Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2025-03-12 16:47:03 +01:00
a048a1827a
Scripts to 'one click' vaultwarden deployment into Azure Cloud as container app (cheapest option) with enabled vaultwarden external storage on fileshare. It uses official vaultwarden container docker.io/vaultwarden/server:latest
170 Zeilen
3,7 KiB
Bicep
170 Zeilen
3,7 KiB
Bicep
@description('Storage Account type')
|
|
@allowed([
|
|
'Premium_LRS'
|
|
'Premium_ZRS'
|
|
'Standard_GRS'
|
|
'Standard_GZRS'
|
|
'Standard_LRS'
|
|
'Standard_RAGRS'
|
|
'Standard_RAGZRS'
|
|
'Standard_ZRS'
|
|
])
|
|
param storageAccountSKU string = 'Standard_LRS'
|
|
|
|
@description('Vaultwarden Admin API key used to access /admin page - minLength is 20')
|
|
@minLength(20)
|
|
@secure()
|
|
param AdminAPIKEY string = base64(newGuid())
|
|
|
|
@description('Number of CPU cores the container can use. Can be with a maximum of two decimals.')
|
|
@allowed([
|
|
'0.25'
|
|
'0.5'
|
|
'0.75'
|
|
'1'
|
|
'1.25'
|
|
'1.5'
|
|
'1.75'
|
|
'2'
|
|
])
|
|
param cpuCore string = '0.25'
|
|
|
|
@description('Amount of memory (in gibibytes, GiB) allocated to the container up to 4GiB. Can be with a maximum of two decimals. Ratio with CPU cores must be equal to 2.')
|
|
@allowed([
|
|
'0.5'
|
|
'1'
|
|
'1.5'
|
|
'2'
|
|
'3'
|
|
'3.5'
|
|
'4'
|
|
])
|
|
param memorySize string = '0.5'
|
|
|
|
var logWorkspaceName = 'vw-logwks${uniqueString(resourceGroup().id)}'
|
|
var storageAccountName = 'vwstorage${uniqueString(resourceGroup().id)}'
|
|
var location = resourceGroup().location
|
|
|
|
resource storageaccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
|
|
name: storageAccountName
|
|
location: location
|
|
kind: 'StorageV2'
|
|
sku: {
|
|
name: storageAccountSKU
|
|
}
|
|
properties:{
|
|
accessTier: 'Hot'
|
|
allowSharedKeyAccess: true
|
|
allowBlobPublicAccess: true
|
|
}
|
|
resource fileshare 'fileServices@2022-09-01'={
|
|
name: 'default'
|
|
resource vwardendata 'shares@2022-09-01'={
|
|
name: 'vw-data'
|
|
properties:{
|
|
accessTier: 'Hot'
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-10-01' = {
|
|
name: logWorkspaceName
|
|
location: location
|
|
properties: {
|
|
sku: {
|
|
name: 'PerGB2018'
|
|
}
|
|
retentionInDays: 30
|
|
}
|
|
}
|
|
|
|
|
|
resource containerAppEnv 'Microsoft.App/managedEnvironments@2022-06-01-preview'= {
|
|
name: 'appenv-vaultwarden${uniqueString(resourceGroup().id)}'
|
|
location: location
|
|
sku:{
|
|
name: 'Consumption'
|
|
}
|
|
properties:{
|
|
appLogsConfiguration:{
|
|
destination: 'log-analytics'
|
|
logAnalyticsConfiguration:{
|
|
customerId: logAnalyticsWorkspace.properties.customerId
|
|
sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey
|
|
}
|
|
}
|
|
}
|
|
resource storegeLink 'storages@2022-06-01-preview'={
|
|
name:'vw-data-link'
|
|
properties:{
|
|
azureFile:{
|
|
accessMode: 'ReadWrite'
|
|
accountKey: storageaccount.listKeys().keys[0].value
|
|
shareName: 'vw-data'
|
|
accountName: storageaccount.name
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource vwardenApp 'Microsoft.App/containerApps@2022-06-01-preview'= {
|
|
name: 'vaultwarden'
|
|
location: location
|
|
properties:{
|
|
environmentId: containerAppEnv.id
|
|
configuration:{
|
|
ingress:{
|
|
external: true
|
|
targetPort: 80
|
|
allowInsecure: true
|
|
traffic:[
|
|
{
|
|
latestRevision: true
|
|
weight: 100
|
|
}
|
|
]
|
|
}
|
|
}
|
|
template:{
|
|
containers:[
|
|
{
|
|
name: 'vaultwarden'
|
|
image: 'docker.io/vaultwarden/server:latest'
|
|
resources:{
|
|
cpu: json(cpuCore)
|
|
memory: '${memorySize}Gi'
|
|
}
|
|
|
|
volumeMounts:[
|
|
{
|
|
volumeName: 'vwdatashare'
|
|
mountPath: '/data'
|
|
}
|
|
]
|
|
env: [
|
|
{
|
|
name: 'ADMIN_TOKEN'
|
|
value: AdminAPIKEY
|
|
}
|
|
{
|
|
name: 'ENABLE_DB_WAL'
|
|
value: 'false'
|
|
}
|
|
]
|
|
}
|
|
]
|
|
volumes:[
|
|
{
|
|
name:'vwdatashare'
|
|
storageName: 'vw-data-link'
|
|
storageType: 'AzureFile'
|
|
}
|
|
]
|
|
scale:{
|
|
minReplicas: 1
|
|
maxReplicas: 4
|
|
}
|
|
}
|
|
}
|
|
}
|