From 428e8f4f87633d1d27ed6cbf64386adf5a4ded0a Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@cadoles.com>
Date: Sat, 21 May 2022 18:52:27 +0200
Subject: [PATCH] vaultwarden: postgresql with SSL

---
 .../host-systemd-machined/dictionaries/21-machined.xml       | 2 ++
 .../2022.03.08/vaultwarden/dictionaries/40_vaultwarden.xml   | 5 +++++
 .../2022.03.08/vaultwarden/templates/vaultwarden_config.env  | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml b/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
index 337b5fd..161a535 100644
--- a/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
+++ b/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
@@ -2,6 +2,8 @@
 <rougail version="0.10">
   <services>
     <service name="systemd-machined">
+      <file>/etc/systemd/system/risotto-images.service</file>
+      <file>/etc/systemd/system/risotto-images.timer</file>
       <file>/etc/systemd/network/80-container-vz.network</file>
       <file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
       <file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
diff --git a/seed/applicationservice/2022.03.08/vaultwarden/dictionaries/40_vaultwarden.xml b/seed/applicationservice/2022.03.08/vaultwarden/dictionaries/40_vaultwarden.xml
index aa4e1ff..9a9b7e4 100644
--- a/seed/applicationservice/2022.03.08/vaultwarden/dictionaries/40_vaultwarden.xml
+++ b/seed/applicationservice/2022.03.08/vaultwarden/dictionaries/40_vaultwarden.xml
@@ -35,6 +35,11 @@
         <value>Vaultwarden</value>
       </variable>
     </family>
+    <family name="postgresql" description="PostgreSQL">
+      <variable name="pg_client_key_owner" redefine="True">
+        <value>vaultwarden</value>
+      </variable>
+    </family>
   </variables>
   <constraints>
     <fill name="get_password">
diff --git a/seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env b/seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env
index a054459..f90aa81 100644
--- a/seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env
+++ b/seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env
@@ -20,7 +20,7 @@ DATA_FOLDER=/srv/vaultwarden
 ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
 # DATABASE_URL=postgresql://user:password@host[:port]/database_name
 #>GNUNUX
-DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
+DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=/etc/pki/tls/certs/postgresql.crt&sslkey=/etc/pki/tls/private/postgresql.key&sslrootcert=/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
 #<GNUNUX
 
 ## Database max connections