diff --git a/docs/REFERENCE.md b/docs/REFERENCE.md index 3eae2a8..b0821b7 100644 --- a/docs/REFERENCE.md +++ b/docs/REFERENCE.md @@ -1063,6 +1063,46 @@ dind: - Gitea admin panel (`/admin/runners`) — runners show as Online - Create test workflow in `.gitea/workflows/test.yml` — job executes +### Vaultwarden + +**Chart**: `guerzon/vaultwarden` +**Version**: 0.36.4 (app v1.36.0-alpine) +**Namespace**: `vaultwarden` + +**Purpose**: Self-hosted Bitwarden-compatible password manager. + +**Configuration**: +```yaml +# infra/overlays/upc-dev/vaultwarden/ + infra/values/ +domain: "https://vaultwarden.forteapps.net" + +ingress: + enabled: true + class: "traefik" + tls: true + tlsSecret: vaultwarden-tls + hostname: bitwarden.forteapps.net + additionalAnnotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + +database: + type: postgresql + existingSecret: prod-db-creds + +storage: + data: 5Gi (ReadWriteOnce) + attachments: 5Gi (ReadWriteOnce) +``` + +**TLS**: cert-manager auto-provisions Let's Encrypt certificate via `letsencrypt-prod` ClusterIssuer (same pattern as Gitea, Grafana, etc). + +**Endpoints**: +- Web UI: `https://bitwarden.forteapps.net` + +**Secrets**: +- `prod-db-creds` — PostgreSQL credentials + SMTP credentials +- `vaultwarden-tls` — auto-managed by cert-manager + ### AI Code Review (ai-review) **Type**: Gitea Actions workflow (`.gitea/workflows/ai-review.yaml`) diff --git a/infra/values/upc-dev/vaultwarden-values.yaml b/infra/values/upc-dev/vaultwarden-values.yaml index dce2585..78a7c14 100644 --- a/infra/values/upc-dev/vaultwarden-values.yaml +++ b/infra/values/upc-dev/vaultwarden-values.yaml @@ -6,8 +6,11 @@ database: ingress: enabled: true class: "traefik" - tlsSecret: vw-forteapps-net-crt + tls: true + tlsSecret: vaultwarden-tls hostname: bitwarden.forteapps.net + additionalAnnotations: + cert-manager.io/cluster-issuer: letsencrypt-prod replicas: 1 # Multi-Attach error for volume "pvc-102ec9a4-dccd-4cba-bb4b-650f7d934c81" Volume is already used by pod(s) vaultwarden-7f568875c7-m9cgs