apiVersion: batch/v1
kind: Job
metadata:
  name: vaultwarden-db-init
  namespace: pg-init
spec:
  ttlSecondsAfterFinished: 300
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: db-init
          image: postgres:17
          env:
            - name: PGHOST
              value: pgbouncer.default.svc.cluster.local
            - name: PGPORT
              value: "6432"
            - name: PGUSER
              value: pginit
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: pg-init-secret
                  key: password
            - name: VW_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-db-bootstrap-secret
                  key: password
          command:
            - bash
            - -c
            - |
              psql -c "CREATE DATABASE vaultwarden;" || true
              psql -c "CREATE USER vaultwarden WITH PASSWORD '${VW_DB_PASSWORD}';" || true
              psql -c "GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;" || true
              psql -d vaultwarden -c "GRANT ALL ON SCHEMA public TO vaultwarden;" || true