From ebe34265a9d2a037406faae1411d9b7b17cac1aa Mon Sep 17 00:00:00 2001 From: Truxnell <9149206+truxnell@users.noreply.github.com> Date: Wed, 24 Apr 2024 09:24:37 +1000 Subject: [PATCH] feat: automerge vaultwarden --- .github/renovate/autoMerge.json5 | 1 + flyio/vaultwarden/fly.toml | 106 +++++++++++----------- flyio/vaultwarden/flyctl-secret.sops.yaml | 67 -------------- 3 files changed, 54 insertions(+), 120 deletions(-) delete mode 100644 flyio/vaultwarden/flyctl-secret.sops.yaml diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 index 9027684..a05d9bb 100644 --- a/.github/renovate/autoMerge.json5 +++ b/.github/renovate/autoMerge.json5 @@ -15,6 +15,7 @@ 'ghcr.io/onedr0p/lidarr', 'ghcr.io/onedr0p/prowlarr', 'ghcr.io/twin/gatus', + 'vaultwarden/server', ], }, diff --git a/flyio/vaultwarden/fly.toml b/flyio/vaultwarden/fly.toml index 1ffb03f..141c630 100644 --- a/flyio/vaultwarden/fly.toml +++ b/flyio/vaultwarden/fly.toml @@ -1,53 +1,53 @@ -app = "voltaicforge-vaultwarden" -primary_region = "syd" -kill_signal = "SIGINT" -kill_timeout = "5s" - -[experimental] - auto_rollback = true - -[build] - image = "vaultwarden/server:1.28.1@sha256:c56cba7d646584e73a17604f4d4e5aba95ee4198bbed6c919c9514d2ada97d04" - -[env] - DATABASE_URL = "data/db.sqlite3" - PASSWORD_ITERATIONS = "2000000" - PRIMARY_REGION = "syd" - SIGNUPS_ALLOWED = "false" - INVITATIONS_ALLOWED = "true" - SMTP_FROM_NAME = "Vault" - SMTP_SECURITY = "off" - SMTP_SSL = "true" - TZ = "Australia/Melbourne" - WEB_VAULT_ENABLED = "true" - WEB_VAULT_FOLDER = "web-vault" - DATA_FOLDER = "data" - -[[mounts]] - source = "vw_data_machines" - destination = "/data" - processes = ["app"] - -[[services]] - protocol = "tcp" - internal_port = 80 - processes = ["app"] - - [[services.ports]] - port = 80 - handlers = ["http"] - force_https = true - - [[services.ports]] - port = 443 - handlers = ["tls", "http"] - [services.concurrency] - type = "connections" - hard_limit = 25 - soft_limit = 20 - - [[services.tcp_checks]] - interval = "15s" - timeout = "2s" - grace_period = "1s" - restart_limit = 0 \ No newline at end of file +app = "voltaicforge-vaultwarden" +primary_region = "syd" +kill_signal = "SIGINT" +kill_timeout = "5s" + +[experimental] +auto_rollback = true + +[build] +image = "ghcr.io/dani-garcia/vaultwarden:1.30.5:sha256:edb8e2bab9cbca22e555638294db9b3657ffbb6e5d149a29d7ccdb243e3c71e0" + +[env] +DATABASE_URL = "data/db.sqlite3" +PASSWORD_ITERATIONS = "2000000" +PRIMARY_REGION = "syd" +SIGNUPS_ALLOWED = "false" +INVITATIONS_ALLOWED = "true" +SMTP_FROM_NAME = "Vault" +SMTP_SECURITY = "off" +SMTP_SSL = "true" +TZ = "Australia/Melbourne" +WEB_VAULT_ENABLED = "true" +WEB_VAULT_FOLDER = "web-vault" +DATA_FOLDER = "data" + +[[mounts]] +source = "vw_data_machines" +destination = "/data" +processes = ["app"] + +[[services]] +protocol = "tcp" +internal_port = 80 +processes = ["app"] + +[[services.ports]] +port = 80 +handlers = ["http"] +force_https = true + +[[services.ports]] +port = 443 +handlers = ["tls", "http"] +[services.concurrency] +type = "connections" +hard_limit = 25 +soft_limit = 20 + +[[services.tcp_checks]] +interval = "15s" +timeout = "2s" +grace_period = "1s" +restart_limit = 0 diff --git a/flyio/vaultwarden/flyctl-secret.sops.yaml b/flyio/vaultwarden/flyctl-secret.sops.yaml deleted file mode 100644 index cd7fd9b..0000000 --- a/flyio/vaultwarden/flyctl-secret.sops.yaml +++ /dev/null @@ -1,67 +0,0 @@ -FLY_ACCESS_TOKEN: ENC[AES256_GCM,data:RPwjhZ7i3zfeXF5W6+6mn6NbTgfLPlsH7YnlHUQVhfRhJPLhGFOj6+8OHZDXRBI=,iv:kJXd5P26orrvqkeQE4X2MClFry/Hg/5pFbjZRNrDZ50=,tag:FJqRG98IcNwFivIMU8u2Ag==,type:str] -FLY_APP: ENC[AES256_GCM,data:3N8HH1kQ6ytsRw6Ywh42oC16YylwEcdc,iv:OicMBC0rsEqLJxbxty2IIwdc7V3eJV++EyDQR2BLQ/c=,tag:2psevqccXLpWZN/bSo/9/Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdjhxMGF1MXpZSUt5RVp4 - NVhzM21iZWtjemVhWVA4Yi90M2RmNHJUeng0CkRTWlBnSlpXQkZ3UWZzdjNnRXVB - c3krbzE0WGRXMTFhS1NNeDdPQ0M4REEKLS0tIHlPVDlIcjVhaHRncTRZd1g1ckFs - UDY4ZlB5RGthbWNxeTU4a2hqd1owOTAK5HvbMYGC9T9P1FsoK66t/VWtYWSqJ/58 - +FdDeUyHvZs95HmNr+9pG0qJUzU3Qps5HV73izNFMlBLgxPxz/PBGw== - -----END AGE ENCRYPTED FILE----- - - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeGJ4dDBMRXdQMWdaeEk5 - TnI3cDF2TjhFbFl0aTlVTVdjOEVOaFZqVEVZClFRelJTejBhSTB4UTUvMVM1Nk5U - Z1FuUllSRytZQkhubG44RTFySTlhaVEKLS0tIE8wTHNoVEs3c1ZGb3g0MWJQVURo - THl5TXRsd0N5NmIySUlRZ2dVQjRXc0UK5ijtJhVdKAVvTLJ0M9HAdn1b9PAXmDnP - 8xxnq+qrbIDXwjxPk+61+prV87zZTm7NKZXSBtsQSFkgZGkc4CXNAg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQVh5TS9NWlpiOFVJZlZ2 - cWRvZEY0MzdUbDhjV1Rmc3VlSFM1Q2NsbFFFClQxK1o4SW10VUc2VzhaN2RwbVo2 - SXhXeG5aRGtsV1hEWXlWUVdRUnJZbnMKLS0tIGRFZURYZU9EcG1wWmZwRTNneWU0 - bGY1UitYSGhpdzBYWUdhQmRkNlA5UkUKKf4v4NN458LVpN8H950cbGnafxbEiWsr - X/UDEi4u62Nm+U9bBRDNtpILxTfrMyEvlSbnwMCuF/hiVKnx9tPwpg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqL09PL0F6dmxFVExvNXdm - ZU5mU3hXZk9zZkpRNEx3ZHBINXVjYkFoMUE0Ck14Tks1QlBEc1pHS29WTldKSm45 - NGtjYm9vZkJWUlBDNnFNcTdiY1ZaYUkKLS0tIHZpbUx6MXBUSjY1K2ZHQStNMENY - UFc4NG10d2loYmdHeGdVSlk2aUczaFkKNRoVjjkkoPfupq4G+luCIN1yHwXDfTGE - mxLcZOV2OWdzNSAQrGLtK4tzsm1hQtrpZVQ1c791u1uZpURg9CTowA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MU1GcEc1aThlL1dqYTJB - VHBZY1JBeVpHa2FjaERkaGV2bHp1OUV4UVVFCkg1NmU2aVNLZndzTnhzREZzaHhv - ZzEvdy9xamZkK0Vna3M1MW9yQ21oWjQKLS0tICtVMFp2NTF2U0FvV1ZlYmdWc1dD - UHRsd25GNHV5dXZCOWU1UEk4RVV4dGsKna6T46OCEKcToaznl4BrgQ1NdoPyUbH2 - 0vdQOc5XeAoCsbLS4Tj/d1OcyG2vF+P5AV9/Is/NUbLytjQl5t1CDg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrb05XYlR4YmhxeGNJTkFM - L0loaG9TVGJuUHdpMTJpbWJBdVh5M29Pc2lBCmVZWkZIUGMxRmR5cGdDRE9heXpm - d1R2Wk5pU3N0MTRHbk9yNDNjSGVEcGcKLS0tIC9mdS9UM2N4VDJOZTBDK0hMOHpY - c2FWOXk5c3M5WDJtUHlmV2FKUWRPNHcKIy1xzOTBYNOwHX4/NtRdZaom+SsY5C5G - YnqXyenlYxfSrxtKZj9rj2rZGbz2sGeFCGvSrKfyczgjcMcKXidMYA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-23T11:55:35Z" - mac: ENC[AES256_GCM,data:9r4ODui1do3mLu2Gk4hLsdjQ/tbTwE1LZcSfsix1V3vAkH2XRr6cS4pBo7fkrCpV7o/l2RLgdVc/FXQnWfrG7w2xGY32yi9Oem27pYZrunA6hBkBN91Xad2q0h35oTqfiNX7Q3THHAspc709F2P4I7f5PBULiWPQUTdu5nunv0c=,iv:3middRo3qKq88bZFM8c03hh/MtCq77NCdnUd5OgorZ0=,tag:19sFH7qI9zYxhoPQztnUWQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1