apiVersion: apps/v1
kind: Deployment
metadata:
  name: vaultwarden
  namespace: sync
  labels:
    app: vaultwarden
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vaultwarden
  template:
    metadata:
      labels:
        app: vaultwarden
    spec:
      containers:
        - name: vaultwarden
          image: vaultwarden/server:1.30.5
          imagePullPolicy: IfNotPresent
          env:
            - name: WEBSOCKET_ENABLED
              value: "true"
            - name: SIGNUPS_ALLOWED
              value: "false"
            - name: DOMAIN
              value: "https://vw.hxme.net"
            - name: ADMIN_TOKEN
              value: "CHANGEME_SUPER_SECRET"
          ports:
            - containerPort: 80
              name: http
          volumeMounts:
            - name: data
              mountPath: /data
          resources:
            requests:
              cpu: 50m
              memory: 128Mi
            limits:
              cpu: 250m
              memory: 512Mi
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: bitwarden-data
---
apiVersion: v1
kind: Service
metadata:
  name: vaultwarden
  namespace: sync
  labels:
    app: vaultwarden
spec:
  type: ClusterIP
  selector:
    app: vaultwarden
  ports:
    - name: http
      port: 80
      targetPort: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: vaultwarden
  namespace: sync
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
    - host: vw.hxme.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: vaultwarden
                port:
                  number: 80
  tls:
    - hosts:
        - vw.hxme.net
      secretName: bitwarden-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: bitwarden-data
  namespace: sync
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi