---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pwd-deployment
  namespace: default
  labels:
    app: pwd
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pwd
  template:
    metadata:
      labels:
        app: pwd
      annotations:
        diun.enable: "true"
        diun.include_tags: '^\d+\.\d+\.\d+-alpine$'
    spec:
      containers:
        - image: vaultwarden/server:1.34.3-alpine
          name: vaultwarden
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
          env:
            - name: ENABLE_DB_WAL
              value: "false"
            - name: YUBICO_CLIENT_ID
              value: "72098"
            - name: YUBICO_SECRET_KEY
              value: U1m4/HNRXLcNIp9zDA6DWOpLiGA=
            - name: DOMAIN
              value: https://pwd.bodicsek.host
          volumeMounts:
            - name: vaultwarden-vol
              mountPath: /data
      volumes:
        - name: vaultwarden-vol
          hostPath:
            path: /mnt/bitwarden/
            type: Directory
---
apiVersion: v1
kind: Service
metadata:
  name: pwd
  namespace: default
  labels:
    app: pwd
spec:
  type: ClusterIP
  selector:
    app: pwd
  ports:
  - port: 80
    targetPort: 80
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: pwd.bodicsek.host
spec:
  secretName: pwd.bodicsek.host
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
    - pwd.bodicsek.host
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: pwd
  namespace: default
spec:
  entryPoints:
    - websecure
  routes:
  - kind: Rule
    match: Host(`pwd.bodicsek.host`)
    services:
    - kind: Service
      name: pwd
      namespace: default
      passHostHeader: true
      port: 80
  tls:
    secretName: pwd.bodicsek.host