apiversion: v1
kind: Pod
metadata:
  name: bitwarden-pod
  annotations:
    io.podman.annotations.infra.name: bitwarden-pod-infra
spec:
  containers:
  - name: vaultwarden
    image: docker.io/vaultwarden/server:latest-alpine
    env:
    - name: SIGNUPS_ALLOWED
      value: false
    - name: DATABASE_URL
      value: ""
    - name: ROCKET_PORT
      value: 3000
    ports:
    - containerport: 3000
      hostport: 
      protocol: TCP
    volumemounts:
    - name: vaultwarden-data
      mountpath: /data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true

  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: bitwarden-secrets
          key: postgres-password
    volumemounts:
    - name: postgres-dump
      mountpath: /dump
    - name: postgres-data
      mountpath: /var/lib/postgresql/data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true

  volumes:
  - name: vaultwarden-data
    persistentvolumeclaim:
      claimname: bitwarden-pod-vaultwarden-data
  - name: postgres-dump
    hostpath:
      path: $HOME/.dump/bitwarden
      type: Directory
  - name: postgres-data
    persistentvolumeclaim:
      claimname: bitwarden-pod-postgres-data
  - name: localtime
    hostPath:
      path: /etc/localtime
      type: File