initial git commit saving configs

bitwarden/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 15.5.29
+digest: sha256:e02780f5fb6cf25d49477b43986ea907d96df3167f5a398a34eedad988c841e7
+generated: "2025-12-21T17:14:41.412181861Z"

bitwarden/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: bitwarden-lite
+description: Bitwarden Lite with Bitnami PostgreSQL subchart
+type: application
+version: 0.1.0
+appVersion: "1.32.0"
+
+dependencies:
+  - name: postgresql
+    version: 15.5.29
+    repository: https://charts.bitnami.com/bitnami

bitwarden/notes.md

@@ -0,0 +1,30 @@
+# Bitwarden lite
+
+https://bitwarden.com/help/install-and-deploy-lite
+
+
+```
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo update
+helm dependency build
+helm upgrade --install bitwarden . -f values.yaml -n bitwarden
+
+helm delete bitwarden -n bitwarden
+kubectl -n bitwarden rollout restart deploy/bitwarden-lite
+
+kubectl -n bitwarden create secret generic bitwarden-postgresql-auth \
+  --from-literal=postgres-password='pwdBitwardenSqlStorage' \
+  --from-literal=password='pwdBitwardenStorage'
+
+
+
+kubectl -n bitwarden create secret generic bitwarden-smtp \
+  --from-literal=globalSettings__mail__smtp__host='smtp.gmail.com' \
+  --from-literal=globalSettings__mail__smtp__ssl='starttls' \
+  --from-literal=globalSettings__mail__smtp__username='adrcpp@gmail.com' \
+  --from-literal=globalSettings__mail__smtp__password='agkp arhk yapp rafi' \
+  --from-literal=globalSettings__mail__replyToEmail='adrcpp@gmail.com'
+
+
+kubectl -n bitwarden get pods
+```

bitwarden/pv-bitwarden.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-bitwarden-data
+spec:
+  capacity:
+    storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+  - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: bitwarden-data
+  local:
+    path: /storage/bitwarden
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - master

bitwarden/pvc-bitwarden.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-bitwarden-data
+  namespace: bitwarden
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: bitwarden-data

bitwarden/templates/_helpers.tpl

@@ -0,0 +1,30 @@
+{{- define "bitwarden-lite.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "bitwarden-lite.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s" (include "bitwarden-lite.name" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "bitwarden-lite.labels" -}}
+app.kubernetes.io/name: {{ include "bitwarden-lite.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | quote }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "bitwarden-lite.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "bitwarden-lite.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}

bitwarden/templates/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "bitwarden-lite.fullname" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "bitwarden-lite.fullname" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "bitwarden-lite.fullname" . }}
+    spec:
+      containers:
+        - name: bitwarden
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8080
+          env:
+            - name: BW_DB_SERVER
+              value: {{ .Values.database.host | quote }}
+            - name: BW_DB_USERNAME
+              value: {{ .Values.database.user | quote }}
+            - name: BW_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.auth.existingSecret }}
+                  key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | quote }}
+            - name: BW_DB_DATABASE
+              value: {{ .Values.database.name | quote }}
+            - name: BW_DB_PROVIDER
+              value: "postgresql"
+            - name: BW_DOMAIN
+              value: {{ .Values.bitwarden.domain | quote }}
+            - name: globalSettings__hibpApiKey
+              value: {{ .Values.hibp.apiKey | quote }}
+            - name: BW_INSTALLATION_ID
+              value: {{ .Values.bitwarden.installation.id | quote }}
+            - name: BW_INSTALLATION_KEY
+              value: {{ .Values.bitwarden.installation.key | quote }}
+          envFrom:
+            - secretRef:
+                name: bitwarden-smtp
+          volumeMounts:
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ default (printf "%s-data" (include "bitwarden-lite.fullname" .)) .Values.persistence.existingClaim }}

bitwarden/templates/ingress.yaml

@@ -0,0 +1,55 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "bitwarden-lite.fullname" . }}
+  labels:
+    {{- include "bitwarden-lite.labels" . | nindent 4 }}
+  {{- if .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.bitwarden.domain | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: Prefix
+            {{- end }}
+            backend:
+              service:
+                name: {{ include "bitwarden-lite.fullname" . }}
+                port:
+                  number: {{ .Values.service.port }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              service:
+                name: {{ include "bitwarden-lite.fullname" . }}
+                port:
+                  number: {{ .Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}

bitwarden/templates/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "bitwarden-lite.fullname" . }}
+spec:
+  type: {{ .Values.service.type }}
+  selector:
+    app: {{ include "bitwarden-lite.fullname" . }}
+  ports:
+    - name: http
+      port: {{ .Values.service.port }}
+      targetPort: 8080

bitwarden/values.yaml

@@ -0,0 +1,81 @@
+image:
+  repository: ghcr.io/bitwarden/lite
+  tag: "2025.12.0"
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 8080
+
+ingress:
+  enabled: true
+  ingressClassName: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+  hosts:
+    - host: bitwarden.immich-ad.ovh
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: bitwarden-tls
+      hosts:
+        - bitwarden.immich-ad.ovh
+
+# Persist bitwarden data (attachments, icon cache, etc.)
+persistence:
+  enabled: true
+  existingClaim: pvc-bitwarden-data
+
+bitwarden:
+  # REQUIRED for secure cookies, web vault, etc.
+  domain: "bitwarden.immich-ad.ovh"
+  disableUserRegistration: false
+
+  installation:
+    id: "bca307eb-c177-4eb7-b6a6-b3ba0129ff3d"
+    key: "x4FBfkK4f1wDCuXWQdX9"
+
+  # SMTP optional
+  smtp:
+    enabled: false
+    host: ""
+    port: 587
+    username: ""
+    password:
+      existingSecret: ""
+      key: "SMTP_PASSWORD"
+    from: ""
+hibp:
+  apiKey: ""
+
+# Database config
+database:
+  name: bitwarden
+  user: bitwarden
+
+# Bitnami PostgreSQL subchart values
+postgresql:
+  enabled: true
+  image:
+    registry: docker.io
+    repository: bitnami/postgresql
+    tag: latest
+
+  auth:
+    username: bitwarden
+    database: bitwarden
+
+    # Upgrade-safe: point to an existing secret you create once
+    existingSecret: bitwarden-postgresql-auth
+    secretKeys:
+      adminPasswordKey: postgres-password
+      userPasswordKey: password
+
+  primary:
+    persistence:
+      enabled: true
+      existingClaim: pvc-bitwarden-data  # bind to precreated PVC if you want