apiversion: v1
kind: Pod
metadata:
  name: bitwarden-pod
  annotations:
    io.podman.annotations.infra.name: bitwarden-pod-infra
spec:
  containers:
  - name: vaultwarden
    image: docker.io/vaultwarden/server:alpine
    env:
    - name: SIGNUPS_ALLOWED
      value: false
    - name: DATABASE_URL
      value: "postgresql://postgres:<secret>@bitwarden-pod-postgres/vaultwarden"
    - name: ROCKET_PORT
      value: 3000
    ports:
    - containerport: 3000
      hostport: 1080
      protocol: TCP
    volumemounts:
    - mountpath: /data
      name: vaultwarden-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true

  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: bitwarden-secrets
          key: postgres-password
    volumemounts:
    - mountpath: /dump
      name: postgres-dump
    - mountpath: /var/lib/postgresql/data
      name: postgres-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true

  volumes:
  - persistentvolumeclaim:
      claimname: bitwarden-pod-vaultwarden-data
    name: vaultwarden-data
  - hostpath:
      path: <home>/.dump/bitwarden
      type: Directory
    name: postgres-dump
  - persistentvolumeclaim:
      claimname: bitwarden-pod-postgres-data
    name: postgres-data
  - hostPath:
      path: /etc/localtime
      type: File
    name: localtime