feat(vaultwarden): add SMTP configuration options and enhance signup settings

- Introduced SMTP settings for Vaultwarden including host, port, security, and authentication details.
- Added variables for signup verification, 2FA settings, password hints, and logging options.
- Updated Vaultwarden deployment to utilize new SMTP configurations.
- Enhanced Grafana module to support dynamic dashboard and datasource provisioning.
- Added LLM proxy configuration for Open Web UI with necessary environment variables.
This commit is contained in:
2026-05-30 23:24:44 +02:00
parent 350650ecc2
commit ec740f458f
89 changed files with 3154 additions and 856 deletions
+49 -10
View File
@@ -19,11 +19,38 @@ resource "kubernetes_config_map" "vaultwarden_config" {
namespace = kubernetes_namespace.vaultwarden.metadata[0].name
}
data = {
DOMAIN = "https://${local.app_fqdn}/"
SIGNUP = var.signup_enabled ? "true" : "false"
DATABASE_URL = "file:///data/db.sqlite3"
}
data = merge({
DOMAIN = "https://${local.app_fqdn}/"
SIGNUPS_ALLOWED = local.signup
SIGNUPS_VERIFY = local.signup_verify
DATABASE_URL = "/data/db.sqlite3"
ENABLE_WEBSOCKET = local.websocket_enabled
DISABLE_2FA_REMEMBER = local.disable_2fa_remember
SHOW_PASSWORD_HINT = local.show_password_hint
PASSWORD_HINTS_ALLOWED = local.password_hints_allowed
DISABLE_ICON_DOWNLOAD = local.disable_icon_download
ICON_SERVICE = local.icon_service
HTTP_REQUEST_BLOCK_NON_GLOBAL_IPS = local.http_request_block_non_global_ips
EXTENDED_LOGGING = local.extended_logging
SENDS_ALLOWED = local.sends_allowed
TRASH_AUTO_DELETE_DAYS = local.trash_auto_delete_days
EVENTS_DAYS_RETAIN = local.events_days_retain
ADMIN_SESSION_LIFETIME = local.admin_session_lifetime
USE_SENDMAIL = "false"
},
local.smtp_enabled ? {
SMTP_HOST = var.smtp_host
SMTP_PORT = tostring(var.smtp_port)
SMTP_SECURITY = var.smtp_security
SMTP_FROM = var.smtp_from
SMTP_FROM_NAME = var.smtp_from_name
SMTP_TIMEOUT = tostring(var.smtp_timeout)
SMTP_EMBED_IMAGES = var.smtp_embed_images ? "true" : "false"
SMTP_DEBUG = var.smtp_debug ? "true" : "false"
SMTP_ACCEPT_INVALID_CERTS = var.smtp_accept_invalid_certs ? "true" : "false"
SMTP_ACCEPT_INVALID_HOSTNAMES = var.smtp_accept_invalid_hostnames ? "true" : "false"
} : {}
)
}
resource "kubernetes_secret" "vaultwarden_secrets" {
@@ -32,9 +59,14 @@ resource "kubernetes_secret" "vaultwarden_secrets" {
namespace = kubernetes_namespace.vaultwarden.metadata[0].name
}
data = {
data = merge({
ADMIN_TOKEN = var.admin_token
}
},
local.smtp_enabled ? {
SMTP_USERNAME = var.smtp_username
SMTP_PASSWORD = var.smtp_password
} : {}
)
}
resource "kubernetes_deployment" "vaultwarden" {
@@ -62,7 +94,8 @@ resource "kubernetes_deployment" "vaultwarden" {
template {
metadata {
labels = {
app = "vaultwarden"
app = "vaultwarden"
config_checksum = md5(join("", values(kubernetes_config_map.vaultwarden_config.data)))
}
}
@@ -101,6 +134,11 @@ resource "kubernetes_deployment" "vaultwarden" {
}
}
env {
name = "ROCKET_PORT"
value = "8080"
}
security_context {
allow_privilege_escalation = false
privileged = false
@@ -114,7 +152,7 @@ resource "kubernetes_deployment" "vaultwarden" {
port {
name = "http"
container_port = 80
container_port = 8080
protocol = "TCP"
}
@@ -151,6 +189,7 @@ resource "kubernetes_deployment" "vaultwarden" {
name = "vaultwarden-data"
host_path {
path = local.db_path
type = "DirectoryOrCreate"
}
}
@@ -177,7 +216,7 @@ resource "kubernetes_service" "vaultwarden" {
port {
name = "http"
port = 80
target_port = 80
target_port = 8080
}
type = "ClusterIP"