# services/vaultwarden/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vaultwarden
  namespace: vaultwarden
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
  selector:
    matchLabels:
      app: vaultwarden
  template:
    metadata:
      labels:
        app: vaultwarden
    spec:
      containers:
        - name: vaultwarden
          image: vaultwarden/server:1.33.2
          env:
            - name: SIGNUPS_ALLOWED
              value: "false"
            - name: INVITATIONS_ALLOWED
              value: "true"
            - name: DOMAIN
              value: "https://vault.bstein.dev"
            - name: SMTP_HOST
              value: "mailu-front.mailu-mailserver.svc.cluster.local"
            - name: SMTP_PORT
              value: "25"
            - name: SMTP_SECURITY
              value: "starttls"
            - name: SMTP_ACCEPT_INVALID_HOSTNAMES
              value: "true"
            - name: SMTP_ACCEPT_INVALID_CERTS
              value: "true"
            - name: SMTP_FROM
              value: "postmaster@bstein.dev"
            - name: SMTP_FROM_NAME
              value: "Atlas Vaultwarden"
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-db-url
                  key: DATABASE_URL
            - name: ADMIN_TOKEN
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-admin
                  key: ADMIN_TOKEN
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          volumeMounts:
            - name: vaultwarden-data
              mountPath: /data
      volumes:
        - name: vaultwarden-data
          persistentVolumeClaim:
            claimName: vaultwarden-data