.dooplex.hu
- name: SIGNUPS_ALLOWED
value: "false"
- name: INVITATIONS_ALLOWED
value: "true"
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: vaultwarden-admin
key: admin-token
- name: WEBSOCKET_ENABLED
value: "true"
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: smtp-credentials
key: host
- name: SMTP_PORT
valueFrom:
secretKeyRef:
name: smtp-credentials
key: port
- name: SMTP_SECURITY
value: starttls
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: smtp-credentials
key: username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: smtp-credentials
key: password
- name: SMTP_FROM
valueFrom:
secretKeyRef:
name: smtp-credentials
key: from-address
- name: SMTP_FROM_NAME
value: Vaultwarden
- name: SSO_ENABLED
value: "true"
- name: SSO_AUTHORITY
value: "https://authentik.dooplex.hu/application/o/vaultwarden/"
- name: SSO_CLIENT_ID
valueFrom:
secretKeyRef:
name: vaultwarden-oauth
key: client-id
- name: SSO_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: vaultwarden-oauth
key: client-secret
- name: SSO_SCOPES
value: "openid email profile offline_access"
- name: SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION
value: "false"
- name: SSO_CLIENT_CACHE_EXPIRATION
value: "0"
- name: SSO_ONLY
value: "false" # Set to true to disable email+password login
- name: SSO_SIGNUPS_MATCH_EMAIL
value: "true"
ports:
- containerPort: 80
name: http
protocol: TCP
livenessProbe:
httpGet:
path: /alive
port: http
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /alive
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
volumeMounts:
- name: data
mountPath: /data
- name: vaultwarden
image: vaultwarden/server:1.35.2
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Europe/Budapest
- name: DOMAIN
value: https://vaultwarden.dooplex.hu
- name: SIGNUPS_ALLOWED
value: "false"
- name: INVITATIONS_ALLOWED
value: "true"
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: vaultwarden-admin
key: admin-token
- name: WEBSOCKET_ENABLED
value: "true"
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: smtp-credentials
key: host
- name: SMTP_PORT
valueFrom:
secretKeyRef:
name: smtp-credentials
key: port
- name: SMTP_SECURITY
value: starttls
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: smtp-credentials
key: username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: smtp-credentials
key: password
- name: SMTP_FROM
valueFrom:
secretKeyRef:
name: smtp-credentials
key: from-address
- name: SMTP_FROM_NAME
value: Vaultwarden
- name: SSO_ENABLED
value: "true"
- name: SSO_AUTHORITY
value: "https://authentik.dooplex.hu/application/o/vaultwarden/"
- name: SSO_CLIENT_ID
valueFrom:
secretKeyRef:
name: vaultwarden-oauth
key: client-id
- name: SSO_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: vaultwarden-oauth
key: client-secret
- name: SSO_SCOPES
value: "openid email profile offline_access"
- name: SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION
value: "false"
- name: SSO_CLIENT_CACHE_EXPIRATION
value: "0"
- name: SSO_ONLY
value: "false" # Set to true to disable email+password login
- name: SSO_SIGNUPS_MATCH_EMAIL
value: "true"
ports:
- containerPort: 80
name: http
protocol: TCP
livenessProbe:
httpGet:
path: /alive
port: http
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /alive
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: vaultwarden-data
- name: data
persistentVolumeClaim:
claimName: vaultwarden-data
---
apiVersion: v1
kind: Service
@@ -145,10 +145,10 @@ metadata:
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: vaultwarden
app.kubernetes.io/name: vaultwarden
@@ -162,7 +162,7 @@ metadata:
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($geoip2_city_country_code != "HU") {
if ($geoip2_country_code != "HU") {
return 403 "Access restricted to Hungary";
}
labels:
@@ -173,30 +173,30 @@ metadata:
spec:
ingressClassName: nginx-internal
rules:
- host: vaultwarden.dooplex.hu
http:
paths:
- backend:
service:
name: vaultwarden
port:
number: 80
path: /
pathType: Prefix
- host: vaultwarden.home
http:
paths:
- backend:
service:
name: vaultwarden
port:
number: 80
path: /
pathType: Prefix
- host: vaultwarden.dooplex.hu
http:
paths:
- backend:
service:
name: vaultwarden
port:
number: 80
path: /
pathType: Prefix
- host: vaultwarden.home
http:
paths:
- backend:
service:
name: vaultwarden
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- vaultwarden.dooplex.hu
secretName: vaultwarden-tls
- hosts:
- vaultwarden.dooplex.hu
secretName: vaultwarden-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -208,7 +208,7 @@ metadata:
namespace: vaultwarden-system
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
resources:
requests:
storage: 5Gi