add vaultwarden daily backup CronJob to NFS

SQLite backup via Online Backup API + copy of RSA keys, attachments, sends, and config. 30-day retention with rotation. Pod affinity ensures co-scheduling with vaultwarden for RWO PVC access.
2026-03-15 00:03:59 +00:00 · 2026-03-15 00:03:59 +00:00 · 9acbcc7718
commit 9acbcc7718
parent 3c622659d8
127 changed files with 2521 additions and 413 deletions
--- a/stacks/webhook_handler/providers.tf
+++ b/stacks/webhook_handler/providers.tf
@ -1,8 +1,22 @@
 # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
+terraform {
+  required_providers {
+    vault = {
+      source  = "hashicorp/vault"
+      version = "~> 4.0"
+    }
+  }
+}
+
 variable "kube_config_path" {
  type    = string
  default = "~/.kube/config"
+}
+
+variable "vault_root_token" {
+  type      = string
  sensitive = true
+  default   = ""
 }

 provider "kubernetes" {
@ -14,3 +28,9 @@ provider "helm" {
    config_path = var.kube_config_path
  }
 }
+
+provider "vault" {
+  address          = "https://vault.viktorbarzin.me"
+  token            = var.vault_root_token
+  skip_child_token = true
+}