vaultwarden: postgresql with SSL

seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml

@@ -2,6 +2,8 @@
 <rougail version="0.10">
   <services>
     <service name="systemd-machined">
+      <file>/etc/systemd/system/risotto-images.service</file>
+      <file>/etc/systemd/system/risotto-images.timer</file>
       <file>/etc/systemd/network/80-container-vz.network</file>
       <file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
       <file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>

seed/applicationservice/2022.03.08/vaultwarden/dictionaries/40_vaultwarden.xml

@@ -35,6 +35,11 @@
         <value>Vaultwarden</value>
       </variable>
     </family>
+    <family name="postgresql" description="PostgreSQL">
+      <variable name="pg_client_key_owner" redefine="True">
+        <value>vaultwarden</value>
+      </variable>
+    </family>
   </variables>
   <constraints>
     <fill name="get_password">

seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env

@@ -20,7 +20,7 @@ DATA_FOLDER=/srv/vaultwarden
 ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
 # DATABASE_URL=postgresql://user:password@host[:port]/database_name
 #>GNUNUX
-DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
+DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=/etc/pki/tls/certs/postgresql.crt&sslkey=/etc/pki/tls/private/postgresql.key&sslrootcert=/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
 #<GNUNUX
 
 ## Database max connections