apiVersion: apps/v1
kind: Deployment
metadata:
  name: vaultwarden
  namespace: vaultwarden
  labels:
    app.kubernetes.io/name: vaultwarden
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: vaultwarden
  template:
    metadata:
      labels:
        app.kubernetes.io/name: vaultwarden
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
      containers:
        - securityContext:
            runAsUser: 1000
            runAsNonRoot: true
            runAsGroup: 1000
          name: vaultwarden
          image: vaultwarden/server:1.32.0
          env:
            - name: DOMAIN
              value: https://vaultwarden.cluster.edward.sydney
            - name: SIGNUPS_ALLOWED
              value: "true"
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secrets
                  key: db_url
          ports:
            - protocol: TCP
              containerPort: 80
              name: http
          volumeMounts:
            - name: vaultwarden-data
              mountPath: /data
      volumes:
        - name: vaultwarden-data
          hostPath:
            path: /mnt/nfs/AppData/vaultwarden/data
            type: Directory